start:: CreateRestorePoint: CloseProcesses: Hosts: RemoveProxy: Startup: C:\Users\DUBOIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinLOGON.vbs [2021-05-22] Task: {BBDD2288-8CDA-4350-A287-7A1E1209AF4E} - System32\Tasks\NSUZOLZKS => cmd.exe /c powershell -Ep ByPass -win 1 /noP -nolOgO -noNinteRacTi $check=Get-Process output -ErrorAction SilentlyContinue;if ($check -eq $null) Task: {E3E0BF1C-1EA1-4BD2-BB94-358EA130F40A} - System32\Tasks\btSVMiqSJ => cmd.exe /c powershell -Ep ByPass -win 1 /noP -nolOgO -noNinteRacTi $check=Get-Process output -ErrorAction SilentlyContinue;if ($check -eq $null) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 2021-05-27 14:45 - 2021-05-27 14:45 - 000000057 _____ C:\ProgramData\Ament.ini 2021-05-27 14:45 - 2021-05-27 14:45 - 000000000 ____D C:\ProgramData\Visan 2021-05-21 00:08 - 2021-05-21 00:08 - 000013522 _____ C:\WINDOWS\system32\Tasks\btSVMiqSJ 2021-05-20 23:13 - 2021-05-20 23:13 - 000008290 _____ C:\WINDOWS\system32\Tasks\NSUZOLZKS 2021-05-16 23:07 - 2021-05-16 23:11 - 000000000 ____D C:\Users\DUBOIS\AppData\Roaming\378658 2021-05-01 17:12 - 2021-05-01 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ObviousIdea 2021-05-01 17:12 - 2021-05-01 17:12 - 000000000 ____D C:\Program Files (x86)\ObviousIdea 2021-05-01 17:14 - 2019-06-22 00:32 - 000000000 ____D C:\Users\DUBOIS\AppData\Roaming\ObviousIdea BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-26] BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-3217639140-6081584-635649423-1001\...\StartupApproved\Run: => "DesktopNoteOK" EmptyTemp: cmd: ipconfig /flushdns cmd: netsh winsock reset cmd: sfc /scannow cmd: DISM /Online /Cleanup-image /Restorehealth end::