start::
closeprocesses:
createrestorepoint:
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3478552650-2853276301-3203046584-1001\...\localhost -> localhost 
CustomCLSID: HKU\S-1-5-21-3478552650-2853276301-3203046584-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\100po\AppData\Local\Microsoft\OneDrive\17.005.0107.0006\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3478552650-2853276301-3203046584-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\100po\AppData\Local\Microsoft\OneDrive\17.005.0107.0006\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3478552650-2853276301-3203046584-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\100po\AppData\Local\Microsoft\OneDrive\17.005.0107.0006\amd64\FileSyncShell64.dll => Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] 
BootExecute: autocheck autochk * sdnclean64.exe 
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!) 
virustotal: C:\Windows\SysWOW64\GameMon.des 
emptytemp:
end::