start::
CreateRestorePoint: 
CloseProcesses: 
GroupPolicy: Restriction ? <==== ATTENTION 
GroupPolicy\User: Restriction ? <==== ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings) 
ProxyEnable: [HKLM] => Proxy est activé. 
ProxyEnable: [HKLM-x32] => Proxy est activé. 
ProxyServer: [HKLM] => http=127.0.0.1:6061;https=127.0.0.1:6061 
ProxyServer: [HKLM-x32] => http=127.0.0.1:6061;https=127.0.0.1:6061 
AutoConfigURL: [HKLM] => http=127.0.0.1:6061;https=127.0.0.1:6061 
ManualProxies: 1http=127.0.0.1:6061;https=127.0.0.1:6061 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisreb_17_43_ssg02&cd=2XzuyEtN2Y1L1Qzu0DtDyDyByB0B0AyCtCtCtC0AzyyEtCyBtN0D0Tzu0StBtCtBtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0CtDtAzzyE0A0DtGyDyE0E0FtG0AyEyB0CtGtDyEtD0CtGyBtD0DtAtByDtD0BzzyEtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtDyCtByB0DyD0AtGtByC0AyEtGyEyCzy0AtG0B0F0EtBtGtAzytAtDtDtAyBtCyB0D0FtB2QtN0A0LzuyE&cr=132281005&ir=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisreb_17_43_ssg02&cd=2XzuyEtN2Y1L1Qzu0DtDyDyByB0B0AyCtCtCtC0AzyyEtCyBtN0D0Tzu0StBtCtBtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0CtDtAzzyE0A0DtGyDyE0E0FtG0AyEyB0CtGtDyEtD0CtGyBtD0DtAtByDtD0BzzyEtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtDyCtByB0DyD0AtGtByC0AyEtGyEyCzy0AtG0B0F0EtBtGtAzytAtDtDtAyBtCyB0D0FtB2QtN0A0LzuyE&cr=132281005&ir=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_43_ssg02&cd=2XzuyEtN2Y1L1Qzu0DtDyDyByB0B0AyCtCtCtC0AzyyEtCyBtN0D0Tzu0StBtCtBtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0CtDtAzzyE0A0DtGyDyE0E0FtG0AyEyB0CtGtDyEtD0CtGyBtD0DtAtByDtD0BzzyEtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtDyCtByB0DyD0AtGtByC0AyEtGyEyCzy0AtG0B0F0EtBtGtAzytAtDtDtAyBtCyB0D0FtB2QtN0A0LzuyE&cr=132281005&ir=&q={searchTerms} 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_43_ssg02&cd=2XzuyEtN2Y1L1Qzu0DtDyDyByB0B0AyCtCtCtC0AzyyEtCyBtN0D0Tzu0StBtCtBtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0CtDtAzzyE0A0DtGyDyE0E0FtG0AyEyB0CtGtDyEtD0CtGyBtD0DtAtByDtD0BzzyEtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtDyCtByB0DyD0AtGtByC0AyEtGyEyCzy0AtG0B0F0EtBtGtAzytAtDtDtAyBtCyB0D0FtB2QtN0A0LzuyE&cr=132281005&ir=&q={searchTerms} 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_43_ssg02&cd=2XzuyEtN2Y1L1Qzu0DtDyDyByB0B0AyCtCtCtC0AzyyEtCyBtN0D0Tzu0StBtCtBtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0CtDtAzzyE0A0DtGyDyE0E0FtG0AyEyB0CtGtDyEtD0CtGyBtD0DtAtByDtD0BzzyEtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtDyCtByB0DyD0AtGtByC0AyEtGyEyCzy0AtG0B0F0EtBtGtAzytAtDtDtAyBtCyB0D0FtB2QtN0A0LzuyE&cr=132281005&ir=&q={searchTerms} 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_43_ssg02&cd=2XzuyEtN2Y1L1Qzu0DtDyDyByB0B0AyCtCtCtC0AzyyEtCyBtN0D0Tzu0StBtCtBtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0CtDtAzzyE0A0DtGyDyE0E0FtG0AyEyB0CtGtDyEtD0CtGyBtD0DtAtByDtD0BzzyEtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtDyCtByB0DyD0AtGtByC0AyEtGyEyCzy0AtG0B0F0EtBtGtAzytAtDtDtAyBtCyB0D0FtB2QtN0A0LzuyE&cr=132281005&ir=&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-1796576296-477058736-2758871048-1002 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_43_ssg02&cd=2XzuyEtN2Y1L1Qzu0DtDyDyByB0B0AyCtCtCtC0AzyyEtCyBtN0D0Tzu0StBtCtBtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyC0CtDtAzzyE0A0DtGyDyE0E0FtG0AyEyB0CtGtDyEtD0CtGyBtD0DtAtByDtD0BzzyEtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtDyCtByB0DyD0AtGtByC0AyEtGyEyCzy0AtG0B0F0EtBtGtAzytAtDtDtAyBtCyB0D0FtB2QtN0A0LzuyE&cr=132281005&ir=&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-1796576296-477058736-2758871048-1002 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BA6C134DD-27C7-43C6-8D0B-E738D2720C9B%7D&gp=811610 
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\mikecoco\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2019-02-12] (LLC Mail.Ru -> Mail.Ru) 
CHR HomePage: Default -> inline.go.mail.ru 
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811610" 
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7BC407AF56-2E94-49E6-AD37-90C562987EE7%7D&gp=811610 
CHR DefaultSearchKeyword: Default -> go.mail.ru 
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms} 
CHR HKLM-x32\...\Chrome\Extension: [iepoegkaoeljnbhagabakjodgpfniimo] - hxxps://clients2.google.com/service/update2/crx 
CHR HKLM-x32\...\Chrome\Extension: [ikpcpgklmefncbfgbdifkaphbaapgafh] - hxxps://clients2.google.com/service/update2/crx 
R1 MDZjM; \??\C:\WINDOWS\system32\drivers\MDZjM [X] 
2019-02-12 06:00 - 2019-02-12 06:03 - 000000000 ___DC C:\Users\mikecoco\AppData\Roaming\infoSiw 
2019-02-12 06:00 - 2019-02-12 06:02 - 000000000 ___DC C:\Users\mikecoco\AppData\Roaming\ShopMore 
2019-02-12 06:00 - 2019-02-12 06:02 - 000000000 ___DC C:\Users\mikecoco\AppData\Local\Mail.Ru 
2019-02-12 06:00 - 2019-02-12 06:00 - 000001334 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G&#1086;ogle &#1057;hrom&#1077;.lnk 
2019-02-12 06:00 - 2019-02-12 06:00 - 000000000 ___DC C:\Users\mikecoco\AppData\Roaming\SPI 
2019-02-12 06:00 - 2019-02-12 06:00 - 000000000 ___DC C:\Users\mikecoco\AppData\Roaming\Browsers 
2019-02-12 06:00 - 2019-02-12 06:00 - 000000000 ___DC C:\ProgramData\Mail.Ru 
2019-02-11 09:49 - 2019-02-11 09:49 - 000151344 _____ C:\WINDOWS\system32\Drivers\MDZjM 
2019-01-24 06:06 - 2017-02-26 12:46 - 000000000 ___DC C:\Users\mikecoco\AppData\Local\MSfree Inc 
2019-02-12 06:00 - 2019-02-12 06:00 - 007970945 ____C () C:\Users\mikecoco\AppData\Local\Temp\s2s.exe 
2019-02-12 06:00 - 2019-02-12 06:00 - 000586113 ____C (ZRFXRD ) C:\Users\mikecoco\AppData\Local\Temp\Setup.exe 
2019-02-12 06:00 - 2019-02-12 06:00 - 009126360 ____C (Shop More ) C:\Users\mikecoco\AppData\Local\Temp\UpProSetup.exe 
2019-02-02 22:14 - 2019-02-02 22:14 - 000000000 ____C () C:\Users\mikecoco\AppData\Local\Temp\_kcorpdt.dll 
CustomCLSID: HKU\S-1-5-21-1796576296-477058736-2758871048-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-745CC8920C8C}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Pas de fichier 
Shortcut: C:\Users\mikecoco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int&#1077;rn&#1077;t Ex&#1088;lor&#1077;r.lnk -> C:\Users\mikecoco\AppData\Roaming\Browsers\exe.erolpxei.bat (Pas de fichier) <==== Cyrillic 
Shortcut: C:\Users\mikecoco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G&#1086;ogle &#1057;hrom&#1077;.lnk -> C:\Users\mikecoco\AppData\Roaming\Browsers\exe.emorhc.bat (Pas de fichier) <==== Cyrillic 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G&#1086;ogle &#1057;hrom&#1077;.lnk -> C:\Users\mikecoco\AppData\Roaming\Browsers\exe.emorhc.bat (Pas de fichier) <==== Cyrillic 
ShortcutWithArgument: C:\Users\mikecoco\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic 
C:\Users\mikecoco\AppData\Local\Temp\Setup.exe 
C:\WINDOWS\SECOH-QAD.dll 
C:\Program Files\KMSpico
RemoveProxy:
EmptyTemp: 
end::