start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe 
BootExecute: autocheck autochk *
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll 
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll
FF HomepageOverride: Mozilla\Firefox\Profiles\i4byvvma.default-release -> Disabled: _pvMembers_@www.mapmywayfree.com
FF HomepageOverride: Mozilla\Firefox\Profiles\i4byvvma.default-release -> Disabled: web@00022358-d56d-4f5e-a89c-d4534d7c5565
FF HomepageOverride: Mozilla\Firefox\Profiles\i4byvvma.default-release -> Disabled: web@af1e58bc-4ead-11e8-81fc-065ad97f0000
FF NewTabOverride: Mozilla\Firefox\Profiles\i4byvvma.default-release -> Disabled: _pvMembers_@www.mapmywayfree.com
FF NewTabOverride: Mozilla\Firefox\Profiles\i4byvvma.default-release -> Disabled: web@00022358-d56d-4f5e-a89c-d4534d7c5565
FF NewTabOverride: Mozilla\Firefox\Profiles\i4byvvma.default-release -> Disabled: web@af1e58bc-4ead-11e8-81fc-065ad97f0000
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys 
S3 dbx; system32\DRIVERS\dbx.sys [X]
2021-02-02 10:43 - 2021-02-02 10:43 - 000001243 _____ C:\Users\Public\Desktop\Malware Hunter.lnk
2021-02-02 10:42 - 2021-02-02 10:42 - 076264592 _____ (Glarysoft Ltd) C:\Users\Bernard\Downloads\Malware_Hunter_v1.119.0.712.exe
CustomCLSID: HKU\S-1-5-21-1670754151-1075679263-2463197126-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1670754151-1075679263-2463197126-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Google\Update\1.3.35.423\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-1670754151-1075679263-2463197126-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Bernard\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => Pas de fichier
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> Pas de fichier
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> Pas de fichier
2014-12-25 20:14 - 2011-05-17 13:27 - 000028672 _____ () [Fichier non signé] C:\Windows\jmesoft\hidhook.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?q=
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q=
SearchScopes: HKU\S-1-5-21-1670754151-1075679263-2463197126-1001 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?q=
SearchScopes: HKU\S-1-5-21-1670754151-1075679263-2463197126-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q=
Handler: mso-minsb-roaming.16 - Pas de valeur CLSID
Handler: mso-minsb.16 - Pas de valeur CLSID
Handler: osf-roaming.16 - Pas de valeur CLSID
Handler: osf.16 - Pas de valeur CLSID
HKU\S-1-5-21-1670754151-1075679263-2463197126-1001\...\StartupApproved\Run: => "uTorrent"
EmptyTemp:
cmd: netsh advfirewall reset
cmd: ipconfig /flushdns
cmd: netsh winsock reset 
cmd: cscript %windir%\System32\slmgr.vbs /dli
end::