Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 14.11.2018 Exécuté par Karine (administrateur) sur MAISON (15-11-2018 18:23:18) Exécuté depuis C:\Users\Karine\Desktop Profils chargés: Karine & (Profils disponibles: Karine) Platform: Windows 10 Home Version 1803 17134.345 (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut non détecté(e)!) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (PixArt Imaging Incorporation) C:\Windows\PixArt\PAC207\Monitor.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (HP Development Company, L.P.) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Acer) C:\Program Files (x86)\Acer Remote\ArcServer.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20083.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.16610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (HP Development Company, L.P.) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe () C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.400_none_eb2ff40c1d41442d\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registre (Avec liste blanche) =========================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor) HKLM\...\Run: [Monitor] => C:\WINDOWS\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-05] (Apple Inc.) HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-09-27] (LeapFrog Enterprises, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [329992 2015-06-17] (HP Development Company, L.P.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-3505158192-861565398-15311041-1001\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Remote.lnk [2013-08-14] ShortcutTarget: Acer Remote.lnk -> C:\Program Files (x86)\Acer Remote\ArcServer.exe (Acer) Startup: C:\Users\Karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2018-10-25] ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{84514107-25a2-4bfe-8d9b-3ac63d2e1732}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3505158192-861565398-15311041-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-3505158192-861565398-15311041-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google/ HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google/ HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google/ SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms} SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> DefaultScope {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> DefaultScope {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> DefaultScope {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_18_36_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtCzyyD0C0AtCtByC0EyE0EtN0D0Tzu0StByEyEtBtN1L2XzuyEtFtByCtFtDtFtCyEtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyEyB0AyE0C0D0CtGyDyE0CzztGzztCtD0AtGtCtDtD0FtG0FtAtAyByD0FyByEyD0EtCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCtAzzyDyD1TtAtG1OyEzytAtGyEyDtCtBtG1T1RtB1StG1PtD1PyEyCzz1TtCzy1OtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzytBtDzztN1Q2Z1B1P1RzutCyDtAyCyEtCtDtByCyE%26cr%3D2027499507%26a%3Dwbf_inprft_18_36_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12692&tm=334&src=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = SearchScopes: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> {FAE22EF1-352A-486E-92AF-95DA4B940BCA} URL = hxxp://www.qo-pro.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation) Toolbar: HKLM - Pas de nom - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Pas de fichier Toolbar: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier Toolbar: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier Toolbar: HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-3505158192-861565398-15311041-1001 -> hxxp://www.qo-pro.com/ FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-13] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.qo-pro.com/ CHR StartupUrls: Default -> "hxxp://www.qo-pro.com/" CHR Profile: C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default [2018-11-15] CHR Extension: (Docs) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16] CHR Extension: (Google Drive) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18] CHR Extension: (YouTube) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-21] CHR Extension: (Adblock Plus) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-15] CHR Extension: (Recherche Google) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30] CHR Extension: (Google Docs hors connexion) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08] CHR Extension: (Chrome Media Router) - C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-05] CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165427365\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3505158192-861565398-15311041-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018165700570\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-03] () S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-13] (EasyAntiCheat Ltd) R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [Fichier non signé] R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7391232 2013-09-27] (LeapFrog Enterprises, Inc.) [Fichier non signé] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation) ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) S3 EasyAntiCheatSys; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [891192 2018-10-07] (EasyAntiCheat Oy) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-15] (Malwarebytes) S3 PAC207; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [572928 2007-03-01] (PixArt Imaging Inc.) S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated) R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2018-11-15 18:23 - 2018-11-15 18:29 - 000027110 _____ C:\Users\Karine\Desktop\FRST.txt 2018-11-15 18:22 - 2018-11-15 18:23 - 000000000 ____D C:\FRST 2018-11-15 18:20 - 2018-11-15 18:22 - 002416128 _____ (Farbar) C:\Users\Karine\Desktop\FRST64.exe 2018-11-15 16:41 - 2018-11-15 16:41 - 000000000 ____D C:\Users\Karine\AppData\Local\mbamtray 2018-11-15 16:41 - 2018-11-15 16:41 - 000000000 ____D C:\Users\Karine\AppData\Local\mbam 2018-11-15 16:40 - 2018-11-15 16:40 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-11-15 16:39 - 2018-11-15 16:39 - 000001924 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-11-15 16:39 - 2018-11-15 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-11-15 16:39 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2018-11-15 16:38 - 2018-11-15 16:38 - 000000000 ____D C:\ProgramData\MB2Migration 2018-11-15 16:38 - 2018-11-15 16:38 - 000000000 ____D C:\Program Files\Malwarebytes 2018-11-15 16:34 - 2018-11-15 16:36 - 079876624 _____ (Malwarebytes ) C:\Users\Karine\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7841.exe 2018-11-14 11:06 - 2018-11-14 11:06 - 000423241 _____ C:\Users\Karine\Desktop\mandat loyd.pdf 2018-11-13 21:54 - 2018-11-13 21:54 - 000000000 ____D C:\Users\Karine\AppData\Local\OneDrive 2018-11-13 21:43 - 2018-11-13 21:43 - 000000000 ____D C:\WINDOWS\Panther 2018-11-13 15:42 - 2018-11-13 15:42 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (4).pdf 2018-11-13 15:42 - 2018-11-13 15:42 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (3).pdf 2018-11-08 17:46 - 2018-11-08 17:46 - 000022406 _____ C:\Users\Karine\Downloads\accuse-enregistrement-tpc.pdf 2018-11-08 17:46 - 2018-11-08 17:46 - 000022406 _____ C:\Users\Karine\Downloads\accuse-enregistrement-tpc (1).pdf 2018-11-08 17:44 - 2018-11-08 17:44 - 000539905 _____ C:\Users\Karine\Downloads\cerfa_13757-03.pdf 2018-11-08 17:44 - 2018-11-08 17:44 - 000539905 _____ C:\Users\Karine\Downloads\cerfa_13757-03 (1).pdf 2018-11-08 16:59 - 2018-11-08 16:59 - 000031892 _____ C:\Users\Karine\Downloads\Facture (16).pdf 2018-11-08 16:58 - 2018-11-08 16:58 - 000031709 _____ C:\Users\Karine\Downloads\Facture (15).pdf 2018-11-08 16:58 - 2018-11-08 16:58 - 000031709 _____ C:\Users\Karine\Downloads\Facture (14).pdf 2018-11-08 16:58 - 2018-11-08 16:58 - 000031709 _____ C:\Users\Karine\Downloads\Facture (13).pdf 2018-11-08 16:56 - 2018-11-08 16:56 - 000031699 _____ C:\Users\Karine\Downloads\Facture (12).pdf 2018-11-08 16:56 - 2018-11-08 16:56 - 000031699 _____ C:\Users\Karine\Downloads\Facture (11).pdf 2018-11-08 16:53 - 2018-11-08 16:53 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (2).pdf 2018-11-07 12:35 - 2018-11-07 12:35 - 000502608 _____ C:\Users\Karine\Downloads\gift_card (5).pdf 2018-11-03 18:49 - 2018-11-03 18:49 - 000000000 ____D C:\Users\Karine\AppData\Local\Speech Graphics 2018-11-02 15:38 - 2018-11-02 15:38 - 000505987 _____ C:\Users\Karine\Desktop\Cerfa 103.pdf 2018-11-02 15:25 - 2018-11-02 15:25 - 000475002 _____ C:\Users\Karine\Desktop\jutificatif domicile.pdf 2018-11-02 15:21 - 2018-11-02 15:21 - 000281408 _____ C:\Users\Karine\Desktop\Carte grise 103.pdf 2018-10-25 16:49 - 2018-10-25 16:49 - 000062352 _____ C:\Users\Karine\Downloads\Contrat-A10001142539 (1).pdf 2018-10-25 15:05 - 2018-10-25 15:05 - 000483190 _____ C:\Users\Karine\Desktop\Impotts.pdf 2018-10-24 17:11 - 2018-10-24 17:11 - 000082059 _____ C:\Users\Karine\Downloads\ticket.pdf 2018-10-24 17:11 - 2018-10-24 17:11 - 000082059 _____ C:\Users\Karine\Downloads\ticket (1).pdf 2018-10-24 17:02 - 2018-10-24 17:04 - 001100577 _____ C:\Users\Karine\Desktop\generali.pdf 2018-10-24 16:12 - 2018-10-24 16:12 - 000004102 _____ C:\Users\Karine\Downloads\justificatif.pdf 2018-10-24 16:12 - 2018-10-24 16:12 - 000004102 _____ C:\Users\Karine\Downloads\justificatif (1).pdf 2018-10-17 10:46 - 2018-10-17 10:46 - 000169034 _____ C:\Users\Karine\Desktop\autorisation domiciliation.pdf ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2018-11-15 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-11-15 18:08 - 2018-08-27 17:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-11-15 17:47 - 2013-12-24 01:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2018-11-15 16:52 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF 2018-11-15 16:49 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-11-15 16:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-11-15 16:49 - 2017-12-14 14:17 - 000000000 ____D C:\Users\Karine\AppData\Local\Packages 2018-11-15 16:45 - 2013-08-14 19:34 - 000000000 ____D C:\Program Files (x86)\Acer Remote 2018-11-15 16:38 - 2014-09-06 15:46 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-11-15 16:35 - 2013-08-22 14:25 - 000000327 _____ C:\WINDOWS\win.ini 2018-11-15 16:33 - 2013-12-23 22:23 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-11-15 16:29 - 2018-08-27 18:16 - 001766590 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-11-15 16:29 - 2018-04-12 17:18 - 000789786 _____ C:\WINDOWS\system32\perfh00C.dat 2018-11-15 16:29 - 2018-04-12 17:18 - 000149318 _____ C:\WINDOWS\system32\perfc00C.dat 2018-11-15 16:24 - 2013-12-23 22:23 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-11-15 16:21 - 2018-08-27 18:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-11-15 16:20 - 2018-04-11 22:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2018-11-15 16:20 - 2017-07-14 13:24 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2018-11-15 16:20 - 2014-09-06 17:56 - 000000000 ____D C:\Program Files\Google 2018-11-15 16:20 - 2014-04-07 16:59 - 000000000 ____D C:\Program Files (x86)\Google 2018-11-15 16:20 - 2013-12-23 21:09 - 000000000 ____D C:\ProgramData\AVAST Software 2018-11-15 16:19 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-11-15 16:06 - 2014-04-07 16:59 - 000000000 ____D C:\Users\Karine\AppData\Local\Google 2018-11-15 15:48 - 2018-08-28 13:37 - 000000000 ____D C:\Users\Karine\AppData\Local\D3DSCache 2018-11-15 15:37 - 2013-12-24 01:10 - 000000000 ___RD C:\Users\Karine\SkyDrive 2018-11-15 15:19 - 2018-09-08 15:00 - 000059890 _____ C:\WINDOWS\SysWOW64\stub.json 2018-11-14 18:32 - 2018-09-16 17:13 - 000000000 ____D C:\Users\Karine\AppData\Local\AVAST Software 2018-11-14 18:14 - 2018-09-13 18:37 - 000000000 ____D C:\Users\Karine\AppData\Local\CrashDumps 2018-11-14 13:11 - 2013-12-24 02:04 - 000000000 ___RD C:\Users\Karine\Documents\PERSONNEL 2018-11-14 11:59 - 2018-09-25 14:53 - 000000132 _____ C:\Users\Karine\AppData\Roaming\WB.CFG 2018-11-14 11:31 - 2018-08-27 18:48 - 000003918 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-11-14 11:31 - 2018-08-27 18:48 - 000003598 _____ C:\WINDOWS\System32\Tasks\ALUAgent 2018-11-14 11:31 - 2018-08-27 18:48 - 000003516 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-11-14 11:31 - 2018-08-27 18:48 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-11-14 11:31 - 2018-08-27 18:48 - 000003304 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-11-14 11:31 - 2018-08-27 18:48 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-11-14 11:31 - 2018-08-27 18:48 - 000003152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{622D1CA7-F25F-4509-B5A0-6402024BF3CA} 2018-11-14 11:31 - 2018-08-27 18:48 - 000002744 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3505158192-861565398-15311041-500 2018-11-14 11:31 - 2018-08-27 18:48 - 000002626 _____ C:\WINDOWS\System32\Tasks\ALU 2018-11-14 11:31 - 2018-08-27 18:48 - 000002508 _____ C:\WINDOWS\System32\Tasks\HPLJCustParticipation 2018-11-14 11:31 - 2018-08-27 18:48 - 000002392 _____ C:\WINDOWS\System32\Tasks\DeviceDetector 2018-11-14 11:31 - 2018-08-27 18:48 - 000002312 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask 2018-11-14 11:31 - 2018-08-27 18:48 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN 2018-11-14 11:31 - 2018-08-27 18:48 - 000002112 _____ C:\WINDOWS\System32\Tasks\Power Management 2018-11-14 11:31 - 2018-08-27 18:48 - 000002094 _____ C:\WINDOWS\System32\Tasks\Hotkey Utility 2018-11-14 11:31 - 2018-08-27 18:48 - 000001986 _____ C:\WINDOWS\System32\Tasks\{3C3B7326-5A0E-4C54-8E50-C9B0AEA526CF} 2018-11-14 11:31 - 2018-08-27 18:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software 2018-11-13 22:18 - 2018-08-27 17:56 - 000000000 ____D C:\Users\Karine 2018-11-13 21:55 - 2013-12-24 02:55 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2018-11-13 21:45 - 2013-12-23 10:27 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-11-13 11:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-11-13 11:07 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-11-13 07:51 - 2014-04-07 17:00 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-11-13 07:51 - 2014-04-07 17:00 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-11-08 14:17 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-10-17 10:10 - 2018-10-15 12:49 - 000470320 _____ C:\Users\Karine\Desktop\consuel.pdf 2018-10-16 09:25 - 2018-07-10 17:42 - 000000000 ____D C:\ProgramData\Packages ==================== Fichiers à la racine de certains dossiers ======= 2018-09-25 14:53 - 2018-11-14 11:59 - 000000132 _____ () C:\Users\Karine\AppData\Roaming\WB.CFG 2014-05-16 16:10 - 2014-05-16 16:34 - 000000580 _____ () C:\Users\Karine\AppData\Local\cookies.ini 2018-01-07 17:17 - 2018-01-07 17:17 - 000000000 _____ () C:\Users\Karine\AppData\Local\{2A5A717A-D1ED-4243-8630-AEF3C52E51C9} Certains fichiers dans TEMP: ==================== 2018-11-13 21:52 - 2018-11-13 21:52 - 000000000 _____ () C:\Users\Karine\AppData\Local\Temp\6yorldgy.dll 2018-11-12 11:38 - 2018-11-12 11:38 - 000008192 _____ () C:\Users\Karine\AppData\Local\Temp\masgqvzi.dll ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement C:\WINDOWS\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2018-08-27 17:50 ==================== Fin de FRST.txt ============================