Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_fptpeylhk2y2aegikmoqzd_19_29_ssg00鄉1=1鄉2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCyE0B0CyC0Azy0FtByE0EtN0D0Tzu0StByByDzztN1L2XzuyEtFyDtAtFtDtFtCyEzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyEzy0AyCyEtC0CtGyEzyyBzytGzzzztD0FtGyDtD0CtCtGyD0D0C0BtCyCzzyEtDyE0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1R1QyEyDyC1RyCtDtGyDtCyCzytGyEtDtC1OtGzzyCyDtCtGyCtDtBzzyD1R1OtDtCtCzzyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyCtAyBtByEtCtDyC%26cr%3D1888968379%26a%3Dwsg_fptpeylhk2y2aegikmoqzd_19_29_ssg00%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\S-1-5-21-2135671055-3479514983-3394580833-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_fptpeylhk2y2aegikmoqzd_19_29_ssg00鄉1=1鄉2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCyE0B0CyC0Azy0FtByE0EtN0D0Tzu0StByByDzztN1L2XzuyEtFyDtAtFtDtFtCyEzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyEzy0AyCyEtC0CtGyEzyyBzytGzzzztD0FtGyDtD0CtCtGyD0D0C0BtCyCzzyEtDyE0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1R1QyEyDyC1RyCtDtGyDtCyCzytGyEtDtC1OtGzzyCyDtCtGyCtDtBzzyD1R1OtDtCtCzzyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyCtAyBtByEtCtDyC%26cr%3D1888968379%26a%3Dwsg_fptpeylhk2y2aegikmoqzd_19_29_ssg00%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKU\S-1-5-21-2135671055-3479514983-3394580833-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_fptpeylhk2y2aegikmoqzd_19_29_ssg00鄉1=1鄉2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzytD0F0B0AyCyE0B0CyC0Azy0FtByE0EtN0D0Tzu0StByByDzztN1L2XzuyEtFyDtAtFtDtFtCyEzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyEzy0AyCyEtC0CtGyEzyyBzytGzzzztD0FtGyDtD0CtCtGyD0D0C0BtCyCzzyEtDyE0F0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1R1QyEyDyC1RyCtDtGyDtCyCzytGyEtDtC1OtGzzyCyDtCtGyCtDtBzzyD1R1OtDtCtCzzyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyCtAyBtByEtCtDyC%26cr%3D1888968379%26a%3Dwsg_fptpeylhk2y2aegikmoqzd_19_29_ssg00%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} 
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\am1662ay.default\user.js [2019-07-21] 
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ip0f5clq.default-release\user.js [2019-07-21] 
FF Extension: (Search Manager) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ip0f5clq.default-release\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi [2019-07-21] [UpdateUrl:hxxps://qupotomu.com/update?x=restype=ffjson] 
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} 
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej
R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4630632 2019-07-08] (Digital Communications Inc. -> Digital Communications Inc)
R2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [249448 2019-07-08] (Digital Communications Inc. -> Digital Communications Inc) 
2019-07-21 17:49 - 2019-07-21 17:56 - 000000000 ____D C:\Windows\System32\Tasks\{201BAF85-2676-6406-567A-17A892732ADD}
2019-07-21 17:49 - 2019-07-21 17:50 - 000000000 ____D C:\Users\user\AppData\Roaming\segurazoclient
2019-07-21 17:48 - 2019-07-22 18:46 - 000000000 ____D C:\Program Files (x86)\Segurazo
2019-07-21 17:48 - 2019-07-21 17:48 - 000000000 ____D C:\ProgramData\Segurazo 
c:\users\user\appdata\local\chromium
C:\Program Files (x86)\Segurazo
ContextMenuHandlers1: [SegurazoShellExtension.FileContextMenuExt] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Program Files (x86)\Segurazo\SegurazoShell64_v10128.dll [2019-07-08] (Digital Communications Inc. -> Digital Communications Inc) 
ContextMenuHandlers4: [SegurazoShellExtension.FileContextMenuExt] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Program Files (x86)\Segurazo\SegurazoShell64_v10128.dll [2019-07-08] (Digital Communications Inc. -> Digital Communications Inc) 
ContextMenuHandlers6: [SegurazoShellExtension.FileContextMenuExt] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Program Files (x86)\Segurazo\SegurazoShell64_v10128.dll [2019-07-08] (Digital Communications Inc. -> Digital Communications Inc)
AlternateDataStreams: C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201 [74]
AlternateDataStreams: C:\Windows:CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673 [74] 
EmptyTemp:
End::