Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Google France search issue in all browsers and all operating systems from France

  1. #1
    Member
    Join Date
    May 2014
    Posts
    73

    Cool Google France search issue in all browsers and all operating systems from France

    Helper please see original topic which lists the issues:
    https://forums.spybot.info/showthrea...937#post475937

    -------------------------------------------------------------------
    Hello everyone and thanks for the help, it's mostly internet search issue rather then computer issue, but surely you may track something on my computer, like a server switch by using Google France search as password unlocker or whatever ?

    Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017
    Exécuté par Francoise (administrateur) sur EARENDIL-LIGHT (21-05-2017 16:36:26)
    Exécuté depuis C:\Users\Francoise\Documents
    Profils chargés: UpdatusUser & Francoise (Profils disponibles: UpdatusUser & Francoise)
    Platform: Windows 10 Home Version 1607 (X64) Langue: Français (France)
    Internet Explorer Version 11 (Navigateur par défaut: Edge)
    Mode d'amorçage: Normal
    Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processus (Avec liste blanche) =================

    (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
    (Apache Software Foundation) C:\dolibarr\bin\apache\apache2.2.11\bin\httpd.exe
    () C:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.4.1.758\service_update.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    (Apache Software Foundation) C:\dolibarr\bin\apache\apache2.2.11\bin\httpd.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    (Mixesoft Project) C:\Users\Francoise\AppData\Local\Mixesoft\AppNHost\appnhost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Yandex) C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe
    (SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Hewlett-Packard) C:\aaa\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
    () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
    () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
    (TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Moonchild Productions) C:\aaa\browsers\palemoon\palemoon.exe
    (Mozilla Corporation) C:\aaa\browsers\palemoon\plugin-container.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\update_notifier.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera_crashreporter.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
    (Google Inc.) C:\Users\Francoise\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    (Vivaldi Technologies AS) C:\aaa\browsers\vivaldi\Application\vivaldi.exe
    (YANDEX LLC) C:\Users\Francoise\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    (Don HO don.h@free.fr) C:\aaa\Notepad++\notepad++.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registre (Avec liste blanche) ====================

    (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-21] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [HP Software Update] => C:\aaa\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Qualcomm®Atheros®)
    HKU\S-1-5-21-3610230612-1959919224-871680787-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [Google Update] => C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-04] (Google Inc.)
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [appnhost] => C:\Users\Francoise\AppData\Local\Mixesoft\AppNHost\appnhost.exe [453176 2014-08-08] (Mixesoft Project)
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [SyncManPath] => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe [25033024 2017-04-07] (Yandex)
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002\...\Run: [Vivaldi Update Notifier] => C:\aaa\browsers\vivaldi\Application\update_notifier.exe [4088440 2017-05-15] (Vivaldi Technologies AS)
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2017-04-07] (Yandex)
    ShellIconOverlayIdentifiers: [ YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2017-04-07] (Yandex)
    ShellIconOverlayIdentifiers: [ YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2017-04-07] (Yandex)
    ShellIconOverlayIdentifiers: [ YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Users\Francoise\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2017-04-07] (Yandex)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-03-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-03-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-03-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-03-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-03-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Francoise\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-03-20] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-28]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\aaa\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-05-20]
    ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

    ==================== Internet (Avec liste blanche) ====================

    (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

    Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
    Tcpip\..\Interfaces\{6d68b56e-2e62-4015-a38d-bc62579b416d}: [DhcpNameServer] 192.168.0.254
    Tcpip\..\Interfaces\{6f4ab77c-3d0e-48b3-9b5b-7a577921b09d}: [DhcpNameServer] 192.168.0.254

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3610230612-1959919224-871680787-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
    HKU\S-1-5-21-3610230612-1959919224-871680787-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
    SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> DefaultScope {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {135AEC2D-5FB9-4AF0-8C5E-2C5FD3590EA2} URL =
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {25E4CF6F-EA74-4863-9FCE-9109D808292F} URL = hxxps://www.ecosia.org/search?q={searchTerms}&addon=opensearch
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {46512EDF-8454-49CB-B2FF-B123FFA08369} URL = hxxp://www.allocine.fr/recherche/?motcle={searchTerms}
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {8A29859F-7DCD-4495-95A0-1B453527B117} URL = hxxp://www.lemonde.fr/web/recherche_resultats/1,13-0,1-0,0.html?dans=dansarticle&num_page=1&booleen=et&ordre=pertinence&periode=30&sur=LEMONDE&query={searchTerms}
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {B70CC431-A684-4820-BE97-B68430032C47} URL = hxxp://fr.wikipedia.org/w/index.php?title=Sp%C3%A9cial:Recherche&search={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-21] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-21] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-20] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-20] (Oracle Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-21] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-21] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-21] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-21] (Microsoft Corporation)

    Edge:
    ======
    Edge HomeButtonPage: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> about:tabs
    Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-05-21]
    Edge Extension: (PrintFriendly and PDF) -> EdgeExtension_32615PrintFriendlyPDFPrintPDF_mcmatvdanzs2y => C:\Program Files\WindowsApps\32615PrintFriendlyPDF.Print-PDF_2.3.3.0_neutral__mcmatvdanzs2y [2017-05-21]
    Edge Extension: (Ghostery) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_7.2.0.0_neutral__kzkqe0pn505dg [2017-05-21]

    FireFox:
    ========
    FF DefaultProfile: jfmdz595.default
    FF ProfilePath: C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153 [2017-05-21]
    FF Homepage: Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153 -> about:home
    FF Extension: (Ghostery) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\firefox@ghostery.com.xpi [2017-05-20]
    FF Extension: (HTTPS Everywhere) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\https-everywhere@eff.org.xpi [2017-05-20]
    FF Extension: (Self-Destructing Cookies) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-05-20]
    FF Extension: (DuckDuckGo Plus) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-05-04]
    FF Extension: (Beef Taco (Targeted Advertising Cookie Opt-Out)) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\john@velvetcache.org.xpi [2016-06-05]
    FF Extension: (Open in Browser) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\openinbrowser@www.spasche.net.xpi [2017-04-06]
    FF Extension: (Print Edit) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\printedit@DW-dev.xpi [2017-05-20]
    FF Extension: (uBlock Origin) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\uBlock0@raymondhill.net.xpi [2017-05-20]
    FF Extension: (Download YouTube Videos as MP4) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-22]
    FF Extension: (Ecosia — The search engine that plants trees!) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2017-05-21]
    FF Extension: (Adblock Plus) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-18]
    FF Extension: (BetterPrivacy) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-05-20]
    FF Extension: (Disable TLS Certificate Transparency) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\features\{4fa2bd07-2198-4701-84c8-63e2bf575e79}\disable-cert-transparency@mozilla.org.xpi [2017-05-04]
    FF Extension: (Disable Prefetch) - C:\Users\Francoise\AppData\Roaming\Mozilla\Firefox\Profiles\ye4jpjig.default-1445766074153\features\{4fa2bd07-2198-4701-84c8-63e2bf575e79}\disable-prefetch@mozilla.org.xpi [2017-05-04]
    FF ProfilePath: C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default [2017-05-21]
    FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\jfmdz595.default -> Ecosia
    FF Extension: (Click&Clean) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\clickclean@hotcleaner.com [2017-05-21]
    FF Extension: (Cookies Exterminator) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\CookiesExterminator@Off.JustOff.xpi [2017-05-21]
    FF Extension: (Eraser) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\Eraser@vikram [2017-05-21]
    FF Extension: (HTTPS Everywhere) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\https-everywhere@eff.org.xpi [2017-05-21]
    FF Extension: (uBlock Origin) - C:\Users\Francoise\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jfmdz595.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-21]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-20] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-20] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-20] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-21] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3610230612-1959919224-871680787-1002: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Francoise\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-09-16] (RocketLife, LLP)
    FF Plugin HKU\S-1-5-21-3610230612-1959919224-871680787-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3610230612-1959919224-871680787-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=
    CHR StartupUrls: Default -> "hxxp://www.net-entreprises.fr/","hxxps://srv12.mdweb.com.br:2083/","hxxp://faie-turritopsis-dohrnii.com:2082/","hxxp://ft.o4games.com/","hxxp://faie-turritopsis-dohrnii.com/wp-admin/","about:blank","hxxp://faie-turritopsis-dohrnii.com/","hxxps://www.indeed.fr/"
    CHR Profile: C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default [2017-04-25]
    CHR Extension: (Yahoo Web) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-01-29]
    CHR Extension: (Google Docs) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
    CHR Extension: (Adblock Plus) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-27]
    CHR Extension: (uBlock Origin) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-04-23]
    CHR Extension: (Recherche Google) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-08-27]
    CHR Extension: (Sailor Moon - Tema) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhngmbemhglidmhohidaofhhadjbampe [2015-12-23]
    CHR Extension: (Adobe Acrobat) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-09]
    CHR Extension: (AddToAny: Share Anywhere) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2017-04-22]
    CHR Extension: (HTTPS partout) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-04-25]
    CHR Extension: (Google Docs hors connexion) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
    CHR Extension: (AdBlock) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-23]
    CHR Extension: (Bouton Enregistrer Pinterest) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-25]
    CHR Extension: (Skype) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-13]
    CHR Extension: (Fairy Tail - o4games.com) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiapjiccanfjgcgmgonhhfabeofgjph [2015-12-23]
    CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
    CHR Extension: (AmIUnique) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigjfndpomdldkmoaiiigpbncemhjeca [2017-01-17]
    CHR Extension: (Gmail) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
    CHR Extension: (Chrome Media Router) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
    CHR Extension: (AdBlock Plus) - C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Extensions\polmielobmljikhdajjbhjfdnifcapih [2014-08-27]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

    Opera:
    =======
    OPR Extension: (eCleaner (Forget Button)) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\bmkdpkmbajanbjgblpcnclodpalogcdp [2017-05-21]
    OPR Extension: (Ecosia - Le moteur de recherche qui plante des arbres) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\cjkjohdegdpmepjcgmiafjaanigkkelo [2017-05-21]
    OPR Extension: (HTTPS partout) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-05-21]
    OPR Extension: (uBlock Origin) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-05-21]
    OPR Extension: (Privacy Protector Plus) - C:\Users\Francoise\AppData\Roaming\Opera Software\Opera Stable\Extensions\omcdndhjjchagccadgkhfdcbbhabamee [2017-05-21]

    ==================== Services (Avec liste blanche) ====================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Fichier non signé]
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-15] (Acer Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
    R2 doliwampapache; c:\dolibarr\bin\apache\apache2.2.11\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [Fichier non signé]
    R2 doliwampmysqld; c:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe [5730304 2007-07-06] () [Fichier non signé]
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-21] (ELAN Microelectronics Corp.)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [Fichier non signé]
    R3 hpqcxs08; C:\aaa\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2011-04-29] (Hewlett-Packard Co.)
    R2 hpqddsvc; C:\aaa\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Fichier non signé]
    R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-07-23] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Fichier non signé]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
    R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
    R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2820424 2014-10-15] (CybelSoft)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
    R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Fichier non signé]
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
    R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Fichier non signé]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) [Fichier non signé]
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [Fichier non signé]
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [Fichier non signé]
    S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [Fichier non signé]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
    R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.4.1.758\service_update.exe [3445752 2017-05-04] (YANDEX LLC)


    ===================== Pilotes (Avec liste blanche) ======================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

    R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
    S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
    R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
    S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-24] (CybelSoft)
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
    S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
    R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
    S1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.) [Fichier non signé]
    R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46440 2017-04-06] (SteelSeries ApS)
    R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45896 2017-05-12] (SteelSeries ApS)
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

    ==================== NetSvcs (Avec liste blanche) ===================

    (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


    ==================== Un mois - Créés - fichiers et dossiers ========

    (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

    2017-05-21 16:36 - 2017-05-21 16:37 - 00038490 _____ C:\Users\Francoise\Documents\FRST.txt
    2017-05-21 16:33 - 2017-05-21 16:33 - 00000000 ____D C:\Users\Francoise\Desktop\Nouveau dossier
    2017-05-21 15:53 - 2017-05-21 15:53 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-EARENDIL-LIGHT-Windows-10-Home-(64-bit).dat
    2017-05-21 15:52 - 2017-05-21 15:52 - 00000000 ____D C:\RegBackup
    2017-05-21 07:15 - 2017-05-21 07:15 - 00000000 ____D C:\Users\Francoise\Documents\Modèles Office personnalisés
    2017-05-20 23:05 - 2017-05-20 23:05 - 00002077 _____ C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
    2017-05-20 23:05 - 2017-05-20 23:05 - 00000000 ____D C:\Users\Francoise\AppData\Local\Vivaldi
    2017-05-20 23:01 - 2017-05-20 23:01 - 00023377 _____ C:\Users\Francoise\AppData\Local\recently-used.xbel
    2017-05-20 22:55 - 2017-05-21 15:38 - 00000000 ____D C:\Users\Francoise\AppData\Local\midori
    2017-05-20 22:55 - 2017-05-21 15:20 - 00000000 ____D C:\Users\Francoise\.dbus-keyrings
    2017-05-20 22:55 - 2017-05-20 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Midori
    2017-05-20 22:35 - 2017-05-20 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
    2017-05-20 22:21 - 2017-05-21 09:38 - 00000000 ___RD C:\Users\Francoise\YandexDisk
    2017-05-20 22:21 - 2017-05-20 22:21 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk
    2017-05-20 22:20 - 2017-05-20 22:20 - 00000000 ____D C:\Program Files\Yandex
    2017-05-20 22:13 - 2017-05-21 15:40 - 00000472 _____ C:\WINDOWS\Tasks\Update for Yandex Browser.job
    2017-05-20 22:13 - 2017-05-20 22:13 - 00003540 _____ C:\WINDOWS\System32\Tasks\Update for Yandex Browser
    2017-05-20 22:13 - 2017-05-20 22:13 - 00000000 ____D C:\Users\Francoise\AppData\LocalLow\Yandex
    2017-05-20 22:12 - 2017-05-21 09:35 - 00000510 _____ C:\WINDOWS\Tasks\Mise à jour système du Navigateur Yandex.job
    2017-05-20 22:12 - 2017-05-21 09:35 - 00000486 _____ C:\WINDOWS\Tasks\Mise à jour du navigateur Yandex.job
    2017-05-20 22:12 - 2017-05-20 22:20 - 00000000 ____D C:\Users\Francoise\AppData\Local\Yandex
    2017-05-20 22:12 - 2017-05-20 22:20 - 00000000 ____D C:\ProgramData\Yandex
    2017-05-20 22:12 - 2017-05-20 22:20 - 00000000 ____D C:\Program Files (x86)\Yandex
    2017-05-20 22:12 - 2017-05-20 22:12 - 00003692 _____ C:\WINDOWS\System32\Tasks\Mise à jour système du Navigateur Yandex
    2017-05-20 22:12 - 2017-05-20 22:12 - 00003568 _____ C:\WINDOWS\System32\Tasks\Mise à jour du navigateur Yandex
    2017-05-20 22:12 - 2017-05-20 22:12 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex
    2017-05-20 22:10 - 2017-05-20 22:21 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Yandex
    2017-05-20 21:55 - 2017-05-20 21:55 - 00000986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
    2017-05-20 21:43 - 2017-05-20 21:43 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Moonchild Productions
    2017-05-20 21:43 - 2017-05-20 21:43 - 00000000 ____D C:\Users\Francoise\AppData\Local\Moonchild Productions
    2017-05-20 20:12 - 2017-05-20 20:12 - 00000000 ____D C:\Users\Francoise\AppData\Local\Mixesoft
    2017-05-20 19:25 - 2017-04-28 04:28 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2017-05-20 19:25 - 2017-04-28 03:59 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2017-05-20 19:25 - 2017-04-28 03:56 - 02048488 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-05-20 19:25 - 2017-04-28 03:55 - 00088416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
    2017-05-20 19:25 - 2017-04-28 03:53 - 00616048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2017-05-20 19:25 - 2017-04-28 03:48 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2017-05-20 19:25 - 2017-04-28 03:46 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-05-20 19:25 - 2017-04-28 03:46 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2017-05-20 19:25 - 2017-04-28 03:46 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2017-05-20 19:25 - 2017-04-28 03:45 - 02263832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-05-20 19:25 - 2017-04-28 03:45 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2017-05-20 19:25 - 2017-04-28 03:45 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2017-05-20 19:25 - 2017-04-28 03:45 - 00781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2017-05-20 19:25 - 2017-04-28 03:45 - 00493920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2017-05-20 19:25 - 2017-04-28 03:45 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
    2017-05-20 19:25 - 2017-04-28 03:43 - 02168288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2017-05-20 19:25 - 2017-04-28 03:43 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2017-05-20 19:25 - 2017-04-28 03:43 - 01557224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2017-05-20 19:25 - 2017-04-28 03:43 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2017-05-20 19:25 - 2017-04-28 03:42 - 00601952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2017-05-20 19:25 - 2017-04-28 03:41 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
    2017-05-20 19:25 - 2017-04-28 03:40 - 06665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-05-20 19:25 - 2017-04-28 03:40 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-05-20 19:25 - 2017-04-28 03:40 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-05-20 19:25 - 2017-04-28 03:40 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2017-05-20 19:25 - 2017-04-28 03:40 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2017-05-20 19:25 - 2017-04-28 03:40 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2017-05-20 19:25 - 2017-04-28 03:40 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2017-05-20 19:25 - 2017-04-28 03:40 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
    2017-05-20 19:25 - 2017-04-28 03:39 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-05-20 19:25 - 2017-04-28 03:39 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-05-20 19:25 - 2017-04-28 03:39 - 00962760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2017-05-20 19:25 - 2017-04-28 03:39 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-05-20 19:25 - 2017-04-28 03:38 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2017-05-20 19:25 - 2017-04-28 03:35 - 01414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-05-20 19:25 - 2017-04-28 03:35 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
    2017-05-20 19:25 - 2017-04-28 03:29 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-05-20 19:25 - 2017-04-28 03:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-05-20 19:25 - 2017-04-28 03:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2017-05-20 19:25 - 2017-04-28 03:22 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
    2017-05-20 19:25 - 2017-04-28 03:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-05-20 19:25 - 2017-04-28 03:21 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
    2017-05-20 19:25 - 2017-04-28 03:21 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BthTelemetry.dll
    2017-05-20 19:25 - 2017-04-28 03:20 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
    2017-05-20 19:25 - 2017-04-28 03:20 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
    2017-05-20 19:25 - 2017-04-28 03:19 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
    2017-05-20 19:25 - 2017-04-28 03:19 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2017-05-20 19:25 - 2017-04-28 03:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2017-05-20 19:25 - 2017-04-28 03:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
    2017-05-20 19:25 - 2017-04-28 03:18 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
    2017-05-20 19:25 - 2017-04-28 03:17 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-05-20 19:25 - 2017-04-28 03:17 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
    2017-05-20 19:25 - 2017-04-28 03:17 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
    2017-05-20 19:25 - 2017-04-28 03:17 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2017-05-20 19:25 - 2017-04-28 03:17 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
    2017-05-20 19:25 - 2017-04-28 03:16 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
    2017-05-20 19:25 - 2017-04-28 03:16 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
    2017-05-20 19:25 - 2017-04-28 03:16 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
    2017-05-20 19:25 - 2017-04-28 03:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2017-05-20 19:25 - 2017-04-28 03:16 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
    2017-05-20 19:25 - 2017-04-28 03:16 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2017-05-20 19:25 - 2017-04-28 03:16 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-05-20 19:25 - 2017-04-28 03:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
    2017-05-20 19:25 - 2017-04-28 03:16 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
    2017-05-20 19:25 - 2017-04-28 03:15 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-05-20 19:25 - 2017-04-28 03:15 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
    2017-05-20 19:25 - 2017-04-28 03:15 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2017-05-20 19:25 - 2017-04-28 03:15 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
    2017-05-20 19:25 - 2017-04-28 03:15 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
    2017-05-20 19:25 - 2017-04-28 03:15 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
    2017-05-20 19:25 - 2017-04-28 03:15 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
    2017-05-20 19:25 - 2017-04-28 03:14 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
    2017-05-20 19:25 - 2017-04-28 03:14 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
    2017-05-20 19:25 - 2017-04-28 03:14 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-05-20 19:25 - 2017-04-28 03:13 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
    2017-05-20 19:25 - 2017-04-28 03:13 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
    2017-05-20 19:25 - 2017-04-28 03:12 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
    2017-05-20 19:25 - 2017-04-28 03:12 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
    2017-05-20 19:25 - 2017-04-28 03:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
    2017-05-20 19:25 - 2017-04-28 03:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
    2017-05-20 19:25 - 2017-04-28 03:11 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
    2017-05-20 19:25 - 2017-04-28 03:11 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2017-05-20 19:25 - 2017-04-28 03:10 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
    2017-05-20 19:25 - 2017-04-28 03:10 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
    2017-05-20 19:25 - 2017-04-28 03:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
    2017-05-20 19:25 - 2017-04-28 03:10 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
    2017-05-20 19:25 - 2017-04-28 03:10 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
    2017-05-20 19:25 - 2017-04-28 03:10 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
    2017-05-20 19:25 - 2017-04-28 03:10 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
    2017-05-20 19:25 - 2017-04-28 03:09 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2017-05-20 19:25 - 2017-04-28 03:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
    2017-05-20 19:25 - 2017-04-28 03:09 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-05-20 19:25 - 2017-04-28 03:09 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2017-05-20 19:25 - 2017-04-28 03:09 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
    2017-05-20 19:25 - 2017-04-28 03:08 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-05-20 19:25 - 2017-04-28 03:08 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
    2017-05-20 19:25 - 2017-04-28 03:08 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
    2017-05-20 19:25 - 2017-04-28 03:08 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
    2017-05-20 19:25 - 2017-04-28 03:08 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
    2017-05-20 19:25 - 2017-04-28 03:07 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2017-05-20 19:25 - 2017-04-28 03:07 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2017-05-20 19:25 - 2017-04-28 03:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2017-05-20 19:25 - 2017-04-28 03:06 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-05-20 19:25 - 2017-04-28 03:06 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
    2017-05-20 19:25 - 2017-04-28 03:06 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2017-05-20 19:25 - 2017-04-28 03:06 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2017-05-20 19:25 - 2017-04-28 03:05 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-05-20 19:25 - 2017-04-28 03:05 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-05-20 19:25 - 2017-04-28 03:05 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2017-05-20 19:25 - 2017-04-28 03:05 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
    2017-05-20 19:25 - 2017-04-28 03:04 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2017-05-20 19:25 - 2017-04-28 03:03 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2017-05-20 19:25 - 2017-04-28 03:03 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
    2017-05-20 19:25 - 2017-04-28 03:03 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
    2017-05-20 19:25 - 2017-04-28 03:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
    2017-05-20 19:25 - 2017-04-28 03:03 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsnt.dll
    2017-05-20 19:25 - 2017-04-28 03:03 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
    2017-05-20 19:25 - 2017-04-28 03:02 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2017-05-20 19:25 - 2017-04-28 03:01 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
    2017-05-20 19:25 - 2017-04-28 03:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2017-05-20 19:25 - 2017-04-28 03:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
    2017-05-20 19:25 - 2017-04-28 03:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
    2017-05-20 19:25 - 2017-04-28 03:01 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
    2017-05-20 19:25 - 2017-04-28 03:00 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2017-05-20 19:25 - 2017-04-28 03:00 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-05-20 19:25 - 2017-04-28 03:00 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
    2017-05-20 19:25 - 2017-04-28 02:59 - 02154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
    2017-05-20 19:25 - 2017-04-28 02:59 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
    2017-05-20 19:25 - 2017-04-28 02:59 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
    2017-05-20 19:25 - 2017-04-28 02:58 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2017-05-20 19:25 - 2017-04-28 02:58 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
    2017-05-20 19:25 - 2017-04-28 02:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
    2017-05-20 19:25 - 2017-04-28 02:58 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
    2017-05-20 19:25 - 2017-04-28 02:58 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-05-20 19:25 - 2017-04-28 02:57 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2017-05-20 19:25 - 2017-04-28 02:57 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2017-05-20 19:25 - 2017-04-28 02:57 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
    2017-05-20 19:25 - 2017-04-28 02:57 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
    2017-05-20 19:25 - 2017-04-28 02:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
    2017-05-20 19:25 - 2017-04-28 02:56 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
    2017-05-20 19:25 - 2017-04-28 02:56 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
    2017-05-20 19:25 - 2017-04-28 02:56 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2017-05-20 19:25 - 2017-04-28 02:56 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
    2017-05-20 19:25 - 2017-04-28 02:55 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-05-20 19:25 - 2017-04-28 02:55 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-05-20 19:25 - 2017-04-28 02:55 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
    2017-05-20 19:25 - 2017-04-28 02:55 - 01413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2017-05-20 19:25 - 2017-04-28 02:55 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
    2017-05-20 19:25 - 2017-04-28 02:55 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2017-05-20 19:25 - 2017-04-28 02:55 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2017-05-20 19:25 - 2017-04-28 02:54 - 02747904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2017-05-20 19:25 - 2017-04-28 02:54 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2017-05-20 19:25 - 2017-04-28 02:54 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-05-20 19:25 - 2017-04-28 02:54 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2017-05-20 19:25 - 2017-04-28 02:54 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
    2017-05-20 19:25 - 2017-04-28 02:54 - 00967680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2017-05-20 19:25 - 2017-04-28 02:54 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
    2017-05-20 19:25 - 2017-04-28 02:54 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2017-05-20 19:25 - 2017-04-28 02:54 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2017-05-20 19:25 - 2017-04-28 02:54 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
    2017-05-20 19:25 - 2017-04-28 02:53 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
    2017-05-20 19:25 - 2017-04-28 02:53 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2017-05-20 19:25 - 2017-04-28 02:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2017-05-20 19:25 - 2017-04-28 02:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2017-05-20 19:25 - 2017-04-28 02:52 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
    2017-05-20 19:25 - 2017-04-28 02:52 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-05-20 19:25 - 2017-04-28 02:52 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2017-05-20 19:25 - 2017-04-28 02:52 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-05-20 19:25 - 2017-04-28 02:50 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2017-05-20 19:25 - 2017-04-28 02:30 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-05-20 19:24 - 2017-04-28 03:58 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2017-05-20 19:24 - 2017-04-28 03:57 - 00794928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2017-05-20 19:24 - 2017-04-28 03:53 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2017-05-20 19:24 - 2017-04-28 03:53 - 00774224 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2017-05-20 19:24 - 2017-04-28 03:40 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-05-20 19:24 - 2017-04-28 03:40 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2017-05-20 19:24 - 2017-04-28 03:40 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2017-05-20 19:24 - 2017-04-28 03:38 - 00847200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2017-05-20 19:24 - 2017-04-28 03:36 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
    2017-05-20 19:24 - 2017-04-28 03:36 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-05-20 19:24 - 2017-04-28 03:35 - 08170600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-05-20 19:24 - 2017-04-28 03:35 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-05-20 19:24 - 2017-04-28 03:35 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-05-20 19:24 - 2017-04-28 03:35 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2017-05-20 19:24 - 2017-04-28 03:35 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2017-05-20 19:24 - 2017-04-28 03:35 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2017-05-20 19:24 - 2017-04-28 03:34 - 22220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-05-20 19:24 - 2017-04-28 03:34 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2017-05-20 19:24 - 2017-04-28 03:34 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
    2017-05-20 19:24 - 2017-04-28 03:34 - 00244824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-05-20 19:24 - 2017-04-28 03:28 - 00453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2017-05-20 19:24 - 2017-04-28 03:28 - 00387864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-05-20 19:24 - 2017-04-28 03:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
    2017-05-20 19:24 - 2017-04-28 03:07 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2017-05-20 19:24 - 2017-04-28 03:04 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2017-05-20 19:24 - 2017-04-28 03:03 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys
    2017-05-20 19:24 - 2017-04-28 03:02 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-05-20 19:24 - 2017-04-28 03:02 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2017-05-20 19:24 - 2017-04-28 03:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
    2017-05-20 19:24 - 2017-04-28 03:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
    2017-05-20 19:24 - 2017-04-28 03:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2017-05-20 19:24 - 2017-04-28 03:00 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2017-05-20 19:24 - 2017-04-28 03:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
    2017-05-20 19:24 - 2017-04-28 03:00 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2017-05-20 19:24 - 2017-04-28 03:00 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
    2017-05-20 19:24 - 2017-04-28 02:59 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
    2017-05-20 19:24 - 2017-04-28 02:59 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2017-05-20 19:24 - 2017-04-28 02:58 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
    2017-05-20 19:24 - 2017-04-28 02:58 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2017-05-20 19:24 - 2017-04-28 02:58 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-05-20 19:24 - 2017-04-28 02:57 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
    2017-05-20 19:24 - 2017-04-28 02:57 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2017-05-20 19:24 - 2017-04-28 02:57 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
    2017-05-20 19:24 - 2017-04-28 02:57 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
    2017-05-20 19:24 - 2017-04-28 02:56 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-05-20 19:24 - 2017-04-28 02:56 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
    2017-05-20 19:24 - 2017-04-28 02:56 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
    2017-05-20 19:24 - 2017-04-28 02:56 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-05-20 19:24 - 2017-04-28 02:56 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-05-20 19:24 - 2017-04-28 02:55 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
    2017-05-20 19:24 - 2017-04-28 02:55 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
    2017-05-20 19:24 - 2017-04-28 02:55 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
    2017-05-20 19:24 - 2017-04-28 02:54 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2017-05-20 19:24 - 2017-04-28 02:53 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-05-20 19:24 - 2017-04-28 02:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2017-05-20 19:24 - 2017-04-28 02:53 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
    2017-05-20 19:24 - 2017-04-28 02:53 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2017-05-20 19:24 - 2017-04-28 02:53 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
    2017-05-20 19:24 - 2017-04-28 02:51 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2017-05-20 19:24 - 2017-04-28 02:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
    2017-05-20 19:24 - 2017-04-28 02:51 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2017-05-20 19:24 - 2017-04-28 02:50 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2017-05-20 19:24 - 2017-04-28 02:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
    2017-05-20 19:24 - 2017-04-28 02:49 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2017-05-20 19:24 - 2017-04-28 02:47 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-05-20 19:24 - 2017-04-28 02:47 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2017-05-20 19:24 - 2017-04-28 02:47 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2017-05-20 19:24 - 2017-04-28 02:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
    2017-05-20 19:24 - 2017-04-28 02:45 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-05-20 19:24 - 2017-04-28 02:45 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2017-05-20 19:24 - 2017-04-28 02:45 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2017-05-20 19:24 - 2017-04-28 02:44 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2017-05-20 19:24 - 2017-04-28 02:44 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
    2017-05-20 19:24 - 2017-04-28 02:44 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
    2017-05-20 19:24 - 2017-04-28 02:44 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-05-20 19:24 - 2017-04-28 02:43 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2017-05-20 19:24 - 2017-04-28 02:43 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
    2017-05-20 19:24 - 2017-04-28 02:43 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
    2017-05-20 19:24 - 2017-04-28 02:43 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2017-05-20 19:24 - 2017-04-28 02:43 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2017-05-20 19:24 - 2017-04-28 02:42 - 13441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2017-05-20 19:24 - 2017-04-28 02:42 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2017-05-20 19:24 - 2017-04-28 02:42 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2017-05-20 19:24 - 2017-04-28 02:41 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
    2017-05-20 19:24 - 2017-04-28 02:41 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-05-20 19:24 - 2017-04-28 02:41 - 00860160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
    2017-05-20 19:24 - 2017-04-28 02:41 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
    2017-05-20 19:24 - 2017-04-28 02:40 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2017-05-20 19:24 - 2017-04-28 02:39 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2017-05-20 19:24 - 2017-04-28 02:39 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
    2017-05-20 19:24 - 2017-04-28 02:38 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
    2017-05-20 19:24 - 2017-04-28 02:38 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
    2017-05-20 19:24 - 2017-04-28 02:38 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
    2017-05-20 19:24 - 2017-04-28 02:37 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2017-05-20 19:24 - 2017-04-28 02:37 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2017-05-20 19:24 - 2017-04-28 02:37 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2017-05-20 19:24 - 2017-04-28 02:37 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-05-20 19:24 - 2017-04-28 02:37 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
    2017-05-20 19:24 - 2017-04-28 02:37 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2017-05-20 19:24 - 2017-04-28 02:37 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-05-20 19:24 - 2017-04-28 02:36 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-05-20 19:24 - 2017-04-28 02:35 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
    2017-05-20 19:24 - 2017-04-28 02:34 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2017-05-20 19:24 - 2017-04-28 02:34 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
    2017-05-20 19:24 - 2017-04-28 02:34 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
    2017-05-20 19:23 - 2017-04-28 03:57 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2017-05-20 19:23 - 2017-04-28 03:53 - 07784288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-05-20 19:23 - 2017-04-28 03:52 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2017-05-20 19:23 - 2017-04-28 03:49 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2017-05-20 19:23 - 2017-04-28 03:46 - 00410464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
    2017-05-20 19:23 - 2017-04-28 03:42 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2017-05-20 19:23 - 2017-04-28 03:40 - 02759704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-05-20 19:23 - 2017-04-28 03:40 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-05-20 19:23 - 2017-04-28 03:40 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2017-05-20 19:23 - 2017-04-28 03:40 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2017-05-20 19:23 - 2017-04-28 03:40 - 00578400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2017-05-20 19:23 - 2017-04-28 03:40 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2017-05-20 19:23 - 2017-04-28 03:40 - 00026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2017-05-20 19:23 - 2017-04-28 03:38 - 02915704 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2017-05-20 19:23 - 2017-04-28 03:38 - 01852200 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2017-05-20 19:23 - 2017-04-28 03:38 - 00431968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2017-05-20 19:23 - 2017-04-28 03:34 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-05-20 19:23 - 2017-04-28 03:34 - 01277824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2017-05-20 19:23 - 2017-04-28 03:34 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-05-20 19:23 - 2017-04-28 03:30 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-05-20 19:23 - 2017-04-28 03:21 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
    2017-05-20 19:23 - 2017-04-28 03:19 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2017-05-20 19:23 - 2017-04-28 03:15 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-05-20 19:23 - 2017-04-28 03:15 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2017-05-20 19:23 - 2017-04-28 03:14 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-05-20 19:23 - 2017-04-28 03:14 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2017-05-20 19:23 - 2017-04-28 03:12 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2017-05-20 19:23 - 2017-04-28 03:12 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2017-05-20 19:23 - 2017-04-28 03:11 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2017-05-20 19:23 - 2017-04-28 03:10 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-05-20 19:23 - 2017-04-28 03:08 - 18365440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-05-20 19:23 - 2017-04-28 03:06 - 22569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-05-20 19:23 - 2017-04-28 03:06 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2017-05-20 19:23 - 2017-04-28 03:05 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-05-20 19:23 - 2017-04-28 03:05 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-05-20 19:23 - 2017-04-28 03:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
    2017-05-20 19:23 - 2017-04-28 03:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-05-20 19:23 - 2017-04-28 03:01 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2017-05-20 19:23 - 2017-04-28 03:01 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
    2017-05-20 19:23 - 2017-04-28 03:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-05-20 19:23 - 2017-04-28 02:59 - 12187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-05-20 19:23 - 2017-04-28 02:59 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2017-05-20 19:23 - 2017-04-28 02:58 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
    2017-05-20 19:23 - 2017-04-28 02:58 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2017-05-20 19:23 - 2017-04-28 02:58 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
    2017-05-20 19:23 - 2017-04-28 02:58 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
    2017-05-20 19:23 - 2017-04-28 02:57 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
    2017-05-20 19:23 - 2017-04-28 02:57 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
    2017-05-20 19:23 - 2017-04-28 02:57 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
    2017-05-20 19:23 - 2017-04-28 02:57 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
    2017-05-20 19:23 - 2017-04-28 02:57 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-05-20 19:23 - 2017-04-28 02:57 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2017-05-20 19:23 - 2017-04-28 02:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2017-05-20 19:23 - 2017-04-28 02:56 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
    2017-05-20 19:23 - 2017-04-28 02:56 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2017-05-20 19:23 - 2017-04-28 02:56 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-05-20 19:23 - 2017-04-28 02:56 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2017-05-20 19:23 - 2017-04-28 02:56 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
    2017-05-20 19:23 - 2017-04-28 02:56 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2017-05-20 19:23 - 2017-04-28 02:55 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-05-20 19:23 - 2017-04-28 02:55 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
    2017-05-20 19:23 - 2017-04-28 02:55 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2017-05-20 19:23 - 2017-04-28 02:55 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2017-05-20 19:23 - 2017-04-28 02:55 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
    2017-05-20 19:23 - 2017-04-28 02:54 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-05-20 19:23 - 2017-04-28 02:54 - 02027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2017-05-20 19:23 - 2017-04-28 02:54 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2017-05-20 19:23 - 2017-04-28 02:54 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
    2017-05-20 19:23 - 2017-04-28 02:54 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2017-05-20 19:23 - 2017-04-28 02:54 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-05-20 19:23 - 2017-04-28 02:54 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
    2017-05-20 19:23 - 2017-04-28 02:53 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
    2017-05-20 19:23 - 2017-04-28 02:53 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
    2017-05-20 19:23 - 2017-04-28 02:51 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2017-05-20 19:23 - 2017-04-28 02:51 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2017-05-20 19:23 - 2017-04-28 02:51 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
    2017-05-20 19:23 - 2017-04-28 02:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2017-05-20 19:23 - 2017-04-28 02:51 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
    2017-05-20 19:23 - 2017-04-28 02:49 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-05-20 19:23 - 2017-04-28 02:49 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
    2017-05-20 19:23 - 2017-04-28 02:49 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
    2017-05-20 19:23 - 2017-04-28 02:48 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
    2017-05-20 19:23 - 2017-04-28 02:47 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-05-20 19:23 - 2017-04-28 02:47 - 03290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2017-05-20 19:23 - 2017-04-28 02:47 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2017-05-20 19:23 - 2017-04-28 02:47 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-05-20 19:23 - 2017-04-28 02:46 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
    2017-05-20 19:23 - 2017-04-28 02:46 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
    2017-05-20 19:23 - 2017-04-28 02:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
    2017-05-20 19:23 - 2017-04-28 02:45 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
    2017-05-20 19:23 - 2017-04-28 02:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2017-05-20 19:23 - 2017-04-28 02:45 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
    2017-05-20 19:23 - 2017-04-28 02:44 - 13091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-05-20 19:23 - 2017-04-28 02:44 - 04749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2017-05-20 19:23 - 2017-04-28 02:44 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2017-05-20 19:23 - 2017-04-28 02:44 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
    2017-05-20 19:23 - 2017-04-28 02:44 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
    2017-05-20 19:23 - 2017-04-28 02:43 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
    2017-05-20 19:23 - 2017-04-28 02:43 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2017-05-20 19:23 - 2017-04-28 02:43 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
    2017-05-20 19:23 - 2017-04-28 02:43 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2017-05-20 19:23 - 2017-04-28 02:42 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-05-20 19:23 - 2017-04-28 02:42 - 01021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2017-05-20 19:23 - 2017-04-28 02:42 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-05-20 19:23 - 2017-04-28 02:42 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2017-05-20 19:23 - 2017-04-28 02:41 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2017-05-20 19:23 - 2017-04-28 02:41 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2017-05-20 19:23 - 2017-04-28 02:41 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2017-05-20 19:23 - 2017-04-28 02:41 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-05-20 19:23 - 2017-04-28 02:40 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-05-20 19:23 - 2017-04-28 02:40 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2017-05-20 19:23 - 2017-04-28 02:40 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
    2017-05-20 19:23 - 2017-04-28 02:40 - 02096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2017-05-20 19:23 - 2017-04-28 02:40 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
    2017-05-20 19:23 - 2017-04-28 02:40 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2017-05-20 19:23 - 2017-04-28 02:40 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2017-05-20 19:23 - 2017-04-28 02:38 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2017-05-20 19:23 - 2017-04-28 02:38 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-05-20 19:23 - 2017-04-28 02:38 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2017-05-20 19:23 - 2017-04-28 02:37 - 04744192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-05-20 19:23 - 2017-04-28 02:37 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-05-20 19:23 - 2017-04-28 02:37 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-05-20 19:23 - 2017-04-28 02:37 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-05-20 19:23 - 2017-04-28 02:37 - 02216960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2017-05-20 19:23 - 2017-04-28 02:37 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-05-20 19:23 - 2017-04-28 02:37 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2017-05-20 19:23 - 2017-04-28 02:37 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2017-05-20 19:23 - 2017-04-28 02:36 - 03613184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-05-20 19:23 - 2017-04-28 02:36 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-05-20 19:23 - 2017-04-28 02:36 - 02478080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2017-05-20 19:23 - 2017-04-28 02:36 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2017-05-20 19:23 - 2017-04-28 02:36 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-05-20 19:23 - 2017-04-28 02:36 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
    2017-05-20 19:23 - 2017-04-28 02:36 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2017-05-20 19:23 - 2017-04-28 02:36 - 00735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-05-20 19:23 - 2017-04-28 02:35 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-05-20 19:23 - 2017-04-28 02:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
    2017-05-20 19:22 - 2017-04-28 03:56 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2017-05-20 19:22 - 2017-04-28 03:49 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-05-20 19:22 - 2017-04-28 03:49 - 00700936 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2017-05-20 19:22 - 2017-04-28 03:47 - 00699744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2017-05-20 19:22 - 2017-04-28 03:47 - 00501088 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
    2017-05-20 19:22 - 2017-04-28 03:44 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
    2017-05-20 19:22 - 2017-04-28 03:42 - 00526176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2017-05-20 19:22 - 2017-04-28 03:40 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
    2017-05-20 19:22 - 2017-04-28 03:39 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-05-20 19:22 - 2017-04-28 03:38 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2017-05-20 19:22 - 2017-04-28 03:38 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2017-05-20 19:22 - 2017-04-28 03:34 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-05-20 19:22 - 2017-04-28 03:30 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
    2017-05-20 19:22 - 2017-04-28 03:28 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-05-20 19:22 - 2017-04-28 03:19 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-05-20 19:22 - 2017-04-28 03:10 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-05-20 19:22 - 2017-04-28 03:03 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-05-20 19:22 - 2017-04-28 03:03 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll
    2017-05-20 19:22 - 2017-04-28 03:02 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
    2017-05-20 19:22 - 2017-04-28 03:01 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
    2017-05-20 19:22 - 2017-04-28 03:01 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
    2017-05-20 19:22 - 2017-04-28 03:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
    2017-05-20 19:22 - 2017-04-28 03:01 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
    2017-05-20 19:22 - 2017-04-28 03:00 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
    2017-05-20 19:22 - 2017-04-28 03:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
    2017-05-20 19:22 - 2017-04-28 03:00 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
    2017-05-20 19:22 - 2017-04-28 03:00 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2017-05-20 19:22 - 2017-04-28 03:00 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
    2017-05-20 19:22 - 2017-04-28 03:00 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
    2017-05-20 19:22 - 2017-04-28 02:59 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
    2017-05-20 19:22 - 2017-04-28 02:59 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
    2017-05-20 19:22 - 2017-04-28 02:59 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
    2017-05-20 19:22 - 2017-04-28 02:59 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
    2017-05-20 19:22 - 2017-04-28 02:58 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
    2017-05-20 19:22 - 2017-04-28 02:58 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
    2017-05-20 19:22 - 2017-04-28 02:58 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
    2017-05-20 19:22 - 2017-04-28 02:58 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsentUX.dll
    2017-05-20 19:22 - 2017-04-28 02:57 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
    2017-05-20 19:22 - 2017-04-28 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2017-05-20 19:22 - 2017-04-28 02:57 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2017-05-20 19:22 - 2017-04-28 02:57 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
    2017-05-20 19:22 - 2017-04-28 02:56 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
    2017-05-20 19:22 - 2017-04-28 02:56 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2017-05-20 19:22 - 2017-04-28 02:56 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
    2017-05-20 19:22 - 2017-04-28 02:56 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-05-20 19:22 - 2017-04-28 02:56 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
    2017-05-20 19:22 - 2017-04-28 02:55 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2017-05-20 19:22 - 2017-04-28 02:55 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
    2017-05-20 19:22 - 2017-04-28 02:55 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
    2017-05-20 19:22 - 2017-04-28 02:55 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
    2017-05-20 19:22 - 2017-04-28 02:54 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2017-05-20 19:22 - 2017-04-28 02:54 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2017-05-20 19:22 - 2017-04-28 02:50 - 01476608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2017-05-20 19:22 - 2017-04-28 02:50 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
    2017-05-20 19:22 - 2017-04-28 02:50 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll
    2017-05-20 19:22 - 2017-04-28 02:48 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-05-20 19:22 - 2017-04-28 02:48 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
    2017-05-20 19:22 - 2017-04-28 02:47 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
    2017-05-20 19:22 - 2017-04-28 02:46 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
    2017-05-20 19:22 - 2017-04-28 02:46 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
    2017-05-20 19:22 - 2017-04-28 02:46 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
    2017-05-20 19:22 - 2017-04-28 02:46 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2017-05-20 19:22 - 2017-04-28 02:45 - 00946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
    2017-05-20 19:22 - 2017-04-28 02:45 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
    2017-05-20 19:22 - 2017-04-28 02:45 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
    2017-05-20 19:22 - 2017-04-28 02:44 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
    2017-05-20 19:22 - 2017-04-28 02:44 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-05-20 19:22 - 2017-04-28 02:44 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
    2017-05-20 19:22 - 2017-04-28 02:43 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2017-05-20 19:22 - 2017-04-28 02:43 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2017-05-20 19:22 - 2017-04-28 02:43 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
    2017-05-20 19:22 - 2017-04-28 02:42 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-05-20 19:22 - 2017-04-28 02:41 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2017-05-20 19:22 - 2017-04-28 02:41 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
    2017-05-20 19:22 - 2017-04-28 02:41 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
    2017-05-20 19:22 - 2017-04-28 02:40 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2017-05-20 19:22 - 2017-04-28 02:40 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2017-05-20 19:22 - 2017-04-28 02:40 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2017-05-20 19:22 - 2017-04-28 02:40 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2017-05-20 19:22 - 2017-04-28 02:40 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2017-05-20 19:22 - 2017-04-28 02:39 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2017-05-20 19:22 - 2017-04-28 02:37 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2017-05-20 19:22 - 2017-04-28 02:36 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2017-05-20 19:22 - 2017-04-28 02:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
    2017-05-20 19:22 - 2017-04-28 02:33 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2017-05-20 12:52 - 2017-05-20 12:52 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Micro Application
    2017-05-20 12:15 - 2017-05-20 12:16 - 00490188 _____ C:\WINDOWS\Minidump\052017-47453-01.dmp
    2017-05-20 12:12 - 2017-05-21 16:24 - 00000000 ____D C:\FRST
    2017-05-20 12:09 - 2017-05-21 16:20 - 02429952 _____ (Farbar) C:\Users\Francoise\Documents\FRST64.exe
    2017-05-20 12:03 - 2017-05-20 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2017-05-20 11:44 - 2017-05-20 12:03 - 00030206 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2017-05-20 11:39 - 2017-05-20 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Micro Application
    2017-05-20 11:38 - 2017-05-20 11:38 - 00000000 ____D C:\ProgramData\Micro Application
    2017-05-20 11:06 - 2017-05-20 11:06 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\AlderGames
    2017-05-12 21:48 - 2017-05-12 21:48 - 01804672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
    2017-05-04 23:46 - 2017-05-21 10:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-05-04 23:19 - 2017-05-04 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com


    ==================== Un mois - Modifiés - fichiers et dossiers ========

    (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

    2021-10-21 16:36 - 2013-12-28 02:18 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC.dat
    2021-10-04 10:34 - 2013-12-28 02:18 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
    2017-05-21 15:40 - 2016-12-29 18:18 - 00000000 ____D C:\Users\Francoise\AppData\LocalLow\Mozilla
    2017-05-21 14:44 - 2014-08-27 20:54 - 00000000 ____D C:\Users\Francoise\AppData\Local\CrashDumps
    2017-05-21 14:19 - 2016-12-19 16:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-05-21 10:07 - 2014-08-26 17:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-05-21 09:45 - 2016-07-16 14:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-05-21 09:44 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-05-21 09:36 - 2015-10-22 14:15 - 00000000 __SHD C:\Users\Francoise\IntelGraphicsProfiles
    2017-05-21 09:34 - 2016-12-19 17:02 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-05-21 07:38 - 2016-12-19 17:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-05-21 07:37 - 2016-07-16 09:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
    2017-05-21 07:32 - 2016-07-16 14:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-05-21 07:30 - 2016-07-22 21:33 - 00002479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
    2017-05-21 07:29 - 2013-12-28 02:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-05-21 07:19 - 2014-08-26 10:30 - 00000000 ____D C:\Users\Francoise\AppData\Local\Packages
    2017-05-21 05:38 - 2016-12-19 18:53 - 00407510 _____ C:\WINDOWS\system32\prfh0416.dat
    2017-05-21 05:38 - 2016-12-19 18:53 - 00116528 _____ C:\WINDOWS\system32\prfc0416.dat
    2017-05-21 05:38 - 2016-07-17 01:40 - 00793460 _____ C:\WINDOWS\system32\perfh00C.dat
    2017-05-21 05:38 - 2016-07-17 01:40 - 00161382 _____ C:\WINDOWS\system32\perfc00C.dat
    2017-05-21 05:38 - 2016-07-16 14:45 - 00000000 ____D C:\WINDOWS\INF
    2017-05-21 05:38 - 2015-10-02 16:47 - 02503772 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-05-21 05:33 - 2016-04-27 08:50 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-05-21 05:29 - 2016-12-19 16:58 - 00320336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ___SD C:\WINDOWS\system32\F12
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ___RD C:\Program Files\Windows Defender
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\Provisioning
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-05-20 23:59 - 2016-07-16 14:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2017-05-20 23:59 - 2016-07-16 09:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2017-05-20 23:28 - 2016-07-16 14:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-05-20 22:55 - 2016-12-19 17:06 - 00000000 ____D C:\Users\Francoise
    2017-05-20 22:35 - 2016-07-27 00:20 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
    2017-05-20 22:00 - 2014-08-26 17:03 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\Mozilla
    2017-05-20 21:43 - 2014-08-27 20:27 - 00000000 ____D C:\aaa
    2017-05-20 19:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2017-05-20 19:26 - 2014-08-26 16:28 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-05-20 19:18 - 2014-08-26 16:28 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-05-20 13:33 - 2016-12-19 17:36 - 00004772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2017-05-20 13:33 - 2014-09-02 18:34 - 00000000 ____D C:\Users\Francoise\AppData\Local\Adobe
    2017-05-20 13:32 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-05-20 13:32 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2017-05-20 13:27 - 2017-01-24 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-05-20 13:27 - 2017-01-24 17:21 - 00000000 ____D C:\Program Files (x86)\Java
    2017-05-20 13:27 - 2014-09-08 15:45 - 00000000 ____D C:\ProgramData\Oracle
    2017-05-20 13:27 - 2014-09-08 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    2017-05-20 13:25 - 2017-01-24 17:22 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2017-05-20 12:29 - 2016-12-18 14:10 - 00000000 ____D C:\Users\Francoise\AppData\Roaming\steelseries-engine-3-client
    2017-05-20 12:22 - 2016-12-19 17:06 - 00000000 ____D C:\Users\UpdatusUser
    2017-05-20 12:15 - 2017-01-22 11:27 - 00000000 ____D C:\WINDOWS\Minidump
    2017-05-20 12:15 - 2016-12-08 12:32 - 1131878437 _____ C:\WINDOWS\MEMORY.DMP
    2017-05-20 11:53 - 2015-02-12 21:57 - 00002541 _____ C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
    2017-05-20 11:50 - 2017-02-23 16:31 - 00003994 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1469535058
    2017-05-20 11:50 - 2016-07-26 15:11 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    2017-05-20 11:50 - 2016-07-26 15:10 - 00000000 ____D C:\Program Files (x86)\Opera
    2017-05-12 21:48 - 2016-12-07 02:57 - 00045896 _____ (SteelSeries ApS) C:\WINDOWS\system32\Drivers\sshid.sys
    2017-05-04 23:53 - 2014-08-26 16:59 - 00000000 ____D C:\Users\Francoise\AppData\Local\Google
    2017-05-04 23:35 - 2014-08-26 16:59 - 00000000 ____D C:\Program Files (x86)\Google
    2017-05-04 22:50 - 2016-12-19 17:36 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-05-04 22:44 - 2016-12-20 17:14 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3610230612-1959919224-871680787-1002UA1d25acb5cd69609
    2017-05-04 22:44 - 2016-12-20 17:14 - 00003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3610230612-1959919224-871680787-1002Core1d25acb55fc06ae
    2017-04-29 03:59 - 2016-07-16 14:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-04-29 03:59 - 2016-07-16 14:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-04-28 04:01 - 2016-12-19 17:01 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2017-04-25 13:23 - 2014-08-27 20:50 - 00000000 ____D C:\Users\Francoise\.gimp-2.8
    2017-04-25 13:17 - 2014-10-20 18:37 - 00000000 ____D C:\Users\Francoise\AppData\Local\gtk-2.0

    ==================== Fichiers à la racine de certains dossiers =======

    2017-01-21 16:54 - 2017-04-09 11:23 - 0000600 _____ () C:\Users\Francoise\AppData\Roaming\winscp.rnd
    2014-11-24 17:43 - 2017-02-24 17:55 - 0053760 _____ () C:\Users\Francoise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-05-20 23:01 - 2017-05-20 23:01 - 0023377 _____ () C:\Users\Francoise\AppData\Local\recently-used.xbel
    2014-11-24 22:49 - 2014-11-24 22:49 - 0000057 _____ () C:\ProgramData\Ament.ini
    2016-12-19 17:03 - 2016-12-19 17:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-08-28 00:19 - 2015-01-24 17:44 - 0003426 _____ () C:\ProgramData\hpzinstall.log
    2014-11-24 19:13 - 2014-11-24 19:13 - 0005098 _____ () C:\ProgramData\vczcspay.tpu

    Certains fichiers dans TEMP:
    ====================
    2017-04-02 15:53 - 2017-04-02 15:55 - 105535336 _____ () C:\Users\Francoise\AppData\Local\Temp\228E.exe
    2008-08-25 11:31 - 2008-08-25 11:31 - 242743296 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe
    2009-03-16 19:38 - 2009-03-16 19:38 - 1914000 _____ (Adobe Systems Incorporated) C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe
    2017-01-24 16:35 - 2017-01-24 16:35 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe
    2017-05-20 13:23 - 2017-05-20 13:23 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe
    2016-12-28 13:39 - 2017-01-12 21:10 - 2858376 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe
    2017-02-21 17:29 - 2017-02-21 17:29 - 2903480 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe
    2017-03-23 20:42 - 2017-03-23 20:42 - 2982992 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe
    2008-12-15 18:34 - 2008-12-15 18:34 - 2585872 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe
    2006-12-07 13:43 - 2006-12-07 13:43 - 8100680 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe

    ==================== Bamital & volsnap ======================

    (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

    C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
    C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
    C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
    C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
    C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
    C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
    C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
    C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
    C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
    C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
    C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
    C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
    C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
    C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
    C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

    LastRegBack: 2017-03-21 15:45

    ==================== Fin de FRST.txt ============================

    Thank you very much for your help and for finding the truth about that new virus type.
    Attached Files Attached Files
    Last edited by tashi; 2017-05-22 at 02:06. Reason: Copy pasted log into topic. provided link to issues.

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,557

    Default

    Welcome

    When you run FRST first time it should had created another txt file
    Addition.txt

    Can you locate this and copy and paste it into your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Member
    Join Date
    May 2014
    Posts
    73

    Red face

    Here is Addition p1 and p2.

    Thank you.
    Attached Files Attached Files

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,557

    Default

    I predict we have a few issues related to language, it is hard to translate french to english but we will continue.
    ****************************

    Start FRST (Please double-click on FRST/FRST64) with Administrator privileges

    Right click on the script created below and select Copy.[It begins with Start::]


    Start::
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-20] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-20] (Oracle Corporation)
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=
    2017-04-02 15:53 - 2017-04-02 15:55 - 105535336 _____ () C:\Users\Francoise\AppData\Local\Temp\228E.exe
    2008-08-25 11:31 - 2008-08-25 11:31 - 242743296 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe
    2009-03-16 19:38 - 2009-03-16 19:38 - 1914000 _____ (Adobe Systems Incorporated) C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe
    2017-01-24 16:35 - 2017-01-24 16:35 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe
    2017-05-20 13:23 - 2017-05-20 13:23 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe
    2016-12-28 13:39 - 2017-01-12 21:10 - 2858376 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe
    2017-02-21 17:29 - 2017-02-21 17:29 - 2903480 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe
    2017-03-23 20:42 - 2017-03-23 20:42 - 2982992 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe
    2008-12-15 18:34 - 2008-12-15 18:34 - 2585872 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe
    2006-12-07 13:43 - 2006-12-07 13:43 - 8100680 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Pas de fichier
    Task: {0B7D69F0-8C95-42CB-A499-E24D1B8B9482} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
    Task: {614FF4A2-C57A-411F-90B2-03260DE99E05} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
    Task: {6C4B3157-B581-42DF-80E4-2AD927D09E7C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
    Task: {89CD61D1-1947-40CF-A633-A02CA31EF2D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
    Task: {951AE104-974A-424B-AC10-607338DA5222} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
    Task: {A7F3D7B0-0A9C-4251-AAD5-EF6F1434E287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
    Task: {AAAF8CC1-1AA2-47E0-8C62-152B4A0CCA8E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
    Task: {B82AEADE-CD01-47C9-A8A0-B665ADE7BD99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
    Task: {BBD43C31-CFA2-4E2E-B5EA-CCB7E72FD4E8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
    Task: {CB9D70F7-BA2F-48F9-8877-3E681F8368A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
    Task: {F968BCFC-807A-41B2-B1E2-484E4E334945} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
    EmptyTemp:
    End::


    NEXT**
    Press the Fix button.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.

    ****************
    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ***********************************

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here

    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"

    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Please paste the log back into this thread for review

    • Exit Malwarebytes


    **********

    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    Malwarebytes log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  5. #5
    Member
    Join Date
    May 2014
    Posts
    73

    Default

    I'll put all Windows 10 in english, sorry. I suppose it can switch languages.

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,557

    Default

    Quote Originally Posted by waterreedshimmer View Post
    I'll put all Windows 10 in english, sorry. I suppose it can switch languages.
    we can continue in french if need be.

    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    Malwarebytes log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  7. #7
    Member
    Join Date
    May 2014
    Posts
    73

    Smile

    Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 22-05-2017
    Exécuté par Francoise (23-05-2017 10:38:41) Run:2
    Exécuté depuis C:\Users\Francoise\Documents\auto launch with security\frst in french
    Profils chargés: Francoise (Profils disponibles: UpdatusUser & Francoise)
    Mode d'amorçage: Normal
    ==============================================

    fixlist contenu:
    *****************

    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-20] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-20] (Oracle Corporation)
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=
    2017-04-02 15:53 - 2017-04-02 15:55 - 105535336 _____ () C:\Users\Francoise\AppData\Local\Temp\228E.exe
    2008-08-25 11:31 - 2008-08-25 11:31 - 242743296 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe
    2009-03-16 19:38 - 2009-03-16 19:38 - 1914000 _____ (Adobe Systems Incorporated) C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe
    2017-01-24 16:35 - 2017-01-24 16:35 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe
    2017-05-20 13:23 - 2017-05-20 13:23 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe
    2016-12-28 13:39 - 2017-01-12 21:10 - 2858376 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe
    2017-02-21 17:29 - 2017-02-21 17:29 - 2903480 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe
    2017-03-23 20:42 - 2017-03-23 20:42 - 2982992 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe
    2008-12-15 18:34 - 2008-12-15 18:34 - 2585872 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe
    2006-12-07 13:43 - 2006-12-07 13:43 - 8100680 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Pas de fichier
    CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Pas de fichier
    Task: {0B7D69F0-8C95-42CB-A499-E24D1B8B9482} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
    Task: {614FF4A2-C57A-411F-90B2-03260DE99E05} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
    Task: {6C4B3157-B581-42DF-80E4-2AD927D09E7C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
    Task: {89CD61D1-1947-40CF-A633-A02CA31EF2D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
    Task: {951AE104-974A-424B-AC10-607338DA5222} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
    Task: {A7F3D7B0-0A9C-4251-AAD5-EF6F1434E287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
    Task: {AAAF8CC1-1AA2-47E0-8C62-152B4A0CCA8E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
    Task: {B82AEADE-CD01-47C9-A8A0-B665ADE7BD99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
    Task: {BBD43C31-CFA2-4E2E-B5EA-CCB7E72FD4E8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
    Task: {CB9D70F7-BA2F-48F9-8877-3E681F8368A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
    Task: {F968BCFC-807A-41B2-B1E2-484E4E334945} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
    EmptyTemp:

    *****************

    Le Point de restauration a été créé avec succès.
    Processus fermé avec succès.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => valeur non trouvé(e).
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => clé non trouvé(e).
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => clé non trouvé(e).
    HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => clé non trouvé(e).
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => clé non trouvé(e).
    HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => clé non trouvé(e).
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.131.2 => clé non trouvé(e).
    C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll => non trouvé(e).
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2 => clé non trouvé(e).
    C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll => non trouvé(e).
    Chrome HomePage => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\228E.exe" => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe" => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe" => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe" => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe" => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe" => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe" => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe" => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe" => non trouvé(e).
    "C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe" => non trouvé(e).
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => clé non trouvé(e).
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => clé non trouvé(e).
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => clé non trouvé(e).
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => clé non trouvé(e).
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => clé non trouvé(e).
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => clé non trouvé(e).
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => clé non trouvé(e).
    HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B7D69F0-8C95-42CB-A499-E24D1B8B9482} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{614FF4A2-C57A-411F-90B2-03260DE99E05} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C4B3157-B581-42DF-80E4-2AD927D09E7C} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89CD61D1-1947-40CF-A633-A02CA31EF2D3} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{951AE104-974A-424B-AC10-607338DA5222} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7F3D7B0-0A9C-4251-AAD5-EF6F1434E287} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAAF8CC1-1AA2-47E0-8C62-152B4A0CCA8E} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B82AEADE-CD01-47C9-A8A0-B665ADE7BD99} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBD43C31-CFA2-4E2E-B5EA-CCB7E72FD4E8} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9D70F7-BA2F-48F9-8877-3E681F8368A3} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F968BCFC-807A-41B2-B1E2-484E4E334945} => clé non trouvé(e).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => clé non trouvé(e).

    =========== EmptyTemp: ==========

    BITS transfer queue => 32768 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1056016 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 2294336 B
    Edge => 17095 B
    Chrome => 383533336 B
    Firefox => 375281306 B
    Opera => 27968763 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 27097354 B
    NetworkService => 75075302 B
    UpdatusUser => 0 B
    Francoise => 311422964 B

    RecycleBin => 2323073 B
    EmptyTemp: => 1.1 GB données temporaires supprimées.

    ================================


    Le système a dû redémarrer.

    ==== Fin de Fixlog 10:46:04 ====

    # AdwCleaner v6.047 - Logfile created 23/05/2017 at 11:56:25
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-05-22.1 [Local]
    # Operating System : Windows 8 Pro (X64)
    # Username : Francoise - EARENDIL-LIGHT
    # Running from : C:\Users\Francoise\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Francoise\AppData\Local\SweetLabs App Platform
    [-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
    [#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
    [-] Folder deleted: C:\Users\Public\Pokki


    ***** [ Files ] *****

    [-] File deleted: C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
    [-] File deleted: C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****

    [-] Task deleted: SweetLabs App Platform


    ***** [ Registry ] *****

    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
    [-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Classes\pokki
    [-] Key deleted: HKCU\Software\Classes\pokki
    [-] Key deleted: [x64] HKCU\Software\Classes\pokki
    [-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\SweetLabs App Platform
    [-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
    [-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
    [-] Key deleted: HKCU\Software\SweetLabs App Platform
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
    [-] Key deleted: [x64] HKCU\Software\SweetLabs App Platform
    [-] Key deleted: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
    [-] Key deleted: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
    [-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AC2673AB-B2E7-11E4-82DA-201A06CBDE2D}
    [#] Data restored on reboot: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC2673AB-B2E7-11E4-82DA-201A06CBDE2D}
    [#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC2673AB-B2E7-11E4-82DA-201A06CBDE2D}
    [#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Value deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
    [-] Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
    [-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
    [-] Key deleted: HKCU\Software\Classes\Drive\shell\pokki
    [-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki


    ***** [ Web browsers ] *****

    [-] [C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: fr.yhs4.search.yahoo.com
    [-] [C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: homepage-web.com
    [-] [C:\Users\Francoise\AppData\Local\Google\Chrome SxS\User Data\Default] [homepage] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [4828 Bytes] - [23/05/2017 11:56:25]
    C:\AdwCleaner\AdwCleaner[S0].txt - [5416 Bytes] - [23/05/2017 10:46:29]
    C:\AdwCleaner\AdwCleaner[S1].txt - [4981 Bytes] - [23/05/2017 11:35:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5047 Bytes] ##########

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 5/23/17
    Scan Time: 12:42 PM
    Log File: malwarebytes.txt
    Administrator: Yes

    -Software Information-
    Version: 3.1.2.1733
    Components Version: 1.0.122
    Update Package Version: 1.0.2003
    License: Trial

    -System Information-
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: EARENDIL-LIGHT\Francoise

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 458789
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 6 min, 15 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

    Thank you both for your concern and for your work =)
    ----------------------------------------------------------------
    Admin Edit
    Tavern thread: https://forums.spybot.info/showthrea...l=1#post475963
    Attached Images Attached Images
    Attached Files Attached Files
    Last edited by tashi; 2017-05-23 at 16:59. Reason: Edited out text and added it to previous topic in Tavern. Copy pasted logs requested into this topic.

  8. #8
    Member
    Join Date
    May 2014
    Posts
    73

    Default

    * st scab = 1st scan

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,557

    Default

    It appears you ran the script for FRST twice, was not necessary.

    what concerns AdwCleaner, fixes concerned Pokki
    http://www.shouldiremoveit.com/Pokki-5024-program.aspx
    http://www.shouldiremoveit.com/Pokki...1-program.aspx

    **************
    Please run the below fix script once.
    ~~~
    Start FRST (Please double-click on FRST/FRST64) with Administrator privileges

    Right click on the text below and select Copy.

    Start::
    EndProcesses:
    SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> DefaultScope {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
    Emptytemp:
    End::

    Press the Fix button.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.

    *****************
    Let's try to reset Google Chrome and see if the redirect changes
    Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
    Backup Chrome Bookmarks

    Proceed with the reset once done.
    Chrome: Chrome - Reset browser settings

    **********

    Zemana AntiMalware Free

    Please download it from here:

    Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.

    You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.
    When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
    without changing any options, press Scan

    When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.
    Zemana AntiMalware will now start to remove all the malicious programs from your computer.

    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
    • open Zemana AntiMalware again and locate the latest report
    • please paste the contents into your reply


    When the process is complete, you can close Zemana AntiMalware

    Please post these logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  10. #10
    Member
    Join Date
    May 2014
    Posts
    73

    Default

    Hello =) I'll post in Tavern what I think.
    Attached Images Attached Images
    Attached Files Attached Files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •