start::
closeprocesses:
createrestorepoint:
virustotal: C:\Windows\AAct_Tools\AAct.exe
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
EndRegedit:
FirewallRules: [TCP Query User{D41FBAFD-E1F3-4209-B329-12BAD7734803}C:\windows\syswow64\explorer.exe] => (Block) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{EBD01C71-CE3E-4DB0-B293-9184E48B7DF1}C:\windows\syswow64\explorer.exe] => (Block) C:\windows\syswow64\explorer.exe (Microsoft Windows -> Microsoft Corporation) 
C:\Program Files\EnigmaSoft
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 1 
HKU\S-1-5-21-1705142343-845631360-3465436581-1002\...\Run: [clsgfe] => regsvr32.exe -s "C:\Users\Philippe\AppData\Roaming\Microsoft\Uzwvjur\hyxzlficiynm.dll"
C:\Users\Philippe\AppData\Roaming\Microsoft\Uzwvjur
HKU\S-1-5-21-1705142343-845631360-3465436581-1002\...\Policies\Explorer: [NoInstrumentation] 1 
Task: {0F35CB46-E1A0-49A6-A722-C087B72AFA5A} - System32\Tasks\Apple Diagnostics => C:\Users\Philippe\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2021-09-02] <==== ATTENTION (zéro octet Fichier/Dossier) 
C:\Users\Philippe\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe
CHR HomePage: Default -> hxxp://home.sweetim.com/?barid={15B325BD-DC60-11DF-8CD0-0060B3E38AFF} 
CHR HKU\S-1-5-21-1705142343-845631360-3465436581-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] 
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [14649632 2021-09-08] (EnigmaSoft Limited -> EnigmaSoft Limited) 
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [527136 2021-09-08] (EnigmaSoft Limited -> EnigmaSoft Limited) 
R3 EnigmaFileMonDriver; C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys [76744 2021-09-08] (EnigmaSoft Limited -> EnigmaSoft Limited) 
2021-09-08 13:12 - 2021-09-08 13:12 - 000076744 _____ (EnigmaSoft Limited) C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
2021-09-08 13:12 - 2021-09-08 13:12 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2021-09-08 13:12 - 2021-09-08 13:12 - 000001055 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2021-09-08 13:12 - 2021-09-08 13:12 - 000000000 ____D C:\sh5ldr
2021-09-08 13:12 - 2021-09-08 13:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2021-09-08 13:12 - 2021-09-08 13:12 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2021-09-08 13:12 - 2021-09-08 13:12 - 000000000 ____D C:\Program Files\EnigmaSoft
2021-09-08 13:11 - 2021-09-08 13:12 - 006673184 _____ (EnigmaSoft Limited) C:\Users\Philippe\Downloads\SpyHunter-Installer.exe 
emptytemp:
end::