Start::
CloseProcesses:
CreateRestorePoint:
Removeproxy:
Hosts:
AlternateDataStreams: C:\WINDOWS:nlsPreferences [386]
AlternateDataStreams: C:\Users\lynyr:.repos [616631]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:8331D35A [302]
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1284899225-1928332732-1002248254-1001\...\localhost -> localhost
HKLM\...\StartupApproved\Run: => "emsisoft anti-malware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupremoService => ""="Service"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => D:\Logiciels\Adobe PDF\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
2020-12-06 01:06 - 2020-12-06 01:06 - 000000000 ___HD C:\BMvKG8HYya2oNXPf
2020-12-05 21:45 - 2016-12-27 18:45 - 000035760 _____ C:\WINDOWS\system32\ddmdrv.sys
2020-12-05 21:45 - 2016-12-27 18:45 - 000033200 _____ C:\WINDOWS\SysWOW64\ddmdrv.sys
2020-12-05 21:45 - 2016-09-29 09:44 - 001298584 _____ C:\WINDOWS\ddmmain.exe
2020-12-05 21:08 - 2020-12-05 21:10 - 000000290 __RSH C:\ProgramData\ntuser.pol
2020-12-05 21:01 - 2020-12-05 23:58 - 000000000 ____D C:\Users\lynyr\AppData\LocalLow\IGDump
2020-12-06 01:06 - 2020-12-06 01:06 - 000000000 ___HD C:\BMvKG8HYya2oNXPf
2020-12-05 20:20 - 2020-12-05 20:23 - 000000000 ____D C:\Program Files (x86)\w684tm95cfx1
2020-12-05 20:20 - 2020-12-05 20:20 - 000000000 ____D C:\Program Files (x86)\gdiview
2020-12-05 20:15 - 2020-12-05 20:15 - 000000000 ____D C:\ProgramData\ProductData
2020-12-05 20:15 - 2020-12-05 20:15 - 000000000 ____D C:\Program Files (x86)\IObit
2020-12-05 18:54 - 2020-12-06 14:37 - 000002506 _____ C:\WINDOWS\system32\Tasks\Trojan Remover
2020-12-05 17:14 - 2020-12-05 17:14 - 000000000 ____D C:\ProgramData\Loaris
2020-12-05 15:45 - 2020-12-05 15:46 - 000000000 ____D C:\ProgramData\27O4XKALBP
2020-12-05 14:57 - 2020-12-05 15:19 - 000000000 ____D C:\Users\lynyr\AppData\LocalLow\nb98wqnehe8bw89hb
2020-12-05 14:57 - 2020-12-05 14:57 - 000000013 _____ C:\ProgramData\kaosdma.txt
2020-12-05 14:43 - 2020-12-05 14:43 - 000001110 _____ C:\Users\lynyr\_readme.txt
2020-12-05 14:41 - 2020-12-05 14:41 - 000000562 _____ C:\Users\lynyr\AppData\Local\bowsakkdestx.txt
2020-12-05 14:41 - 2020-12-05 14:41 - 000000000 ____D C:\ProgramData\FUBUPNOIEC
2020-12-05 14:41 - 2020-12-05 14:41 - 000000000 ____D C:\ProgramData\B32T17V2OX
2019-03-26 16:30 - 2019-03-26 17:43 - 000000361 _____ () C:\Users\lynyr\AppData\Roaming\basic.ini
2020-01-22 13:02 - 2020-01-22 13:02 - 000041233 _____ () C:\Users\lynyr\AppData\Roaming\gtrfedyunhb.exe
2018-12-07 02:07 - 2019-10-01 12:23 - 000000600 _____ () C:\Users\lynyr\AppData\Roaming\winscp.rnd
2019-06-23 18:01 - 2019-07-07 16:22 - 000000426 _____ () C:\Users\lynyr\AppData\Local\BFR6lastusedsettings.dpt6
2020-12-05 14:41 - 2020-12-05 14:41 - 000000562 _____ () C:\Users\lynyr\AppData\Local\bowsakkdestx.txt
2019-09-06 09:30 - 2019-09-06 09:30 - 000004608 _____ () C:\Users\lynyr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
cmd: netsh winsock reset
Emptytemp: 
End::