start::
closeprocesses:
createrestorepoint:
virustotal: C:\windows\syswow64\dplaysvr.exe
virustotal: C:\WINDOWS\wininit.ini
CustomCLSID: HKU\S-1-5-21-351943338-2687526687-2628136919-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-90A584373E9F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-351943338-2687526687-2628136919-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe /Automation => Pas de fichier
CustomCLSID: HKU\S-1-5-21-351943338-2687526687-2628136919-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe => Pas de fichier
CustomCLSID: HKU\S-1-5-21-351943338-2687526687-2628136919-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2018\fr-FR\acadficn.dll => Pas de fichier
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Pas de fichier
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> Pas de fichier
Task: {EC41666F-5328-487B-AFCC-A628B5030914} - System32\Tasks\{2EE7042A-1500-436A-9B24-38F24927FA90} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.41.0.101/fr/go/help.faq.installer?LastError=1618
Task: {F35EF131-7DC6-42F7-991A-66378748A8CB} - System32\Tasks\ArcGIS Pro Indexing (MicrosoftAccount_delk_du_34@hotmail.com) => C:\Program Files\ArcGIS\Pro\bin\ArcGISIndexingServer.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\Users\Romain\Downloads\Image (11).jpg:3or4kl4x13tuuug3Byamue2s4b [99]
AlternateDataStreams: C:\Users\Romain\Downloads\Image (11).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Romain\Downloads\Image (12).jpg:3or4kl4x13tuuug3Byamue2s4b [99]
AlternateDataStreams: C:\Users\Romain\Downloads\Image (12).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Romain\Documents\carte etudiante.jpeg:3or4kl4x13tuuug3Byamue2s4b [99]
AlternateDataStreams: C:\Users\Romain\Documents\carte etudiante.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Romain\Documents\Image (6).jpg:3or4kl4x13tuuug3Byamue2s4b [99]
AlternateDataStreams: C:\Users\Romain\Documents\Image (6).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [UDP Query User{8E85F82C-030C-484D-BF06-3064A9918675}C:\users\romain\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\romain\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{996EEBC6-32BB-4707-A641-AD64D9CF3814}C:\users\romain\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\romain\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{49A57B6B-B802-4C3A-8EF0-22DA6823190A}C:\users\romain\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\romain\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{85855A99-16F7-49E2-97A9-CFE8C5BAEFEF}C:\users\romain\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\romain\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{B8D3942B-8590-4EFA-9ED7-F2F6F15F1E83}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{85206F56-D109-4C00-9F87-5472BE153CC2}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{F55AB3CB-FAB1-4651-8869-04115AB279BC}] => (Allow) C:\Users\Romain\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B2F46F25-FB60-409B-98FA-C7EBBA2A6F5D}] => (Allow) C:\Users\Romain\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78A1D3AE-3D89-4A85-ABD2-ACD7D4AD3595}] => (Allow) C:\Users\Romain\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B41034C-C5D1-4859-AA30-22E9BB4DCCA5}] => (Allow) C:\Users\Romain\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{18CECB3E-C6F7-4F91-BE5F-DE3BA4CDF3C7}] => (Allow) C:\Users\Romain\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43199178-B818-44A9-951A-0B72416AC15F}] => (Allow) C:\Users\Romain\AppData\Roaming\uTorrent\uTorrent.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
HKU\S-1-5-21-351943338-2687526687-2628136919-1001\...\Run: [FACEIT] => C:\Users\Romain\AppData\Local\FACEITApp\update.exe [2203584 2018-10-31] ()
HKU\S-1-5-21-351943338-2687526687-2628136919-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Romain\AppData\Local\Akamai\netsession_win.exe"
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll => Pas de fichier
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll Pas de fichier
[non trouvé(e)] <==== ATTENTION
FF ProfilePath: [core]
2018-12-05 14:15 - 2018-12-06 15:59 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-12-05 14:15 - 2018-12-05 14:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-12-05 14:14 - 2018-12-06 16:02 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-12-05 14:13 - 2018-12-05 14:13 - 000729960 _____ (Safer-Networking Ltd. ) C:\Users\Romain\Downloads\spybot2-license.exe
2018-11-07 19:32 - 2018-10-31 16:26 - 000000000 ____D C:\Users\Romain\AppData\Local\FACEITApp
2018-11-06 21:43 - 2018-10-31 16:27 - 000000000 ____D C:\Users\Romain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FACEIT Ltd
2018-11-06 21:43 - 2018-10-31 16:27 - 000000000 ____D C:\Users\Romain\AppData\Roaming\FACEIT
C:\Users\Romain\AppData\Roaming\PDAppFlex
C:\Users\Romain\AppData\Local\Tempzxpsign*
emptytemp:
end::