Google France search issue in all browsers and all operating systems from France [Archive]

waterreedshimmer

2017-05-21, 19:30

Helper please see original topic which lists the issues:
https://forums.spybot.info/showthread.php?74575-Help-!!!-New-browser-virus-!!!&p=475937#post475937

-------------------------------------------------------------------
Hello everyone and thanks for the help, it's mostly internet search issue rather then computer issue, but surely you may track something on my computer, like a server switch by using Google France search as password unlocker or whatever ?

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017
Exécuté par Francoise (administrateur) sur EARENDIL-LIGHT (21-05-2017 16:36:26)
Exécuté depuis C:\Users\Francoise\Documents
Profils chargés: UpdatusUser & Francoise (Profils disponibles: UpdatusUser & Francoise)
Platform: Windows 10 Home Version 1607 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Edge)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Apache Software Foundation) C:\dolibarr\bin\apache\apache2.2.11\bin\httpd.exe
() C:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.4.1.758\service_update.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Apache Software Foundation) C:\dolibarr\bin\apache\apache2.2.11\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Mixesoft Project) C:\Users\Francoise\AppData\Local\Mixesoft\AppNHost\appnhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Yandex) C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\aaa\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Moonchild Productions) C:\aaa\browsers\palemoon\palemoon.exe
(Mozilla Corporation) C:\aaa\browsers\palemoon\plugin-container.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\update_notifier.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
(YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Don HO don.h@free.fr) C:\aaa\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-21] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\aaa\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
HKU\S-1-5-21-3610230612-1959919224-871680787-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [Google Update] => C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-04] (Google Inc.)
HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [appnhost] => C:\Users\Francoise\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project)
HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [SyncManPath] => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe [25033024 2017-04-07] (Yandex)
HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [Vivaldi Update Notifier] => C:\aaa\browsers\vivaldi\Application\update_notifier.exe [4088440 2017-05-15] (Vivaldi Technologies AS)
HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2017-04-07] (Yandex)
ShellIconOverlayIdentifiers: [ YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2017-04-07] (Yandex)
ShellIconOverlayIdentifiers: [ YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2017-04-07] (Yandex)
ShellIconOverlayIdentifiers: [ YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2017-04-07] (Yandex)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\aaa\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-05-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{6d68b56e-2e62-4015-a38d-bc62579b416d}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{6f4ab77c-3d0e-48b3-9b5b-7a577921b09d}: [DhcpNameServer] 192.168.0.254

Internet Explorer:
==================
HKU\S-1-5-21-3610230612-1959919224-871680787-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3610230612-1959919224-871680787-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> DefaultScope {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {135AEC2D-5FB9-4AF0-8C5E-2C5FD3590EA2} URL =
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {25E4CF6F-EA74-4863-9FCE-9109D808292F} URL = hxxps://www.ecosia.org/search?q={searchTerms}&addon=opensearch
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {46512EDF-8454-49CB-B2FF-B123FFA08369} URL = hxxp://www.allocine.fr/recherche/?motcle={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {8A29859F-7DCD-4495-95A0-1B453527B117} URL = hxxp://www.lemonde.fr/web/recherche_resultats/1,13-0,1-0,0.html?dans=dansarticle&num_page=1&booleen=et&ordre=pertinence&periode=30&sur=LEMONDE&query={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {B70CC431-A684-4820-BE97-B68430032C47} URL = hxxp://fr.wikipedia.org/w/index.php?title=Sp%C3%A9cial:Recherche&search={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-20] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-21] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> about:tabs
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-05-21]
Edge Extension: (PrintFriendly and PDF) -> EdgeExtension_32615PrintFriendlyPDFPrintPDF_mcmatvdanzs2y => C:\Program Files\WindowsApps\32615PrintFriendlyPDF.Print-PDF_2.3.3.0_neutral__mcmatvdanzs2y [2017-05-21]
Edge Extension: (Ghostery) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_7.2.0.0_neutral__kzkqe0pn505dg [2017-05-21]

FireFox:
========
FF DefaultProfile: jfmdz595.default
FF ProfilePath: C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153 [2017-05-21]
FF Homepage: Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153 -> about:home
FF Extension: (Ghostery) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\firefox@ghostery.com.xpi [2017-05-20]
FF Extension: (HTTPS Everywhere) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\https-everywhere@eff.org.xpi [2017-05-20]
FF Extension: (Self-Destructing Cookies) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-05-20]
FF Extension: (DuckDuckGo Plus) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-05-04]
FF Extension: (Beef Taco (Targeted Advertising Cookie Opt-Out)) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\john@velvetcache.org.xpi [2016-06-05]
FF Extension: (Open in Browser) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\openinbrowser@www.spasche.net.xpi [2017-04-06]
FF Extension: (Print Edit) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\printedit@DW-dev.xpi [2017-05-20]
FF Extension: (uBlock Origin) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\uBlock0@raymondhill.net.xpi [2017-05-20]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-22]
FF Extension: (Ecosia — The search engine that plants trees!) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2017-05-21]
FF Extension: (Adblock Plus) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-18]
FF Extension: (BetterPrivacy) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-05-20]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\features\{4fa2bd07-2198-4701-84c8-63e2bf575e79}\disable-cert-transparency@mozilla.org.xpi [2017-05-04]
FF Extension: (Disable Prefetch) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\features\{4fa2bd07-2198-4701-84c8-63e2bf575e79}\disable-prefetch@mozilla.org.xpi [2017-05-04]
FF ProfilePath: C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default [2017-05-21]
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\jfmdz595.default -> Ecosia
FF Extension: (Click&Clean) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\clickclean@hotcleaner.com [2017-05-21]
FF Extension: (Cookies Exterminator) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\CookiesExterminator@Off.JustOff.xpi [2017-05-21]
FF Extension: (Eraser) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\Eraser@vikram [2017-05-21]
FF Extension: (HTTPS Everywhere) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\https-everywhere@eff.org.xpi [2017-05-21]
FF Extension: (uBlock Origin) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-21] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3610230612-1959919224-871680787-1002: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Francoise\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-09-16] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-3610230612-1959919224-871680787-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3610230612-1959919224-871680787-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=
CHR StartupUrls: Default -> "hxxp://www.net-entreprises.fr/","hxxps://srv12.mdweb.com.br:2083/","hxxp://faie-turritopsis-dohrnii.com:2082/","hxxp://ft.o4games.com/","hxxp://faie-turritopsis-dohrnii.com/wp-admin/","about:blank","hxxp://faie-turritopsis-dohrnii.com/","hxxps://www.indeed.fr/"
CHR Profile: C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default [2017-04-25]
CHR Extension: (Yahoo Web) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-01-29]
CHR Extension: (Google Docs) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Adblock Plus) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-27]
CHR Extension: (uBlock Origin) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-04-23]
CHR Extension: (Recherche Google) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-08-27]
CHR Extension: (Sailor Moon - Tema) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhngmbemhglidmhohidaofhhadjbampe [2015-12-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-09]
CHR Extension: (AddToAny: Share Anywhere) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2017-04-22]
CHR Extension: (HTTPS partout) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-04-25]
CHR Extension: (Google Docs hors connexion) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-23]
CHR Extension: (Bouton Enregistrer Pinterest) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-25]
CHR Extension: (Skype) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-13]
CHR Extension: (Fairy Tail - o4games.com) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiapjiccanfjgcgmgonhhfabeofgjph [2015-12-23]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (AmIUnique) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigjfndpomdldkmoaiiigpbncemhjeca [2017-01-17]
CHR Extension: (Gmail) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR Extension: (AdBlock Plus) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\polmielobmljikhdajjbhjfdnifcapih [2014-08-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (eCleaner (Forget Button)) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\bmkdpkmbajanbjgblpcnclodpalogcdp [2017-05-21]
OPR Extension: (Ecosia - Le moteur de recherche qui plante des arbres) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\cjkjohdegdpmepjcgmiafjaanigkkelo [2017-05-21]
OPR Extension: (HTTPS partout) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-05-21]
OPR Extension: (uBlock Origin) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-05-21]
OPR Extension: (Privacy Protector Plus) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\omcdndhjjchagccadgkhfdcbbhabamee [2017-05-21]

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Fichier non signé]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-15] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 doliwampapache; c:\dolibarr\bin\apache\apache2.2.11\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [Fichier non signé]
R2 doliwampmysqld; c:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe [5730304 2007-07-06] () [Fichier non signé]
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-21] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [Fichier non signé]
R3 hpqcxs08; C:\aaa\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2011-04-29] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\aaa\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Fichier non signé]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-07-23] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Fichier non signé]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2820424 2014-10-15] (CybelSoft)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Fichier non signé]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Fichier non signé]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) [Fichier non signé]
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [Fichier non signé]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [Fichier non signé]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [Fichier non signé]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.4.1.758\service_update.exe [3445752 2017-05-04] (YANDEX LLC)

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-24] (CybelSoft)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.) [Fichier non signé]
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46440 2017-04-06] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45896 2017-05-12] (SteelSeries ApS)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-05-21 16:36 - 2017-05-21 16:37 - 00038490 _____ C:\Users\Francoise\Documents\FRST.txt
2017-05-21 16:33 - 2017-05-21 16:33 - 00000000 ____D C:\Users\Francoise\Desktop\Nouveau dossier
2017-05-21 15:53 - 2017-05-21 15:53 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-EARENDIL-LIGHT-Windows-10-Home-(64-bit).dat
2017-05-21 15:52 - 2017-05-21 15:52 - 00000000 ____D C:\RegBackup
2017-05-21 07:15 - 2017-05-21 07:15 - 00000000 ____D C:\Users\Francoise\Documents\Modèles Office personnalisés
2017-05-20 23:05 - 2017-05-20 23:05 - 00002077 _____ C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-05-20 23:05 - 2017-05-20 23:05 - 00000000 ____D C:\Users\Francoise\AppData\Local\Vivaldi
2017-05-20 23:01 - 2017-05-20 23:01 - 00023377 _____ C:\Users\Francoise\AppData\Local\recently-used.xbel
2017-05-20 22:55 - 2017-05-21 15:38 - 00000000 ____D C:\Users\Francoise\AppData\Local\midori
2017-05-20 22:55 - 2017-05-21 15:20 - 00000000 ____D C:\Users\Francoise\.dbus-keyrings
2017-05-20 22:55 - 2017-05-20 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Midori
2017-05-20 22:35 - 2017-05-20 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
2017-05-20 22:21 - 2017-05-21 09:38 - 00000000 ___RD C:\Users\Francoise\YandexDisk
2017-05-20 22:21 - 2017-05-20 22:21 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk
2017-05-20 22:20 - 2017-05-20 22:20 - 00000000 ____D C:\Program Files\Yandex
2017-05-20 22:13 - 2017-05-21 15:40 - 00000472 _____ C:\WINDOWS\Tasks\Update for Yandex Browser.job
2017-05-20 22:13 - 2017-05-20 22:13 - 00003540 _____ C:\WINDOWS\System32\Tasks\Update for Yandex Browser
2017-05-20 22:13 - 2017-05-20 22:13 - 00000000 ____D C:\Users\Francoise\AppData\LocalLow\Yandex
2017-05-20 22:12 - 2017-05-21 09:35 - 00000510 _____ C:\WINDOWS\Tasks\Mise à jour système du Navigateur Yandex.job
2017-05-20 22:12 - 2017-05-21 09:35 - 00000486 _____ C:\WINDOWS\Tasks\Mise à jour du navigateur Yandex.job
2017-05-20 22:12 - 2017-05-20 22:20 - 00000000 ____D C:\Users\Francoise\AppData\Local\Yandex
2017-05-20 22:12 - 2017-05-20 22:20 - 00000000 ____D C:\ProgramData\Yandex
2017-05-20 22:12 - 2017-05-20 22:20 - 00000000 ____D C:\Program Files (x86)\Yandex
2017-05-20 22:12 - 2017-05-20 22:12 - 00003692 _____ C:\WINDOWS\System32\Tasks\Mise à jour système du Navigateur Yandex
2017-05-20 22:12 - 2017-05-20 22:12 - 00003568 _____ C:\WINDOWS\System32\Tasks\Mise à jour du navigateur Yandex
2017-05-20 22:12 - 2017-05-20 22:12 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex
2017-05-20 22:10 - 2017-05-20 22:21 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Yandex
2017-05-20 21:55 - 2017-05-20 21:55 - 00000986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2017-05-20 21:43 - 2017-05-20 21:43 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Moonchild Productions
2017-05-20 21:43 - 2017-05-20 21:43 - 00000000 ____D C:\Users\Francoise\AppData\Local\Moonchild Productions
2017-05-20 20:12 - 2017-05-20 20:12 - 00000000 ____D C:\Users\Francoise\AppData\Local\Mixesoft
2017-05-20 19:25 - 2017-04-28 04:28 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-05-20 19:25 - 2017-04-28 03:59 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-20 19:25 - 2017-04-28 03:56 - 02048488 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-20 19:25 - 2017-04-28 03:55 - 00088416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2017-05-20 19:25 - 2017-04-28 03:53 - 00616048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-20 19:25 - 2017-04-28 03:48 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-05-20 19:25 - 2017-04-28 03:46 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-05-20 19:25 - 2017-04-28 03:46 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-20 19:25 - 2017-04-28 03:46 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-05-20 19:25 - 2017-04-28 03:45 - 02263832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-20 19:25 - 2017-04-28 03:45 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-05-20 19:25 - 2017-04-28 03:45 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-05-20 19:25 - 2017-04-28 03:45 - 00781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-05-20 19:25 - 2017-04-28 03:45 - 00493920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-20 19:25 - 2017-04-28 03:45 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-05-20 19:25 - 2017-04-28 03:43 - 02168288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-20 19:25 - 2017-04-28 03:43 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-05-20 19:25 - 2017-04-28 03:43 - 01557224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-20 19:25 - 2017-04-28 03:43 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-05-20 19:25 - 2017-04-28 03:42 - 00601952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-05-20 19:25 - 2017-04-28 03:41 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2017-05-20 19:25 - 2017-04-28 03:40 - 06665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-20 19:25 - 2017-04-28 03:40 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-05-20 19:25 - 2017-04-28 03:40 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-05-20 19:25 - 2017-04-28 03:40 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-05-20 19:25 - 2017-04-28 03:40 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-05-20 19:25 - 2017-04-28 03:40 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-05-20 19:25 - 2017-04-28 03:40 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-05-20 19:25 - 2017-04-28 03:40 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-05-20 19:25 - 2017-04-28 03:39 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-20 19:25 - 2017-04-28 03:39 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-20 19:25 - 2017-04-28 03:39 - 00962760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-20 19:25 - 2017-04-28 03:39 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-05-20 19:25 - 2017-04-28 03:38 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-05-20 19:25 - 2017-04-28 03:35 - 01414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-20 19:25 - 2017-04-28 03:35 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-05-20 19:25 - 2017-04-28 03:29 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-05-20 19:25 - 2017-04-28 03:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-05-20 19:25 - 2017-04-28 03:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-20 19:25 - 2017-04-28 03:22 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2017-05-20 19:25 - 2017-04-28 03:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-20 19:25 - 2017-04-28 03:21 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-05-20 19:25 - 2017-04-28 03:21 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BthTelemetry.dll
2017-05-20 19:25 - 2017-04-28 03:20 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-05-20 19:25 - 2017-04-28 03:20 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2017-05-20 19:25 - 2017-04-28 03:19 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-05-20 19:25 - 2017-04-28 03:19 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-05-20 19:25 - 2017-04-28 03:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-05-20 19:25 - 2017-04-28 03:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-05-20 19:25 - 2017-04-28 03:18 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-05-20 19:25 - 2017-04-28 03:17 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-20 19:25 - 2017-04-28 03:17 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-05-20 19:25 - 2017-04-28 03:17 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-05-20 19:25 - 2017-04-28 03:17 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-05-20 19:25 - 2017-04-28 03:17 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-05-20 19:25 - 2017-04-28 03:16 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-05-20 19:25 - 2017-04-28 03:16 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-05-20 19:25 - 2017-04-28 03:16 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-05-20 19:25 - 2017-04-28 03:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-05-20 19:25 - 2017-04-28 03:16 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-05-20 19:25 - 2017-04-28 03:16 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-05-20 19:25 - 2017-04-28 03:16 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-20 19:25 - 2017-04-28 03:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-05-20 19:25 - 2017-04-28 03:16 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-05-20 19:25 - 2017-04-28 03:15 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-20 19:25 - 2017-04-28 03:15 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-05-20 19:25 - 2017-04-28 03:15 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-05-20 19:25 - 2017-04-28 03:15 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-05-20 19:25 - 2017-04-28 03:15 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2017-05-20 19:25 - 2017-04-28 03:15 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-05-20 19:25 - 2017-04-28 03:15 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-05-20 19:25 - 2017-04-28 03:14 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-05-20 19:25 - 2017-04-28 03:14 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-05-20 19:25 - 2017-04-28 03:14 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-20 19:25 - 2017-04-28 03:13 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-05-20 19:25 - 2017-04-28 03:13 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2017-05-20 19:25 - 2017-04-28 03:12 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-05-20 19:25 - 2017-04-28 03:12 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-05-20 19:25 - 2017-04-28 03:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-05-20 19:25 - 2017-04-28 03:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-05-20 19:25 - 2017-04-28 03:11 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-05-20 19:25 - 2017-04-28 03:11 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-05-20 19:25 - 2017-04-28 03:10 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-05-20 19:25 - 2017-04-28 03:10 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-05-20 19:25 - 2017-04-28 03:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-05-20 19:25 - 2017-04-28 03:10 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-05-20 19:25 - 2017-04-28 03:10 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-05-20 19:25 - 2017-04-28 03:10 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-05-20 19:25 - 2017-04-28 03:10 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-05-20 19:25 - 2017-04-28 03:09 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-05-20 19:25 - 2017-04-28 03:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-05-20 19:25 - 2017-04-28 03:09 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-20 19:25 - 2017-04-28 03:09 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-05-20 19:25 - 2017-04-28 03:09 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2017-05-20 19:25 - 2017-04-28 03:08 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-20 19:25 - 2017-04-28 03:08 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-05-20 19:25 - 2017-04-28 03:08 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-05-20 19:25 - 2017-04-28 03:08 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-05-20 19:25 - 2017-04-28 03:08 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-05-20 19:25 - 2017-04-28 03:07 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-05-20 19:25 - 2017-04-28 03:07 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-05-20 19:25 - 2017-04-28 03:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-05-20 19:25 - 2017-04-28 03:06 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-05-20 19:25 - 2017-04-28 03:06 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-05-20 19:25 - 2017-04-28 03:06 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-05-20 19:25 - 2017-04-28 03:06 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-05-20 19:25 - 2017-04-28 03:05 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-20 19:25 - 2017-04-28 03:05 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-20 19:25 - 2017-04-28 03:05 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-05-20 19:25 - 2017-04-28 03:05 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-05-20 19:25 - 2017-04-28 03:04 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-05-20 19:25 - 2017-04-28 03:03 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-05-20 19:25 - 2017-04-28 03:03 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-05-20 19:25 - 2017-04-28 03:03 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-05-20 19:25 - 2017-04-28 03:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2017-05-20 19:25 - 2017-04-28 03:03 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsnt.dll
2017-05-20 19:25 - 2017-04-28 03:03 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2017-05-20 19:25 - 2017-04-28 03:02 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-05-20 19:25 - 2017-04-28 03:01 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-05-20 19:25 - 2017-04-28 03:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-20 19:25 - 2017-04-28 03:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-05-20 19:25 - 2017-04-28 03:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-05-20 19:25 - 2017-04-28 03:01 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-05-20 19:25 - 2017-04-28 03:00 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-05-20 19:25 - 2017-04-28 03:00 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-20 19:25 - 2017-04-28 03:00 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2017-05-20 19:25 - 2017-04-28 02:59 - 02154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-05-20 19:25 - 2017-04-28 02:59 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-05-20 19:25 - 2017-04-28 02:59 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-05-20 19:25 - 2017-04-28 02:58 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-05-20 19:25 - 2017-04-28 02:58 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-05-20 19:25 - 2017-04-28 02:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2017-05-20 19:25 - 2017-04-28 02:58 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-05-20 19:25 - 2017-04-28 02:58 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-20 19:25 - 2017-04-28 02:57 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-05-20 19:25 - 2017-04-28 02:57 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-05-20 19:25 - 2017-04-28 02:57 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2017-05-20 19:25 - 2017-04-28 02:57 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-05-20 19:25 - 2017-04-28 02:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
2017-05-20 19:25 - 2017-04-28 02:56 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-20 19:25 - 2017-04-28 02:56 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-05-20 19:25 - 2017-04-28 02:56 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-05-20 19:25 - 2017-04-28 02:56 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-05-20 19:25 - 2017-04-28 02:55 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-20 19:25 - 2017-04-28 02:55 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-05-20 19:25 - 2017-04-28 02:55 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-05-20 19:25 - 2017-04-28 02:55 - 01413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-05-20 19:25 - 2017-04-28 02:55 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-05-20 19:25 - 2017-04-28 02:55 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-05-20 19:25 - 2017-04-28 02:55 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-05-20 19:25 - 2017-04-28 02:54 - 02747904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-05-20 19:25 - 2017-04-28 02:54 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-05-20 19:25 - 2017-04-28 02:54 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-20 19:25 - 2017-04-28 02:54 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-05-20 19:25 - 2017-04-28 02:54 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-05-20 19:25 - 2017-04-28 02:54 - 00967680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-20 19:25 - 2017-04-28 02:54 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-05-20 19:25 - 2017-04-28 02:54 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-05-20 19:25 - 2017-04-28 02:54 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-05-20 19:25 - 2017-04-28 02:54 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-05-20 19:25 - 2017-04-28 02:53 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-05-20 19:25 - 2017-04-28 02:53 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-05-20 19:25 - 2017-04-28 02:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-05-20 19:25 - 2017-04-28 02:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-20 19:25 - 2017-04-28 02:52 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-05-20 19:25 - 2017-04-28 02:52 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-20 19:25 - 2017-04-28 02:52 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-05-20 19:25 - 2017-04-28 02:52 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-20 19:25 - 2017-04-28 02:50 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-05-20 19:25 - 2017-04-28 02:30 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-20 19:24 - 2017-04-28 03:58 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-20 19:24 - 2017-04-28 03:57 - 00794928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-20 19:24 - 2017-04-28 03:53 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-20 19:24 - 2017-04-28 03:53 - 00774224 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-20 19:24 - 2017-04-28 03:40 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-05-20 19:24 - 2017-04-28 03:40 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-05-20 19:24 - 2017-04-28 03:40 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-05-20 19:24 - 2017-04-28 03:38 - 00847200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-05-20 19:24 - 2017-04-28 03:36 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2017-05-20 19:24 - 2017-04-28 03:36 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-05-20 19:24 - 2017-04-28 03:35 - 08170600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-20 19:24 - 2017-04-28 03:35 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-05-20 19:24 - 2017-04-28 03:35 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-05-20 19:24 - 2017-04-28 03:35 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-05-20 19:24 - 2017-04-28 03:35 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-05-20 19:24 - 2017-04-28 03:35 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-05-20 19:24 - 2017-04-28 03:34 - 22220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-20 19:24 - 2017-04-28 03:34 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-05-20 19:24 - 2017-04-28 03:34 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-05-20 19:24 - 2017-04-28 03:34 - 00244824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-05-20 19:24 - 2017-04-28 03:28 - 00453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-05-20 19:24 - 2017-04-28 03:28 - 00387864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-20 19:24 - 2017-04-28 03:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-05-20 19:24 - 2017-04-28 03:07 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-05-20 19:24 - 2017-04-28 03:04 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-20 19:24 - 2017-04-28 03:03 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys
2017-05-20 19:24 - 2017-04-28 03:02 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-20 19:24 - 2017-04-28 03:02 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-05-20 19:24 - 2017-04-28 03:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-05-20 19:24 - 2017-04-28 03:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-05-20 19:24 - 2017-04-28 03:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-05-20 19:24 - 2017-04-28 03:00 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-05-20 19:24 - 2017-04-28 03:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-05-20 19:24 - 2017-04-28 03:00 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-05-20 19:24 - 2017-04-28 03:00 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-05-20 19:24 - 2017-04-28 02:59 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-05-20 19:24 - 2017-04-28 02:59 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-05-20 19:24 - 2017-04-28 02:58 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-05-20 19:24 - 2017-04-28 02:58 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-05-20 19:24 - 2017-04-28 02:58 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-20 19:24 - 2017-04-28 02:57 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-05-20 19:24 - 2017-04-28 02:57 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-05-20 19:24 - 2017-04-28 02:57 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-05-20 19:24 - 2017-04-28 02:57 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2017-05-20 19:24 - 2017-04-28 02:56 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-20 19:24 - 2017-04-28 02:56 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-05-20 19:24 - 2017-04-28 02:56 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-05-20 19:24 - 2017-04-28 02:56 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-20 19:24 - 2017-04-28 02:56 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-20 19:24 - 2017-04-28 02:55 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-05-20 19:24 - 2017-04-28 02:55 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-05-20 19:24 - 2017-04-28 02:55 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-05-20 19:24 - 2017-04-28 02:54 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-05-20 19:24 - 2017-04-28 02:53 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-05-20 19:24 - 2017-04-28 02:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-05-20 19:24 - 2017-04-28 02:53 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-05-20 19:24 - 2017-04-28 02:53 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-05-20 19:24 - 2017-04-28 02:53 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-05-20 19:24 - 2017-04-28 02:51 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-20 19:24 - 2017-04-28 02:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-05-20 19:24 - 2017-04-28 02:51 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-20 19:24 - 2017-04-28 02:50 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-05-20 19:24 - 2017-04-28 02:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-05-20 19:24 - 2017-04-28 02:49 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-20 19:24 - 2017-04-28 02:47 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-20 19:24 - 2017-04-28 02:47 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-05-20 19:24 - 2017-04-28 02:47 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-05-20 19:24 - 2017-04-28 02:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-05-20 19:24 - 2017-04-28 02:45 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-20 19:24 - 2017-04-28 02:45 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-05-20 19:24 - 2017-04-28 02:45 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-05-20 19:24 - 2017-04-28 02:44 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-05-20 19:24 - 2017-04-28 02:44 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-05-20 19:24 - 2017-04-28 02:44 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-05-20 19:24 - 2017-04-28 02:44 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-20 19:24 - 2017-04-28 02:43 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-05-20 19:24 - 2017-04-28 02:43 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-05-20 19:24 - 2017-04-28 02:43 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2017-05-20 19:24 - 2017-04-28 02:43 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-20 19:24 - 2017-04-28 02:43 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-05-20 19:24 - 2017-04-28 02:42 - 13441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-05-20 19:24 - 2017-04-28 02:42 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-05-20 19:24 - 2017-04-28 02:42 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-05-20 19:24 - 2017-04-28 02:41 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-05-20 19:24 - 2017-04-28 02:41 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-05-20 19:24 - 2017-04-28 02:41 - 00860160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-05-20 19:24 - 2017-04-28 02:41 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-05-20 19:24 - 2017-04-28 02:40 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-20 19:24 - 2017-04-28 02:39 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-05-20 19:24 - 2017-04-28 02:39 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-05-20 19:24 - 2017-04-28 02:38 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-05-20 19:24 - 2017-04-28 02:38 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-05-20 19:24 - 2017-04-28 02:38 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-05-20 19:24 - 2017-04-28 02:37 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-05-20 19:24 - 2017-04-28 02:37 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-05-20 19:24 - 2017-04-28 02:37 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-05-20 19:24 - 2017-04-28 02:37 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-05-20 19:24 - 2017-04-28 02:37 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-05-20 19:24 - 2017-04-28 02:37 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-05-20 19:24 - 2017-04-28 02:37 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-05-20 19:24 - 2017-04-28 02:36 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-05-20 19:24 - 2017-04-28 02:35 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-05-20 19:24 - 2017-04-28 02:34 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-20 19:24 - 2017-04-28 02:34 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-05-20 19:24 - 2017-04-28 02:34 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2017-05-20 19:23 - 2017-04-28 03:57 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-05-20 19:23 - 2017-04-28 03:53 - 07784288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-20 19:23 - 2017-04-28 03:52 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-05-20 19:23 - 2017-04-28 03:49 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-20 19:23 - 2017-04-28 03:46 - 00410464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-05-20 19:23 - 2017-04-28 03:42 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-05-20 19:23 - 2017-04-28 03:40 - 02759704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-20 19:23 - 2017-04-28 03:40 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-20 19:23 - 2017-04-28 03:40 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-20 19:23 - 2017-04-28 03:40 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-05-20 19:23 - 2017-04-28 03:40 - 00578400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-20 19:23 - 2017-04-28 03:40 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-20 19:23 - 2017-04-28 03:40 - 00026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-20 19:23 - 2017-04-28 03:38 - 02915704 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-20 19:23 - 2017-04-28 03:38 - 01852200 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-20 19:23 - 2017-04-28 03:38 - 00431968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-05-20 19:23 - 2017-04-28 03:34 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-20 19:23 - 2017-04-28 03:34 - 01277824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-20 19:23 - 2017-04-28 03:34 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-05-20 19:23 - 2017-04-28 03:30 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-20 19:23 - 2017-04-28 03:21 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-20 19:23 - 2017-04-28 03:19 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-20 19:23 - 2017-04-28 03:15 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-05-20 19:23 - 2017-04-28 03:15 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-20 19:23 - 2017-04-28 03:14 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-20 19:23 - 2017-04-28 03:14 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-20 19:23 - 2017-04-28 03:12 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-05-20 19:23 - 2017-04-28 03:12 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-20 19:23 - 2017-04-28 03:11 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-20 19:23 - 2017-04-28 03:10 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-20 19:23 - 2017-04-28 03:08 - 18365440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-20 19:23 - 2017-04-28 03:06 - 22569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-20 19:23 - 2017-04-28 03:06 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-20 19:23 - 2017-04-28 03:05 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-20 19:23 - 2017-04-28 03:05 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-05-20 19:23 - 2017-04-28 03:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-20 19:23 - 2017-04-28 03:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-20 19:23 - 2017-04-28 03:01 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-05-20 19:23 - 2017-04-28 03:01 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-05-20 19:23 - 2017-04-28 03:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-20 19:23 - 2017-04-28 02:59 - 12187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-20 19:23 - 2017-04-28 02:59 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-05-20 19:23 - 2017-04-28 02:58 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-05-20 19:23 - 2017-04-28 02:58 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-20 19:23 - 2017-04-28 02:58 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-05-20 19:23 - 2017-04-28 02:58 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-05-20 19:23 - 2017-04-28 02:57 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-05-20 19:23 - 2017-04-28 02:57 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-05-20 19:23 - 2017-04-28 02:57 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-05-20 19:23 - 2017-04-28 02:57 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2017-05-20 19:23 - 2017-04-28 02:57 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-20 19:23 - 2017-04-28 02:57 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-20 19:23 - 2017-04-28 02:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-20 19:23 - 2017-04-28 02:56 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-05-20 19:23 - 2017-04-28 02:56 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-05-20 19:23 - 2017-04-28 02:56 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-20 19:23 - 2017-04-28 02:56 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-20 19:23 - 2017-04-28 02:56 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-05-20 19:23 - 2017-04-28 02:56 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-20 19:23 - 2017-04-28 02:55 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-20 19:23 - 2017-04-28 02:55 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-05-20 19:23 - 2017-04-28 02:55 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-05-20 19:23 - 2017-04-28 02:55 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-20 19:23 - 2017-04-28 02:55 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-05-20 19:23 - 2017-04-28 02:54 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-20 19:23 - 2017-04-28 02:54 - 02027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-20 19:23 - 2017-04-28 02:54 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-20 19:23 - 2017-04-28 02:54 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-05-20 19:23 - 2017-04-28 02:54 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-05-20 19:23 - 2017-04-28 02:54 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-20 19:23 - 2017-04-28 02:54 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-05-20 19:23 - 2017-04-28 02:53 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2017-05-20 19:23 - 2017-04-28 02:53 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-05-20 19:23 - 2017-04-28 02:51 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-05-20 19:23 - 2017-04-28 02:51 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-05-20 19:23 - 2017-04-28 02:51 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-05-20 19:23 - 2017-04-28 02:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-05-20 19:23 - 2017-04-28 02:51 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2017-05-20 19:23 - 2017-04-28 02:49 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-05-20 19:23 - 2017-04-28 02:49 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-05-20 19:23 - 2017-04-28 02:49 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-05-20 19:23 - 2017-04-28 02:48 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-05-20 19:23 - 2017-04-28 02:47 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-20 19:23 - 2017-04-28 02:47 - 03290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-05-20 19:23 - 2017-04-28 02:47 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-05-20 19:23 - 2017-04-28 02:47 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-20 19:23 - 2017-04-28 02:46 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-05-20 19:23 - 2017-04-28 02:46 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-05-20 19:23 - 2017-04-28 02:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-20 19:23 - 2017-04-28 02:45 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-05-20 19:23 - 2017-04-28 02:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-20 19:23 - 2017-04-28 02:45 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-05-20 19:23 - 2017-04-28 02:44 - 13091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-20 19:23 - 2017-04-28 02:44 - 04749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-20 19:23 - 2017-04-28 02:44 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-20 19:23 - 2017-04-28 02:44 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-05-20 19:23 - 2017-04-28 02:44 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2017-05-20 19:23 - 2017-04-28 02:43 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-05-20 19:23 - 2017-04-28 02:43 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-05-20 19:23 - 2017-04-28 02:43 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-05-20 19:23 - 2017-04-28 02:43 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-05-20 19:23 - 2017-04-28 02:42 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-20 19:23 - 2017-04-28 02:42 - 01021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2017-05-20 19:23 - 2017-04-28 02:42 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-20 19:23 - 2017-04-28 02:42 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-05-20 19:23 - 2017-04-28 02:41 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-20 19:23 - 2017-04-28 02:41 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-20 19:23 - 2017-04-28 02:41 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-20 19:23 - 2017-04-28 02:41 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-20 19:23 - 2017-04-28 02:40 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-20 19:23 - 2017-04-28 02:40 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-05-20 19:23 - 2017-04-28 02:40 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-05-20 19:23 - 2017-04-28 02:40 - 02096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-20 19:23 - 2017-04-28 02:40 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-05-20 19:23 - 2017-04-28 02:40 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-05-20 19:23 - 2017-04-28 02:40 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-05-20 19:23 - 2017-04-28 02:38 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-05-20 19:23 - 2017-04-28 02:38 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-20 19:23 - 2017-04-28 02:38 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-05-20 19:23 - 2017-04-28 02:37 - 04744192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-20 19:23 - 2017-04-28 02:37 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-20 19:23 - 2017-04-28 02:37 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-20 19:23 - 2017-04-28 02:37 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-20 19:23 - 2017-04-28 02:37 - 02216960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-05-20 19:23 - 2017-04-28 02:37 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-20 19:23 - 2017-04-28 02:37 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-20 19:23 - 2017-04-28 02:37 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-20 19:23 - 2017-04-28 02:36 - 03613184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-20 19:23 - 2017-04-28 02:36 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-05-20 19:23 - 2017-04-28 02:36 - 02478080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-05-20 19:23 - 2017-04-28 02:36 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-05-20 19:23 - 2017-04-28 02:36 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-20 19:23 - 2017-04-28 02:36 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-05-20 19:23 - 2017-04-28 02:36 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-05-20 19:23 - 2017-04-28 02:36 - 00735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-20 19:23 - 2017-04-28 02:35 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-20 19:23 - 2017-04-28 02:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-05-20 19:22 - 2017-04-28 03:56 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-05-20 19:22 - 2017-04-28 03:49 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-20 19:22 - 2017-04-28 03:49 - 00700936 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-20 19:22 - 2017-04-28 03:47 - 00699744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-05-20 19:22 - 2017-04-28 03:47 - 00501088 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2017-05-20 19:22 - 2017-04-28 03:44 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2017-05-20 19:22 - 2017-04-28 03:42 - 00526176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-05-20 19:22 - 2017-04-28 03:40 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-05-20 19:22 - 2017-04-28 03:39 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-05-20 19:22 - 2017-04-28 03:38 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-05-20 19:22 - 2017-04-28 03:38 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-05-20 19:22 - 2017-04-28 03:34 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-05-20 19:22 - 2017-04-28 03:30 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-05-20 19:22 - 2017-04-28 03:28 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-20 19:22 - 2017-04-28 03:19 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-20 19:22 - 2017-04-28 03:10 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-05-20 19:22 - 2017-04-28 03:03 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-20 19:22 - 2017-04-28 03:03 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll
2017-05-20 19:22 - 2017-04-28 03:02 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-05-20 19:22 - 2017-04-28 03:01 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-05-20 19:22 - 2017-04-28 03:01 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-05-20 19:22 - 2017-04-28 03:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-05-20 19:22 - 2017-04-28 03:01 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2017-05-20 19:22 - 2017-04-28 03:00 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-05-20 19:22 - 2017-04-28 03:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-05-20 19:22 - 2017-04-28 03:00 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-05-20 19:22 - 2017-04-28 03:00 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-05-20 19:22 - 2017-04-28 03:00 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-05-20 19:22 - 2017-04-28 03:00 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-05-20 19:22 - 2017-04-28 02:59 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-05-20 19:22 - 2017-04-28 02:59 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-05-20 19:22 - 2017-04-28 02:59 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-05-20 19:22 - 2017-04-28 02:59 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-05-20 19:22 - 2017-04-28 02:58 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-05-20 19:22 - 2017-04-28 02:58 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-05-20 19:22 - 2017-04-28 02:58 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-20 19:22 - 2017-04-28 02:58 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsentUX.dll
2017-05-20 19:22 - 2017-04-28 02:57 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-05-20 19:22 - 2017-04-28 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-05-20 19:22 - 2017-04-28 02:57 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2017-05-20 19:22 - 2017-04-28 02:57 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2017-05-20 19:22 - 2017-04-28 02:56 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-05-20 19:22 - 2017-04-28 02:56 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-05-20 19:22 - 2017-04-28 02:56 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-05-20 19:22 - 2017-04-28 02:56 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-20 19:22 - 2017-04-28 02:56 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-05-20 19:22 - 2017-04-28 02:55 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-05-20 19:22 - 2017-04-28 02:55 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-05-20 19:22 - 2017-04-28 02:55 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2017-05-20 19:22 - 2017-04-28 02:55 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-05-20 19:22 - 2017-04-28 02:54 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-05-20 19:22 - 2017-04-28 02:54 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-05-20 19:22 - 2017-04-28 02:50 - 01476608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-05-20 19:22 - 2017-04-28 02:50 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2017-05-20 19:22 - 2017-04-28 02:50 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll
2017-05-20 19:22 - 2017-04-28 02:48 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-20 19:22 - 2017-04-28 02:48 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-05-20 19:22 - 2017-04-28 02:47 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2017-05-20 19:22 - 2017-04-28 02:46 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-05-20 19:22 - 2017-04-28 02:46 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-05-20 19:22 - 2017-04-28 02:46 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2017-05-20 19:22 - 2017-04-28 02:46 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-05-20 19:22 - 2017-04-28 02:45 - 00946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-05-20 19:22 - 2017-04-28 02:45 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-05-20 19:22 - 2017-04-28 02:45 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-05-20 19:22 - 2017-04-28 02:44 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-05-20 19:22 - 2017-04-28 02:44 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-20 19:22 - 2017-04-28 02:44 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-05-20 19:22 - 2017-04-28 02:43 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-05-20 19:22 - 2017-04-28 02:43 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-05-20 19:22 - 2017-04-28 02:43 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-05-20 19:22 - 2017-04-28 02:42 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-20 19:22 - 2017-04-28 02:41 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-20 19:22 - 2017-04-28 02:41 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-05-20 19:22 - 2017-04-28 02:41 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-05-20 19:22 - 2017-04-28 02:40 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-05-20 19:22 - 2017-04-28 02:40 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-05-20 19:22 - 2017-04-28 02:40 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-05-20 19:22 - 2017-04-28 02:40 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-05-20 19:22 - 2017-04-28 02:40 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-05-20 19:22 - 2017-04-28 02:39 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-20 19:22 - 2017-04-28 02:37 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-05-20 19:22 - 2017-04-28 02:36 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-05-20 19:22 - 2017-04-28 02:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-05-20 19:22 - 2017-04-28 02:33 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-20 12:52 - 2017-05-20 12:52 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Micro Application
2017-05-20 12:15 - 2017-05-20 12:16 - 00490188 _____ C:\WINDOWS\Minidump\052017-47453-01.dmp
2017-05-20 12:12 - 2017-05-21 16:24 - 00000000 ____D C:\FRST
2017-05-20 12:09 - 2017-05-21 16:20 - 02429952 _____ (Farbar) C:\Users\Francoise\Documents\FRST64.exe
2017-05-20 12:03 - 2017-05-20 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-05-20 11:44 - 2017-05-20 12:03 - 00030206 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-05-20 11:39 - 2017-05-20 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Micro Application
2017-05-20 11:38 - 2017-05-20 11:38 - 00000000 ____D C:\ProgramData\Micro Application
2017-05-20 11:06 - 2017-05-20 11:06 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\AlderGames
2017-05-12 21:48 - 2017-05-12 21:48 - 01804672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-05-04 23:46 - 2017-05-21 10:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-04 23:19 - 2017-05-04 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2021-10-21 16:36 - 2013-12-28 02:18 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-04 10:34 - 2013-12-28 02:18 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2017-05-21 15:40 - 2016-12-29 18:18 - 00000000 ____D C:\Users\Francoise\AppData\LocalLow\Mozilla
2017-05-21 14:44 - 2014-08-27 20:54 - 00000000 ____D C:\Users\Francoise\AppData\Local\CrashDumps
2017-05-21 14:19 - 2016-12-19 16:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-21 10:07 - 2014-08-26 17:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-21 09:45 - 2016-07-16 14:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-21 09:44 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-21 09:36 - 2015-10-22 14:15 - 00000000 __SHD C:\Users\Francoise\IntelGraphicsProfiles
2017-05-21 09:34 - 2016-12-19 17:02 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-21 07:38 - 2016-12-19 17:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-21 07:37 - 2016-07-16 09:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-05-21 07:32 - 2016-07-16 14:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-21 07:30 - 2016-07-22 21:33 - 00002479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-05-21 07:29 - 2013-12-28 02:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-21 07:19 - 2014-08-26 10:30 - 00000000 ____D C:\Users\Francoise\AppData\Local\Packages
2017-05-21 05:38 - 2016-12-19 18:53 - 00407510 _____ C:\WINDOWS\system32\prfh0416.dat
2017-05-21 05:38 - 2016-12-19 18:53 - 00116528 _____ C:\WINDOWS\system32\prfc0416.dat
2017-05-21 05:38 - 2016-07-17 01:40 - 00793460 _____ C:\WINDOWS\system32\perfh00C.dat
2017-05-21 05:38 - 2016-07-17 01:40 - 00161382 _____ C:\WINDOWS\system32\perfc00C.dat
2017-05-21 05:38 - 2016-07-16 14:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-21 05:38 - 2015-10-02 16:47 - 02503772 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-21 05:33 - 2016-04-27 08:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-21 05:29 - 2016-12-19 16:58 - 00320336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-20 23:59 - 2016-07-16 09:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-20 23:28 - 2016-07-16 14:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-20 22:55 - 2016-12-19 17:06 - 00000000 ____D C:\Users\Francoise
2017-05-20 22:35 - 2016-07-27 00:20 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2017-05-20 22:00 - 2014-08-26 17:03 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Mozilla
2017-05-20 21:43 - 2014-08-27 20:27 - 00000000 ____D C:\aaa
2017-05-20 19:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-20 19:26 - 2014-08-26 16:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-20 19:18 - 2014-08-26 16:28 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-20 13:33 - 2016-12-19 17:36 - 00004772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-20 13:33 - 2014-09-02 18:34 - 00000000 ____D C:\Users\Francoise\AppData\Local\Adobe
2017-05-20 13:32 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-05-20 13:32 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-20 13:27 - 2017-01-24 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-20 13:27 - 2017-01-24 17:21 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-20 13:27 - 2014-09-08 15:45 - 00000000 ____D C:\ProgramData\Oracle
2017-05-20 13:27 - 2014-09-08 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-05-20 13:25 - 2017-01-24 17:22 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-05-20 12:29 - 2016-12-18 14:10 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\steelseries-engine-3-client
2017-05-20 12:22 - 2016-12-19 17:06 - 00000000 ____D C:\Users\UpdatusUser
2017-05-20 12:15 - 2017-01-22 11:27 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-20 12:15 - 2016-12-08 12:32 - 1131878437 _____ C:\WINDOWS\MEMORY.DMP
2017-05-20 11:53 - 2015-02-12 21:57 - 00002541 _____ C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2017-05-20 11:50 - 2017-02-23 16:31 - 00003994 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1469535058
2017-05-20 11:50 - 2016-07-26 15:11 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-20 11:50 - 2016-07-26 15:10 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-12 21:48 - 2016-12-07 02:57 - 00045896 _____ (SteelSeries ApS) C:\WINDOWS\system32\Drivers\sshid.sys
2017-05-04 23:53 - 2014-08-26 16:59 - 00000000 ____D C:\Users\Francoise\AppData\Local\Google
2017-05-04 23:35 - 2014-08-26 16:59 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-04 22:50 - 2016-12-19 17:36 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 22:44 - 2016-12-20 17:14 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3610230612-1959919224-871680787-1002UA1d25acb5cd69609
2017-05-04 22:44 - 2016-12-20 17:14 - 00003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3610230612-1959919224-871680787-1002Core1d25acb55fc06ae
2017-04-29 03:59 - 2016-07-16 14:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 03:59 - 2016-07-16 14:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-28 04:01 - 2016-12-19 17:01 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-25 13:23 - 2014-08-27 20:50 - 00000000 ____D C:\Users\Francoise\.gimp-2.8
2017-04-25 13:17 - 2014-10-20 18:37 - 00000000 ____D C:\Users\Francoise\AppData\Local\gtk-2.0

==================== Fichiers à la racine de certains dossiers =======

2017-01-21 16:54 - 2017-04-09 11:23 - 0000600 _____ () C:\Users\Francoise\AppData\Roaming\winscp.rnd
2014-11-24 17:43 - 2017-02-24 17:55 - 0053760 _____ () C:\Users\Francoise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-20 23:01 - 2017-05-20 23:01 - 0023377 _____ () C:\Users\Francoise\AppData\Local\recently-used.xbel
2014-11-24 22:49 - 2014-11-24 22:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-12-19 17:03 - 2016-12-19 17:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-28 00:19 - 2015-01-24 17:44 - 0003426 _____ () C:\ProgramData\hpzinstall.log
2014-11-24 19:13 - 2014-11-24 19:13 - 0005098 _____ () C:\ProgramData\vczcspay.tpu

Certains fichiers dans TEMP:
====================
2017-04-02 15:53 - 2017-04-02 15:55 - 105535336 _____ () C:\Users\Francoise\AppData\Local\Temp\228E.exe
2008-08-25 11:31 - 2008-08-25 11:31 - 242743296 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe
2009-03-16 19:38 - 2009-03-16 19:38 - 1914000 _____ (Adobe Systems Incorporated) C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe
2017-01-24 16:35 - 2017-01-24 16:35 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-20 13:23 - 2017-05-20 13:23 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-12-28 13:39 - 2017-01-12 21:10 - 2858376 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe
2017-02-21 17:29 - 2017-02-21 17:29 - 2903480 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe
2017-03-23 20:42 - 2017-03-23 20:42 - 2982992 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe
2008-12-15 18:34 - 2008-12-15 18:34 - 2585872 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe
2006-12-07 13:43 - 2006-12-07 13:43 - 8100680 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2017-03-21 15:45

==================== Fin de FRST.txt ============================

Thank you very much for your help and for finding the truth about that new virus type.

Juliet

2017-05-22, 15:31

Welcome

When you run FRST first time it should had created another txt file
Addition.txt

Can you locate this and copy and paste it into your next reply.

waterreedshimmer

2017-05-22, 15:52

Here is Addition p1 and p2.

Thank you.

Juliet

2017-05-22, 16:45

I predict we have a few issues related to language, it is hard to translate french to english but we will continue.
****************************

Start FRST (Please double-click on FRST/FRST64) with Administrator privileges

Right click on the script created below and select Copy.

Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-20] (Oracle Corporation)
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=
2017-04-02 15:53 - 2017-04-02 15:55 - 105535336 _____ () C:\Users\Francoise\AppData\Local\Temp\228E.exe
2008-08-25 11:31 - 2008-08-25 11:31 - 242743296 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe
2009-03-16 19:38 - 2009-03-16 19:38 - 1914000 _____ (Adobe Systems Incorporated) C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe
2017-01-24 16:35 - 2017-01-24 16:35 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-20 13:23 - 2017-05-20 13:23 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-12-28 13:39 - 2017-01-12 21:10 - 2858376 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe
2017-02-21 17:29 - 2017-02-21 17:29 - 2903480 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe
2017-03-23 20:42 - 2017-03-23 20:42 - 2982992 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe
2008-12-15 18:34 - 2008-12-15 18:34 - 2585872 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe
2006-12-07 13:43 - 2006-12-07 13:43 - 8100680 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Pas de fichier
Task: {0B7D69F0-8C95-42CB-A499-E24D1B8B9482} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {614FF4A2-C57A-411F-90B2-03260DE99E05} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {6C4B3157-B581-42DF-80E4-2AD927D09E7C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {89CD61D1-1947-40CF-A633-A02CA31EF2D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {951AE104-974A-424B-AC10-607338DA5222} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {A7F3D7B0-0A9C-4251-AAD5-EF6F1434E287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {AAAF8CC1-1AA2-47E0-8C62-152B4A0CCA8E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {B82AEADE-CD01-47C9-A8A0-B665ADE7BD99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {BBD43C31-CFA2-4E2E-B5EA-CCB7E72FD4E8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {CB9D70F7-BA2F-48F9-8877-3E681F8368A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {F968BCFC-807A-41B2-B1E2-484E4E334945} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
EmptyTemp:
End::

NEXT**
Press the Fix button.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

****************
http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

[i]-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

***********************************

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
http://i24.photobucket.com/albums/c30/ken545/MBAM3_zpsw0f8rn9n.jpg

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.

Please paste the log back into this thread for review

Exit Malwarebytes

**********

please post
Fixlog.txt
AdwCleaner[C1].txt
Malwarebytes log

waterreedshimmer

2017-05-23, 10:51

I'll put all Windows 10 in english, sorry. I suppose it can switch languages.

Juliet

2017-05-23, 12:12

I'll put all Windows 10 in english, sorry. I suppose it can switch languages.

we can continue in french if need be.

please post
Fixlog.txt
AdwCleaner[C1].txt
Malwarebytes log

waterreedshimmer

2017-05-23, 17:30

Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Exécuté par Francoise (23-05-2017 10:38:41) Run:2
Exécuté depuis C:\Users\Francoise\Documents\auto launch with security\frst in french
Profils chargés: Francoise (Profils disponibles: UpdatusUser & Francoise)
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-20] (Oracle Corporation)
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=
2017-04-02 15:53 - 2017-04-02 15:55 - 105535336 _____ () C:\Users\Francoise\AppData\Local\Temp\228E.exe
2008-08-25 11:31 - 2008-08-25 11:31 - 242743296 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe
2009-03-16 19:38 - 2009-03-16 19:38 - 1914000 _____ (Adobe Systems Incorporated) C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe
2017-01-24 16:35 - 2017-01-24 16:35 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-20 13:23 - 2017-05-20 13:23 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-12-28 13:39 - 2017-01-12 21:10 - 2858376 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe
2017-02-21 17:29 - 2017-02-21 17:29 - 2903480 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe
2017-03-23 20:42 - 2017-03-23 20:42 - 2982992 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe
2008-12-15 18:34 - 2008-12-15 18:34 - 2585872 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe
2006-12-07 13:43 - 2006-12-07 13:43 - 8100680 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Pas de fichier
Task: {0B7D69F0-8C95-42CB-A499-E24D1B8B9482} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {614FF4A2-C57A-411F-90B2-03260DE99E05} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {6C4B3157-B581-42DF-80E4-2AD927D09E7C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {89CD61D1-1947-40CF-A633-A02CA31EF2D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {951AE104-974A-424B-AC10-607338DA5222} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {A7F3D7B0-0A9C-4251-AAD5-EF6F1434E287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {AAAF8CC1-1AA2-47E0-8C62-152B4A0CCA8E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {B82AEADE-CD01-47C9-A8A0-B665ADE7BD99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {BBD43C31-CFA2-4E2E-B5EA-CCB7E72FD4E8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {CB9D70F7-BA2F-48F9-8877-3E681F8368A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {F968BCFC-807A-41B2-B1E2-484E4E334945} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
EmptyTemp:

*****************

Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => valeur non trouvé(e).
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => clé non trouvé(e).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => clé non trouvé(e).
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => clé non trouvé(e).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => clé non trouvé(e).
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => clé non trouvé(e).
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.131.2 => clé non trouvé(e).
C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll => non trouvé(e).
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2 => clé non trouvé(e).
C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll => non trouvé(e).
Chrome HomePage => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\228E.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe" => non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B7D69F0-8C95-42CB-A499-E24D1B8B9482} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{614FF4A2-C57A-411F-90B2-03260DE99E05} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C4B3157-B581-42DF-80E4-2AD927D09E7C} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89CD61D1-1947-40CF-A633-A02CA31EF2D3} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{951AE104-974A-424B-AC10-607338DA5222} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7F3D7B0-0A9C-4251-AAD5-EF6F1434E287} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAAF8CC1-1AA2-47E0-8C62-152B4A0CCA8E} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B82AEADE-CD01-47C9-A8A0-B665ADE7BD99} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBD43C31-CFA2-4E2E-B5EA-CCB7E72FD4E8} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9D70F7-BA2F-48F9-8877-3E681F8368A3} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F968BCFC-807A-41B2-B1E2-484E4E334945} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => clé non trouvé(e).

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1056016 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2294336 B
Edge => 17095 B
Chrome => 383533336 B
Firefox => 375281306 B
Opera => 27968763 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27097354 B
NetworkService => 75075302 B
UpdatusUser => 0 B
Francoise => 311422964 B

RecycleBin => 2323073 B
EmptyTemp: => 1.1 GB données temporaires supprimées.

================================

Le système a dû redémarrer.

==== Fin de Fixlog 10:46:04 ====

# AdwCleaner v6.047 - Logfile created 23/05/2017 at 11:56:25
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-22.1 [Local]
# Operating System : Windows 8 Pro (X64)
# Username : Francoise - EARENDIL-LIGHT
# Running from : C:\Users\Francoise\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Francoise\AppData\Local\SweetLabs App Platform
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
[-] Folder deleted: C:\Users\Public\Pokki

***** [ Files ] *****

[-] File deleted: C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] File deleted: C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[-] Task deleted: SweetLabs App Platform

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Classes\pokki
[-] Key deleted: HKCU\Software\Classes\pokki
[-] Key deleted: [x64] HKCU\Software\Classes\pokki
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\SweetLabs App Platform
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: HKCU\Software\SweetLabs App Platform
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: [x64] HKCU\Software\SweetLabs App Platform
[-] Key deleted: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AC2673AB-B2E7-11E4-82DA-201A06CBDE2D}
[#] Data restored on reboot: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC2673AB-B2E7-11E4-82DA-201A06CBDE2D}
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC2673AB-B2E7-11E4-82DA-201A06CBDE2D}
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Value deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Drive\shell\pokki
[-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki

***** [ Web browsers ] *****

[-] [C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: fr.yhs4.search.yahoo.com
[-] [C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: homepage-web.com
[-] [C:\Users\Francoise\AppData\Local\Google\Chrome SxS\User Data\Default] [homepage] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4828 Bytes] - [23/05/2017 11:56:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [5416 Bytes] - [23/05/2017 10:46:29]
C:\AdwCleaner\AdwCleaner[S1].txt - [4981 Bytes] - [23/05/2017 11:35:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5047 Bytes] ##########

Malwarebytes
www.malwarebytes.com (http://www.malwarebytes.com)

-Log Details-
Scan Date: 5/23/17
Scan Time: 12:42 PM
Log File: malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2003
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: EARENDIL-LIGHT\Francoise

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 458789
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Thank you both for your concern and for your work =)
----------------------------------------------------------------
Admin Edit
Tavern thread: https://forums.spybot.info/showthread.php?74575-Help-!!!-New-browser-virus-!!!&p=475963&viewfull=1#post475963

waterreedshimmer

2017-05-23, 17:33

* st scab = 1st scan

Juliet

2017-05-23, 23:44

It appears you ran the script for FRST twice, was not necessary.

what concerns AdwCleaner, fixes concerned Pokki
http://www.shouldiremoveit.com/Pokki-5024-program.aspx
http://www.shouldiremoveit.com/Pokki-Start-Menu-93761-program.aspx

**************
Please run the below fix script once.
~~~
Start FRST (Please double-click on FRST/FRST64) with Administrator privileges

Right click on the text below and select Copy.

Start::
EndProcesses:
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> DefaultScope {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
Emptytemp:
End::

Press the Fix button.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

*****************
Let's try to reset Google Chrome and see if the redirect changes
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)

Proceed with the reset once done.
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)

**********

Zemana AntiMalware Free

Please download it from here (https://www.zemana.com/Download/AntiMalware/Setup/Free/Zemana.AntiMalware.Setup.exe):

Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.

You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.
When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
without changing any options, press Scan

When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.
Zemana AntiMalware will now start to remove all the malicious programs from your computer.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

open Zemana AntiMalware again and locate the latest report
please paste the contents into your reply

When the process is complete, you can close Zemana AntiMalware

Please post these logs when finished.

waterreedshimmer

2017-05-24, 12:47

Hello =) I'll post in Tavern what I think.

Juliet

2017-05-24, 15:31

try to reset Google Chrome
Did you follow instructions for this?

Since you have used Zemana AntiMalware, has your computer improved?

waterreedshimmer

2017-05-25, 09:39

What changed with Zenma was that, before on Firefox:
https://www.google.fr/#q=facebook
After on Firefox:
https://www.google.fr/?gfe_rd=cr&ei=d24mWcPzOJPFaOShlrAM#q=facebook

I'll also add the HTML code that correspond to the search after Google browser changed search link.
http://www.filetolink.com/22b0fea3ab

I don't have the before.

I suppose this HTML code is clean one because no q= in link bar. But isn't that clean because we still have politics.

Also on Firefox adds were too negative about Facebook, although I had never clicked content, they seem more positive opinions about Facebook.

Let me put list of links I have:
Chrome:
https://www.google.fr/#q=facebook
Firefox:
https://www.google.fr/?gfe_rd=cr&ei=d24mWcPzOJPFaOShlrAM#q=facebook
Palemoon: https://www.google.fr/?gfe_rd=cr&ei=uXcmWdX7HteFaNCYr-AJ#q=facebook
Yandex: https://www.google.fr/#q=facebook
Vivaldi: https://www.google.fr/#q=facebook
Opera: https://www.google.fr/#q=facebook

Oh, I'll try the Windows browsers too:
Internet explorer: https://www.google.fr/?gfe_rd=cr&ei=r3gmWeHUFsmCaN2yk8AH#q=facebook&spf=1495686289023
Edge: https://www.google.fr/?gfe_rd=cr&ei=CnkmWezkLNDCaL6sl-AO&gws_rd=ssl#q=facebook&spf=1495686395951

Internet explorer and Edge are virus clean. Let me add Edge. They have no politics. I'll have to take a picture of everything. Because not normal Microsoft browsers that I did not try before ARE VIRUS CLEAN but not the others so many differences, be title bar or content.

This virus concerns 90% of France so.

So I confirm my hypothesis: 1 or 2 fake Google servers, because we can have wrong or right title bar, but in right title bar we can have virus or no virus. The 25th May picture is from Firefox. So that means the " politics " + melanie are all threat from someone who dislikes these politicians.

From what I had heard in Ubuntu forum, virus can be cought in new computer with 0 use before. But must be in France. But Microsoft have not catched the virus in its browsers yet. I'll go into the pictures the later I'll give you a link to my album.

I also had linked you past Firefox.

Just to help see clear, I'll do paste here Edge clean quest:

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
Screen-reader users, click here to turn off Google Instant.

Sign in

AllShoppingNewsImagesVideosMore
SettingsTools

About 17,630,000,000 results (0.45 seconds)

A privacy reminder from Google
Remind me later
Review

Search Results
Facebook - Log In or Sign Up
https://www.facebook.com/

Create an account or log into Facebook. Connect with friends, family and other people you know. Share photos and videos, send messages and get updates.
Log In
Log into Facebook to start sharing and connecting with your ...
Games
Switch and match the collectable Cropsies in this farmtastic ...
Log in to Facebook
Log in to Facebook to start sharing and connecting with your ...
Search
Please enter a query in the box above. English (US); Español ...
Facebook Touch
Log into Facebook to start sharing and connecting with your ...
Facebook Business
Facebook Business gives you the latest news, advertising tips ...
More results from facebook.com »

Top stories

Norway seeks new powers to police Facebook
The Telegraph · 5 hours ago

Exclusive: Facebook signs BuzzFeed, Vox, others for original video shows - sources
Reuters · 6 hours ago

Facebook and Google dominate web traffic, but not the same kind
Business Insider · 8 hours ago

More for facebook
Facebook - Android Apps on Google Play
https://play.google.com/store/apps/details?id=com.facebook.katana&hl=en

Rating: 4 - ‎66,071,037 votes - ‎Free
Keeping up with friends is faster than ever. • See what friends are up to • Share updates, photos and videos • Get notified when friends like and comment on your ...
Facebook on the App Store - iTunes - Apple
https://itunes.apple.com/us/app/facebook/id284882215?mt=8

Rating: 3.4 - ‎2,389 reviews - ‎Free - ‎iOS - ‎Social Networking
6 days ago - Keeping up with friends is faster than ever. • See what friends are up to • Share updates, photos and video • Get notified when friends like and ...
Facebook - Wikipedia
https://en.wikipedia.org/wiki/Facebook

Facebook is an American for-profit corporation and an online social media and social networking service based in Menlo Park, California. The Facebook website ...
Founded‎: ‎February 4, 2004; 13 years ago
Total assets‎: ‎US$64.961 billion (2016)
Users‎: ‎1.94 billion monthly active users (March ...
Total equity‎: ‎US$59.194 billion (2016)
Facebook - YouTube
https://www.youtube.com/user/theofficialfacebook

This Saturday, February 4 is Friends Day—a day to celebrate our friendships and a time to connect with friends. This year, we asked members of our community ...
Facebook - Mashable
mashable.com/category/facebook/

With more than 1 billion users, Facebook is the world's largest social network. Founder Mark Zuckerberg started Facebook in 2004 while he was an ...

Searches related to facebook
facebook en español
facebook download
welcome to facebook
facebook lite
facebook mobile
facebook sign in
facebook app
facebook search

12345678910Next

Facebook, Inc.
Social network company

facebook.com
Facebook is an American for-profit corporation and an online social media and social networking service based in Menlo Park, California. Wikipedia

Stock price: FB (NASDAQ) $150.04 +1.97 (+1.33%)
May 24, 4:00 PM EDT - Disclaimer
Founded: February 2004, Cambridge, Massachusetts, United States
Headquarters: Menlo Park, California, United States
Founders: Dustin Moskovitz, Mark Zuckerberg, Eduardo Saverin, Andrew McCollum, Chris Hughes
Subsidiaries: Oculus VR, Onavo, WhatsApp Inc., LiveRail, more
Profiles

YouTube

Twitter

Instagram

LinkedIn

Facebook
Executives

Mark Zuckerberg
CEO, Chairperson, Founder

Sheryl Sandberg
COO

David Wehner
CFO

Mike Schroepfer
CTO

Chris Cox
Chief product officer

Feedback
Disclaimer

Colombes - From your Internet address - Use precise location - Learn more
Help Send feedback Privacy Terms

waterreedshimmer

2017-05-25, 09:43

I did not reset Google Chrome because yesterday just after I saved the Bookmarks, it went blank. I posted it.

But the blank did not interfere with doing all other things on computer. But no access to parameters because it was blank. I thought it was deleted but it works.

Shall I reset it today ?

waterreedshimmer

2017-05-25, 09:45

...to explain better I thought Zenma or whatever I don't know of had eaten Chrome yesterday (alike happend to Pokki), that's why it was blank, and that's why no way to reset it.

waterreedshimmer

2017-05-25, 09:48

I don't have that good memory, but if I remember it was before Zenma that it went blank. I just saved the bookmarks and it went blank. Then I did what you asked.

waterreedshimmer

2017-05-25, 11:03

We have unknown parameters because we don't know if browsers simplifies address bars but I don't think so. At least for Firefox there was change. Palemoon already had that new address bar. So it's not that new. The only big change is to compare results with the untested browsers that show no politicals in Google search results.

Here is my new album (https://goo.gl/photos/NzDTuqnrD2VXsJCMA). I don't know if here is OK or in Tavern for image album and actual answers?

I'll see to post HTML codes of Palemoon, Opera and Edge. And I think it was Firefox HTML that I had posted.

waterreedshimmer

2017-05-25, 12:04

I don't think it's virus that bugged changing languages, but I think all my browsers stayed stucked in locale FR excep Microsoft ones that switched to the locale USA (in Region settings). So that's why Edge and Internet explorer are clean, and I did not changed country as local content, all still in France. So still no need for the HTML, I'll put all locale in FR try see what it gives. But still other browser fixed words stayed stuck in french, Microsoft browsers weren't translated into english. It's only the locale change that (I suppose) as detection, but no language change. I need Microsoft browsers to point to region > France as locale even if program language will still stay in french.

waterreedshimmer

2017-05-25, 13:11

We came back to step 1 :( I found out: https://adwords.google.com/apt/anon/AdPreview?__u=1000000000&__c=1000000000 that shows same result then 1st one and add &gl=fr&pws=0 to Google Search results that also shows same result then 1st one. So we took 2 steps back :(

It's just firefox that had change address length. (https://www.google.fr/?gfe_rd=cr&ei=D6omWbeINsOEaJmEvcgH#q=facebook&gl=fr&pws=0)

Juliet

2017-05-25, 14:20

Very likely this is related to your region and your ISP.
And I agree with you this is not related to malware or virus.

if you click on the link below does it take you to the english google page?
if it does bookmark this one.
https://www.google.com/?hl=en
***

https://support.google.com/websearch/answer/179386

***
1. Check your regional language settings in control panel in case something has changed it.
2. Clear your cache in Firefox or whatever browser you use. (Options / privacy tab in Firefox)
3. Empty your temp internet folder.
4. Check your cookies folder for links to french sites.

Now, log out of all your google account, and for Firefox, reboot and log back in to see if it goes to english pages now.

***
Mostly what I can do at this point is try to supply you with troubleshooting links in an attempt to resolve the issue, I can also direct you to a french speaking forum to see if there is anything they can suggest.
http://forum.zebulon.fr/
https://forum.security-x.fr/

waterreedshimmer

2017-05-25, 16:57

No.

Thank you very much for your help =) The truth is out there.

waterreedshimmer

2017-05-25, 17:09

I can always check with Google Adwords if we are the only country in the world to have political ranking and weird ranking associated with the word " facebook " but won't prove nothing for you, just that our country, France, has weird way of using internet and of imagining political ads (or weird ads I'll never click).

But this won't help you. I'll re-do the steps for myself. High chance I end up quitting Google, not a thing I can really do about it. Let it be, you have done your best in it =)

Thank you very much for your help !!! Thanks both !!!

waterreedshimmer

2017-05-25, 17:18

Bye !!!

Juliet

2017-05-25, 23:56

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

waterreedshimmer

2017-05-27, 17:33

http://www.seomastering.com/fake-pagerank-checker.php

Maybe someone intends to send an atomic bomb on France, all french pages are set as Fake so disconnected from WWW in:
http://www.seomastering.com/fake-pagerank-checker.php

It's an hypothesis of course, here is what I have as pics:

waterreedshimmer

2017-05-27, 19:06

# DelFix v1.010 - Rapport créé le 27/05/2017 à 16:58:38
# Mis à jour le 26/04/2015 par Xplode
# Nom d'utilisateur : Francoise - EARENDIL-LIGHT
# Système d'exploitation : Windows 8 Pro (64 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

Supprimé : C:\FRST
Supprimé : C:\AdwCleaner
Supprimé : C:\RegBackup
Supprimé : C:\TDSSKiller.3.1.0.15_21.05.2017_17.06.47_log.txt
Supprimé : C:\TDSSKiller.3.1.0.15_21.05.2017_17.14.08_log.txt
Supprimé : C:\TDSSKiller.3.1.0.15_21.05.2017_17.16.02_log.txt
Supprimé : C:\TDSSKiller.3.1.0.15_21.05.2017_17.20.00_log.txt
Supprimé : C:\Users\Francoise\Desktop\AdwCleaner.exe

########## - EOF - ##########

waterreedshimmer

2017-05-27, 19:12

Maybe you wish me to try the french forums, I'll go try them, thanks =)
You all were of a huge help !!!
:)

Juliet

2017-05-28, 02:02

I just don't feel like your alone with this issue and I think, the French forums can give you more details of what is happening.

If you like you can include a link to this topic to show them what has been done.