Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 14.11.2018
Exécuté par Karine (administrateur) sur MAISON (15-11-2018 18:23:18)
Exécuté depuis C:\Users\Karine\Desktop
Profils chargés: Karine & (Profils disponibles: Karine)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut non détecté(e)!)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC207\Monitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Acer) C:\Program Files (x86)\Acer Remote\ArcServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20083.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
() C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.400_none_eb2ff40c1d41442d\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] => C:\WINDOWS\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-09-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [329992 2015-06-17] (HP Development Company, L.P.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3505158192-861565398-15311041-1001\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Remote.lnk [2013-08-14]
ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer)
Startup: C:\Users\Karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2018-10-25]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{84514107-25a2-4bfe-8d9b-3ac63d2e1732}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3505158192-861565398-15311041-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3505158192-861565398-15311041-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google/
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google/
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google/
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> DefaultScope {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> DefaultScope {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> DefaultScope {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Toolbar: HKLM - Pas de nom - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Pas de fichier
Toolbar: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> hxxp://www.qo-pro.com/
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.qo-pro.com/
CHR StartupUrls: Default -> "hxxp://www.qo-pro.com/"
CHR Profile: C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default [2018-11-15]
CHR Extension: (Docs) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21]
CHR Extension: (Adblock Plus) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-15]
CHR Extension: (Recherche Google) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (Google Docs hors connexion) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-05]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-03] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-13] (EasyAntiCheat Ltd)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [Fichier non signé]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7391232 2013-09-27] (LeapFrog Enterprises, Inc.) [Fichier non signé]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 EasyAntiCheatSys; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [891192 2018-10-07] (EasyAntiCheat Oy)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-15] (Malwarebytes)
S3 PAC207; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [572928 2007-03-01] (PixArt Imaging Inc.)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2018-11-15 18:23 - 2018-11-15 18:29 - 000027110 _____ C:\Users\Karine\Desktop\FRST.txt
2018-11-15 18:22 - 2018-11-15 18:23 - 000000000 ____D C:\FRST
2018-11-15 18:20 - 2018-11-15 18:22 - 002416128 _____ (Farbar) C:\Users\Karine\Desktop\FRST64.exe
2018-11-15 16:41 - 2018-11-15 16:41 - 000000000 ____D C:\Users\Karine\AppData\Local\mbamtray
2018-11-15 16:41 - 2018-11-15 16:41 - 000000000 ____D C:\Users\Karine\AppData\Local\mbam
2018-11-15 16:40 - 2018-11-15 16:40 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-15 16:39 - 2018-11-15 16:39 - 000001924 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-15 16:39 - 2018-11-15 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-15 16:39 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-15 16:38 - 2018-11-15 16:38 - 000000000 ____D C:\ProgramData\MB2Migration
2018-11-15 16:38 - 2018-11-15 16:38 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-15 16:34 - 2018-11-15 16:36 - 079876624 _____ (Malwarebytes ) C:\Users\Karine\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7841.exe
2018-11-14 11:06 - 2018-11-14 11:06 - 000423241 _____ C:\Users\Karine\Desktop\mandat loyd.pdf
2018-11-13 21:54 - 2018-11-13 21:54 - 000000000 ____D C:\Users\Karine\AppData\Local\OneDrive
2018-11-13 21:43 - 2018-11-13 21:43 - 000000000 ____D C:\WINDOWS\Panther
2018-11-13 15:42 - 2018-11-13 15:42 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (4).pdf
2018-11-13 15:42 - 2018-11-13 15:42 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (3).pdf
2018-11-08 17:46 - 2018-11-08 17:46 - 000022406 _____ C:\Users\Karine\Downloads\accuse-enregistrement-tpc.pdf
2018-11-08 17:46 - 2018-11-08 17:46 - 000022406 _____ C:\Users\Karine\Downloads\accuse-enregistrement-tpc (1).pdf
2018-11-08 17:44 - 2018-11-08 17:44 - 000539905 _____ C:\Users\Karine\Downloads\cerfa_13757-03.pdf
2018-11-08 17:44 - 2018-11-08 17:44 - 000539905 _____ C:\Users\Karine\Downloads\cerfa_13757-03 (1).pdf
2018-11-08 16:59 - 2018-11-08 16:59 - 000031892 _____ C:\Users\Karine\Downloads\Facture (16).pdf
2018-11-08 16:58 - 2018-11-08 16:58 - 000031709 _____ C:\Users\Karine\Downloads\Facture (15).pdf
2018-11-08 16:58 - 2018-11-08 16:58 - 000031709 _____ C:\Users\Karine\Downloads\Facture (14).pdf
2018-11-08 16:58 - 2018-11-08 16:58 - 000031709 _____ C:\Users\Karine\Downloads\Facture (13).pdf
2018-11-08 16:56 - 2018-11-08 16:56 - 000031699 _____ C:\Users\Karine\Downloads\Facture (12).pdf
2018-11-08 16:56 - 2018-11-08 16:56 - 000031699 _____ C:\Users\Karine\Downloads\Facture (11).pdf
2018-11-08 16:53 - 2018-11-08 16:53 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (2).pdf
2018-11-07 12:35 - 2018-11-07 12:35 - 000502608 _____ C:\Users\Karine\Downloads\gift_card (5).pdf
2018-11-03 18:49 - 2018-11-03 18:49 - 000000000 ____D C:\Users\Karine\AppData\Local\Speech Graphics
2018-11-02 15:38 - 2018-11-02 15:38 - 000505987 _____ C:\Users\Karine\Desktop\Cerfa 103.pdf
2018-11-02 15:25 - 2018-11-02 15:25 - 000475002 _____ C:\Users\Karine\Desktop\jutificatif domicile.pdf
2018-11-02 15:21 - 2018-11-02 15:21 - 000281408 _____ C:\Users\Karine\Desktop\Carte grise 103.pdf
2018-10-25 16:49 - 2018-10-25 16:49 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (1).pdf
2018-10-25 15:05 - 2018-10-25 15:05 - 000483190 _____ C:\Users\Karine\Desktop\Impotts.pdf
2018-10-24 17:11 - 2018-10-24 17:11 - 000082059 _____ C:\Users\Karine\Downloads\ticket.pdf
2018-10-24 17:11 - 2018-10-24 17:11 - 000082059 _____ C:\Users\Karine\Downloads\ticket (1).pdf
2018-10-24 17:02 - 2018-10-24 17:04 - 001100577 _____ C:\Users\Karine\Desktop\generali.pdf
2018-10-24 16:12 - 2018-10-24 16:12 - 000004102 _____ C:\Users\Karine\Downloads\justificatif.pdf
2018-10-24 16:12 - 2018-10-24 16:12 - 000004102 _____ C:\Users\Karine\Downloads\justificatif (1).pdf
2018-10-17 10:46 - 2018-10-17 10:46 - 000169034 _____ C:\Users\Karine\Desktop\autorisation domiciliation.pdf
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2018-11-15 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-15 18:08 - 2018-08-27 17:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-15 17:47 - 2013-12-24 01:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-11-15 16:52 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-15 16:49 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-15 16:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-15 16:49 - 2017-12-14 14:17 - 000000000 ____D C:\Users\Karine\AppData\Local\Packages
2018-11-15 16:45 - 2013-08-14 19:34 - 000000000 ____D C:\Program Files (x86)\Acer Remote
2018-11-15 16:38 - 2014-09-06 15:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-15 16:35 - 2013-08-22 14:25 - 000000327 _____ C:\WINDOWS\win.ini
2018-11-15 16:33 - 2013-12-23 22:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-15 16:29 - 2018-08-27 18:16 - 001766590 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-15 16:29 - 2018-04-12 17:18 - 000789786 _____ C:\WINDOWS\system32\perfh00C.dat
2018-11-15 16:29 - 2018-04-12 17:18 - 000149318 _____ C:\WINDOWS\system32\perfc00C.dat
2018-11-15 16:24 - 2013-12-23 22:23 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-15 16:21 - 2018-08-27 18:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-15 16:20 - 2018-04-11 22:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-11-15 16:20 - 2017-07-14 13:24 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-15 16:20 - 2014-09-06 17:56 - 000000000 ____D C:\Program Files\Google
2018-11-15 16:20 - 2014-04-07 16:59 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-15 16:20 - 2013-12-23 21:09 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-15 16:19 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-15 16:06 - 2014-04-07 16:59 - 000000000 ____D C:\Users\Karine\AppData\Local\Google
2018-11-15 15:48 - 2018-08-28 13:37 - 000000000 ____D C:\Users\Karine\AppData\Local\D3DSCache
2018-11-15 15:37 - 2013-12-24 01:10 - 000000000 ___RD C:\Users\Karine\SkyDrive
2018-11-15 15:19 - 2018-09-08 15:00 - 000059890 _____ C:\WINDOWS\SysWOW64\stub.json
2018-11-14 18:32 - 2018-09-16 17:13 - 000000000 ____D C:\Users\Karine\AppData\Local\AVAST Software
2018-11-14 18:14 - 2018-09-13 18:37 - 000000000 ____D C:\Users\Karine\AppData\Local\CrashDumps
2018-11-14 13:11 - 2013-12-24 02:04 - 000000000 ___RD C:\Users\Karine\Documents\PERSONNEL
2018-11-14 11:59 - 2018-09-25 14:53 - 000000132 _____ C:\Users\Karine\AppData\Roaming\WB.CFG
2018-11-14 11:31 - 2018-08-27 18:48 - 000003918 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-14 11:31 - 2018-08-27 18:48 - 000003598 _____ C:\WINDOWS\System32\Tasks\ALUAgent
2018-11-14 11:31 - 2018-08-27 18:48 - 000003516 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-14 11:31 - 2018-08-27 18:48 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-14 11:31 - 2018-08-27 18:48 - 000003304 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-14 11:31 - 2018-08-27 18:48 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-14 11:31 - 2018-08-27 18:48 - 000003152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{622D1CA7-F25F-4509-B5A0-6402024BF3CA}
2018-11-14 11:31 - 2018-08-27 18:48 - 000002744 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3505158192-861565398-15311041-500
2018-11-14 11:31 - 2018-08-27 18:48 - 000002626 _____ C:\WINDOWS\System32\Tasks\ALU
2018-11-14 11:31 - 2018-08-27 18:48 - 000002508 _____ C:\WINDOWS\System32\Tasks\HPLJCustParticipation
2018-11-14 11:31 - 2018-08-27 18:48 - 000002392 _____ C:\WINDOWS\System32\Tasks\DeviceDetector
2018-11-14 11:31 - 2018-08-27 18:48 - 000002312 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2018-11-14 11:31 - 2018-08-27 18:48 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-11-14 11:31 - 2018-08-27 18:48 - 000002112 _____ C:\WINDOWS\System32\Tasks\Power Management
2018-11-14 11:31 - 2018-08-27 18:48 - 000002094 _____ C:\WINDOWS\System32\Tasks\Hotkey Utility
2018-11-14 11:31 - 2018-08-27 18:48 - 000001986 _____ C:\WINDOWS\System32\Tasks\{3C3B7326-5A0E-4C54-8E50-C9B0AEA526CF}
2018-11-14 11:31 - 2018-08-27 18:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-11-13 22:18 - 2018-08-27 17:56 - 000000000 ____D C:\Users\Karine
2018-11-13 21:55 - 2013-12-24 02:55 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-13 21:45 - 2013-12-23 10:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-13 11:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-13 11:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-13 07:51 - 2014-04-07 17:00 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-13 07:51 - 2014-04-07 17:00 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-08 14:17 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-10-17 10:10 - 2018-10-15 12:49 - 000470320 _____ C:\Users\Karine\Desktop\consuel.pdf
2018-10-16 09:25 - 2018-07-10 17:42 - 000000000 ____D C:\ProgramData\Packages
==================== Fichiers à la racine de certains dossiers =======
2018-09-25 14:53 - 2018-11-14 11:59 - 000000132 _____ () C:\Users\Karine\AppData\Roaming\WB.CFG
2014-05-16 16:10 - 2014-05-16 16:34 - 000000580 _____ () C:\Users\Karine\AppData\Local\cookies.ini
2018-01-07 17:17 - 2018-01-07 17:17 - 000000000 _____ () C:\Users\Karine\AppData\Local\{2A5A717A-D1ED-4243-8630-AEF3C52E51C9}
Certains fichiers dans TEMP:
====================
2018-11-13 21:52 - 2018-11-13 21:52 - 000000000 _____ () C:\Users\Karine\AppData\Local\Temp\6yorldgy.dll
2018-11-12 11:38 - 2018-11-12 11:38 - 000008192 _____ () C:\Users\Karine\AppData\Local\Temp\masgqvzi.dll
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2018-08-27 17:50
==================== Fin de FRST.txt ============================
Exécuté par Karine (administrateur) sur MAISON (15-11-2018 18:23:18)
Exécuté depuis C:\Users\Karine\Desktop
Profils chargés: Karine & (Profils disponibles: Karine)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut non détecté(e)!)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC207\Monitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Acer) C:\Program Files (x86)\Acer Remote\ArcServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20083.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
() C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.400_none_eb2ff40c1d41442d\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ===========================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] => C:\WINDOWS\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-09-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [329992 2015-06-17] (HP Development Company, L.P.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3505158192-861565398-15311041-1001\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Remote.lnk [2013-08-14]
ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer)
Startup: C:\Users\Karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2018-10-25]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{84514107-25a2-4bfe-8d9b-3ac63d2e1732}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3505158192-861565398-15311041-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3505158192-861565398-15311041-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google/
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google/
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google/
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> DefaultScope {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> DefaultScope {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> DefaultScope {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =
SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Toolbar: HKLM - Pas de nom - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Pas de fichier
Toolbar: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Toolbar: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> hxxp://www.qo-pro.com/
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.qo-pro.com/
CHR StartupUrls: Default -> "hxxp://www.qo-pro.com/"
CHR Profile: C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default [2018-11-15]
CHR Extension: (Docs) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21]
CHR Extension: (Adblock Plus) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-15]
CHR Extension: (Recherche Google) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (Google Docs hors connexion) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-05]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-03] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-13] (EasyAntiCheat Ltd)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [Fichier non signé]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7391232 2013-09-27] (LeapFrog Enterprises, Inc.) [Fichier non signé]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ======================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 EasyAntiCheatSys; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [891192 2018-10-07] (EasyAntiCheat Oy)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-15] (Malwarebytes)
S3 PAC207; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [572928 2007-03-01] (PixArt Imaging Inc.)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois - Créés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2018-11-15 18:23 - 2018-11-15 18:29 - 000027110 _____ C:\Users\Karine\Desktop\FRST.txt
2018-11-15 18:22 - 2018-11-15 18:23 - 000000000 ____D C:\FRST
2018-11-15 18:20 - 2018-11-15 18:22 - 002416128 _____ (Farbar) C:\Users\Karine\Desktop\FRST64.exe
2018-11-15 16:41 - 2018-11-15 16:41 - 000000000 ____D C:\Users\Karine\AppData\Local\mbamtray
2018-11-15 16:41 - 2018-11-15 16:41 - 000000000 ____D C:\Users\Karine\AppData\Local\mbam
2018-11-15 16:40 - 2018-11-15 16:40 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-15 16:39 - 2018-11-15 16:39 - 000001924 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-15 16:39 - 2018-11-15 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-15 16:39 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-15 16:38 - 2018-11-15 16:38 - 000000000 ____D C:\ProgramData\MB2Migration
2018-11-15 16:38 - 2018-11-15 16:38 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-15 16:34 - 2018-11-15 16:36 - 079876624 _____ (Malwarebytes ) C:\Users\Karine\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7841.exe
2018-11-14 11:06 - 2018-11-14 11:06 - 000423241 _____ C:\Users\Karine\Desktop\mandat loyd.pdf
2018-11-13 21:54 - 2018-11-13 21:54 - 000000000 ____D C:\Users\Karine\AppData\Local\OneDrive
2018-11-13 21:43 - 2018-11-13 21:43 - 000000000 ____D C:\WINDOWS\Panther
2018-11-13 15:42 - 2018-11-13 15:42 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (4).pdf
2018-11-13 15:42 - 2018-11-13 15:42 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (3).pdf
2018-11-08 17:46 - 2018-11-08 17:46 - 000022406 _____ C:\Users\Karine\Downloads\accuse-enregistrement-tpc.pdf
2018-11-08 17:46 - 2018-11-08 17:46 - 000022406 _____ C:\Users\Karine\Downloads\accuse-enregistrement-tpc (1).pdf
2018-11-08 17:44 - 2018-11-08 17:44 - 000539905 _____ C:\Users\Karine\Downloads\cerfa_13757-03.pdf
2018-11-08 17:44 - 2018-11-08 17:44 - 000539905 _____ C:\Users\Karine\Downloads\cerfa_13757-03 (1).pdf
2018-11-08 16:59 - 2018-11-08 16:59 - 000031892 _____ C:\Users\Karine\Downloads\Facture (16).pdf
2018-11-08 16:58 - 2018-11-08 16:58 - 000031709 _____ C:\Users\Karine\Downloads\Facture (15).pdf
2018-11-08 16:58 - 2018-11-08 16:58 - 000031709 _____ C:\Users\Karine\Downloads\Facture (14).pdf
2018-11-08 16:58 - 2018-11-08 16:58 - 000031709 _____ C:\Users\Karine\Downloads\Facture (13).pdf
2018-11-08 16:56 - 2018-11-08 16:56 - 000031699 _____ C:\Users\Karine\Downloads\Facture (12).pdf
2018-11-08 16:56 - 2018-11-08 16:56 - 000031699 _____ C:\Users\Karine\Downloads\Facture (11).pdf
2018-11-08 16:53 - 2018-11-08 16:53 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (2).pdf
2018-11-07 12:35 - 2018-11-07 12:35 - 000502608 _____ C:\Users\Karine\Downloads\gift_card (5).pdf
2018-11-03 18:49 - 2018-11-03 18:49 - 000000000 ____D C:\Users\Karine\AppData\Local\Speech Graphics
2018-11-02 15:38 - 2018-11-02 15:38 - 000505987 _____ C:\Users\Karine\Desktop\Cerfa 103.pdf
2018-11-02 15:25 - 2018-11-02 15:25 - 000475002 _____ C:\Users\Karine\Desktop\jutificatif domicile.pdf
2018-11-02 15:21 - 2018-11-02 15:21 - 000281408 _____ C:\Users\Karine\Desktop\Carte grise 103.pdf
2018-10-25 16:49 - 2018-10-25 16:49 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (1).pdf
2018-10-25 15:05 - 2018-10-25 15:05 - 000483190 _____ C:\Users\Karine\Desktop\Impotts.pdf
2018-10-24 17:11 - 2018-10-24 17:11 - 000082059 _____ C:\Users\Karine\Downloads\ticket.pdf
2018-10-24 17:11 - 2018-10-24 17:11 - 000082059 _____ C:\Users\Karine\Downloads\ticket (1).pdf
2018-10-24 17:02 - 2018-10-24 17:04 - 001100577 _____ C:\Users\Karine\Desktop\generali.pdf
2018-10-24 16:12 - 2018-10-24 16:12 - 000004102 _____ C:\Users\Karine\Downloads\justificatif.pdf
2018-10-24 16:12 - 2018-10-24 16:12 - 000004102 _____ C:\Users\Karine\Downloads\justificatif (1).pdf
2018-10-17 10:46 - 2018-10-17 10:46 - 000169034 _____ C:\Users\Karine\Desktop\autorisation domiciliation.pdf
==================== Un mois - Modifiés - fichiers et dossiers ========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2018-11-15 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-15 18:08 - 2018-08-27 17:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-15 17:47 - 2013-12-24 01:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-11-15 16:52 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-15 16:49 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-15 16:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-15 16:49 - 2017-12-14 14:17 - 000000000 ____D C:\Users\Karine\AppData\Local\Packages
2018-11-15 16:45 - 2013-08-14 19:34 - 000000000 ____D C:\Program Files (x86)\Acer Remote
2018-11-15 16:38 - 2014-09-06 15:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-15 16:35 - 2013-08-22 14:25 - 000000327 _____ C:\WINDOWS\win.ini
2018-11-15 16:33 - 2013-12-23 22:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-15 16:29 - 2018-08-27 18:16 - 001766590 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-15 16:29 - 2018-04-12 17:18 - 000789786 _____ C:\WINDOWS\system32\perfh00C.dat
2018-11-15 16:29 - 2018-04-12 17:18 - 000149318 _____ C:\WINDOWS\system32\perfc00C.dat
2018-11-15 16:24 - 2013-12-23 22:23 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-15 16:21 - 2018-08-27 18:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-15 16:20 - 2018-04-11 22:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-11-15 16:20 - 2017-07-14 13:24 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-15 16:20 - 2014-09-06 17:56 - 000000000 ____D C:\Program Files\Google
2018-11-15 16:20 - 2014-04-07 16:59 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-15 16:20 - 2013-12-23 21:09 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-15 16:19 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-15 16:06 - 2014-04-07 16:59 - 000000000 ____D C:\Users\Karine\AppData\Local\Google
2018-11-15 15:48 - 2018-08-28 13:37 - 000000000 ____D C:\Users\Karine\AppData\Local\D3DSCache
2018-11-15 15:37 - 2013-12-24 01:10 - 000000000 ___RD C:\Users\Karine\SkyDrive
2018-11-15 15:19 - 2018-09-08 15:00 - 000059890 _____ C:\WINDOWS\SysWOW64\stub.json
2018-11-14 18:32 - 2018-09-16 17:13 - 000000000 ____D C:\Users\Karine\AppData\Local\AVAST Software
2018-11-14 18:14 - 2018-09-13 18:37 - 000000000 ____D C:\Users\Karine\AppData\Local\CrashDumps
2018-11-14 13:11 - 2013-12-24 02:04 - 000000000 ___RD C:\Users\Karine\Documents\PERSONNEL
2018-11-14 11:59 - 2018-09-25 14:53 - 000000132 _____ C:\Users\Karine\AppData\Roaming\WB.CFG
2018-11-14 11:31 - 2018-08-27 18:48 - 000003918 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-14 11:31 - 2018-08-27 18:48 - 000003598 _____ C:\WINDOWS\System32\Tasks\ALUAgent
2018-11-14 11:31 - 2018-08-27 18:48 - 000003516 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-14 11:31 - 2018-08-27 18:48 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-14 11:31 - 2018-08-27 18:48 - 000003304 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-14 11:31 - 2018-08-27 18:48 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-14 11:31 - 2018-08-27 18:48 - 000003152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{622D1CA7-F25F-4509-B5A0-6402024BF3CA}
2018-11-14 11:31 - 2018-08-27 18:48 - 000002744 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3505158192-861565398-15311041-500
2018-11-14 11:31 - 2018-08-27 18:48 - 000002626 _____ C:\WINDOWS\System32\Tasks\ALU
2018-11-14 11:31 - 2018-08-27 18:48 - 000002508 _____ C:\WINDOWS\System32\Tasks\HPLJCustParticipation
2018-11-14 11:31 - 2018-08-27 18:48 - 000002392 _____ C:\WINDOWS\System32\Tasks\DeviceDetector
2018-11-14 11:31 - 2018-08-27 18:48 - 000002312 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2018-11-14 11:31 - 2018-08-27 18:48 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-11-14 11:31 - 2018-08-27 18:48 - 000002112 _____ C:\WINDOWS\System32\Tasks\Power Management
2018-11-14 11:31 - 2018-08-27 18:48 - 000002094 _____ C:\WINDOWS\System32\Tasks\Hotkey Utility
2018-11-14 11:31 - 2018-08-27 18:48 - 000001986 _____ C:\WINDOWS\System32\Tasks\{3C3B7326-5A0E-4C54-8E50-C9B0AEA526CF}
2018-11-14 11:31 - 2018-08-27 18:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-11-13 22:18 - 2018-08-27 17:56 - 000000000 ____D C:\Users\Karine
2018-11-13 21:55 - 2013-12-24 02:55 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-13 21:45 - 2013-12-23 10:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-13 11:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-13 11:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-13 07:51 - 2014-04-07 17:00 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-13 07:51 - 2014-04-07 17:00 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-08 14:17 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-10-17 10:10 - 2018-10-15 12:49 - 000470320 _____ C:\Users\Karine\Desktop\consuel.pdf
2018-10-16 09:25 - 2018-07-10 17:42 - 000000000 ____D C:\ProgramData\Packages
==================== Fichiers à la racine de certains dossiers =======
2018-09-25 14:53 - 2018-11-14 11:59 - 000000132 _____ () C:\Users\Karine\AppData\Roaming\WB.CFG
2014-05-16 16:10 - 2014-05-16 16:34 - 000000580 _____ () C:\Users\Karine\AppData\Local\cookies.ini
2018-01-07 17:17 - 2018-01-07 17:17 - 000000000 _____ () C:\Users\Karine\AppData\Local\{2A5A717A-D1ED-4243-8630-AEF3C52E51C9}
Certains fichiers dans TEMP:
====================
2018-11-13 21:52 - 2018-11-13 21:52 - 000000000 _____ () C:\Users\Karine\AppData\Local\Temp\6yorldgy.dll
2018-11-12 11:38 - 2018-11-12 11:38 - 000008192 _____ () C:\Users\Karine\AppData\Local\Temp\masgqvzi.dll
==================== Bamital & volsnap ======================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement
LastRegBack: 2018-08-27 17:50
==================== Fin de FRST.txt ============================