start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
HKU\S-1-5-21-2464438611-2309418101-1964316811-1001\...\Run: [Thanatos] => C:\Users\manuc\AppData\Roaming\.thanatos\ThanatosLauncher.jar [1718019 2016-03-27] ()
GroupPolicy: Restriction
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} <== Reinstall Software WinRAR32
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} <== Reinstall Software WinRAR32
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
2017-12-01 14:42 - 2017-12-05 09:07 - 000000000 ____D C:\Users\manuc\AppData\Roaming\.thanatos
2017-12-01 15:02 - 2017-09-05 06:26 - 001930840 _____ (Microsoft Corporation) C:\Users\manuc\AppData\Local\Temp\dllnt_dump.dll
2017-10-24 14:00 - 2017-10-24 14:00 - 001856576 _____ (Oracle Corporation) C:\Users\manuc\AppData\Local\Temp\jre-8u151-windows-au.exe
2017-09-24 14:45 - 2017-09-24 14:45 - 000065280 _____ () C:\Users\manuc\AppData\Local\Temp\utils.dll
CustomCLSID: HKU\S-1-5-21-2464438611-2309418101-1964316811-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\manuc\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2464438611-2309418101-1964316811-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\manuc\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-2464438611-2309418101-1964316811-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\manuc\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => Pas de fichier
AlternateDataStreams: C:\Users\manuc\AppData\Local\Temp:$DATA​ [16]
EmptyTemp:
end::