Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Exécuté par PC (19-03-2021 08:18:15) Run:1
Exécuté depuis C:\Users\PC\Desktop\Nouveau dossier
Profils chargés: PC
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
start
closeprocesses:
createrestorepoint:
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [RegTool] => C:\Program Files (x86)\Gemalto\Classic Client\BIN\RegTool.exe [1253384 2016-03-23] (gemalto -> )
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe
C:\Program Files (x86)\baidu
HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\Run: [Chromium] => "c:\users\pc\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
c:\users\pc\appdata\local\chromium
HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\MountPoints2: {292e5a6f-4727-11e8-9643-d053498cae60} - E:\AutoRun.exe
HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\MountPoints2: {49f05b5f-5868-11e5-b4c9-d053498cae60} - G:\AutoRun.exe
HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\MountPoints2: {c8c7002e-6680-11e5-9e2b-d053498cae60} - E:\iLinker.exe
HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\MountPoints2: {d065586b-57e8-11e5-91ab-d053498cae60} - E:\AutoRun.exe
HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\MountPoints2: {d065589b-57e8-11e5-91ab-d053498cae60} - G:\AutoRun.exe
HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\MountPoints2: {d06558a8-57e8-11e5-91ab-d053498cae60} - E:\AutoRun.exe
HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\MountPoints2: {d511447e-8e0f-11e5-9bee-d053498cae60} - E:\AutoRun.exe
HKU\S-1-5-21-2054802823-372819606-554328605-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{QXO030HK-B5JG-V1M5-3637-V0D1JTD2D4CL}] -> C:\WINDOWS\microsoft\notepad.exe
AppInit_DLLs: C:\ProgramData\Medlight\Meddamsoft.dll => Pas de fichier
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\PC\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0442E543-1A4C-44FC-952F-278DC1350D8F} - System32\Tasks\psv_ScotDox => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\GoodStrong.reg" & del "C:\ProgramData\Medlight\GoodStrong.reg" & SCHTASKS /Delete /TN "psv_ScotDox" /F <==== ATTENTION
Task: {0668C36F-E69F-475E-BDE2-7AE3B7B5A632} - System32\Tasks\psv_Zondom => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\MedAnla.reg" & del "C:\ProgramData\Medlight\MedAnla.reg" & SCHTASKS /Delete /TN "psv_Zondom" /F <==== ATTENTION
Task: {075C7DBE-61D9-40E1-BE79-C8E93F5488E1} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe <==== ATTENTION
Task: {240A9D76-5E69-4D12-8087-5F58A17D26F4} - System32\Tasks\psv_Sumity => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Is-Ex.reg" & del "C:\ProgramData\Medlight\Is-Ex.reg" & SCHTASKS /Delete /TN "psv_Sumity" /F <==== ATTENTION
Task: {298D7A83-A7CC-480D-A081-7FF37577CAE9} - System32\Tasks\psv_U-zuneco => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\OverIn.reg" & del "C:\ProgramData\Medlight\OverIn.reg" & SCHTASKS /Delete /TN "psv_U-zuneco" /F <==== ATTENTION
Task: {3EEC13F3-27E5-4603-9687-CEA87CA6A385} - \{12A78BDA-C4C0-46D4-345D-6A6710CF160F} -> Pas de fichier <==== ATTENTION
Task: {41CCE4CA-F3AC-4EFB-A0EE-CFCAC5C571C1} - System32\Tasks\psv_RonZozfind => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Ton-Ex.reg" & del "C:\ProgramData\Medlight\Ton-Ex.reg" & SCHTASKS /Delete /TN "psv_RonZozfind" /F <==== ATTENTION
Task: {43764840-EFC4-47FA-9DE0-1AB1ED6F3642} - System32\Tasks\psv_IceLamkix => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Trippledex.reg" & del "C:\ProgramData\Medlight\Trippledex.reg" & SCHTASKS /Delete /TN "psv_IceLamkix" /F <==== ATTENTION
Task: {45838E05-341F-4F98-ABD6-3ABC9429E2E1} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-5_user => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe <==== ATTENTION
Task: {5AE574C7-F2C7-4F7D-990A-C2D6C600BACA} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe
Task: {5C1CDBD7-1784-4DAA-976C-FDCB70C06B4B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {5C9D8995-3C3B-4FC5-8B76-C243C0FC5701} - System32\Tasks\psv_In-Find => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\FreshFinron.reg" & del "C:\ProgramData\Medlight\FreshFinron.reg" & SCHTASKS /Delete /TN "psv_In-Find" /F <==== ATTENTION
Task: {74BA49E0-E198-41B8-ACF9-AF3CB5EAC25F} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-10_user => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-10.exe <==== ATTENTION
Task: {78A46DF5-960F-47EA-AC6F-641E642DF583} - System32\Tasks\{F64FAC57-5EC6-4823-9992-24FF5F08DE8F} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Desktop\EP-CDB-FRA.exe -d C:\Users\PC\Desktop
Task: {78C0E904-A198-4870-A328-31178974A7D8} - System32\Tasks\psv_Dong-Com => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Zimeco.reg" & del "C:\ProgramData\Medlight\Zimeco.reg" & SCHTASKS /Delete /TN "psv_Dong-Com" /F <==== ATTENTION
Task: {7EBD62FC-1C58-419C-9C95-D53F519EF0D4} - System32\Tasks\psv_UnaHold => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\X-Dax.reg" & del "C:\ProgramData\Medlight\X-Dax.reg" & SCHTASKS /Delete /TN "psv_UnaHold" /F <==== ATTENTION
Task: {8353AB79-B2DE-4D09-AA09-61CEE81F1B03} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-6 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-6.exe <==== ATTENTION
Task: {868BEF7E-00DA-4224-8742-6E8AE6BBEE1B} - System32\Tasks\psv_Physlight => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\SumRemtom.reg" & del "C:\ProgramData\Medlight\SumRemtom.reg" & SCHTASKS /Delete /TN "psv_Physlight" /F <==== ATTENTION
Task: {8DF7A9B9-6185-40E3-8011-9B829C6CA9DD} - System32\Tasks\psv_Geohome => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Inchflex.reg" & del "C:\ProgramData\Medlight\Inchflex.reg" & SCHTASKS /Delete /TN "psv_Geohome" /F <==== ATTENTION
Task: {9DE8F3B0-6EED-445E-8AB0-62AC34E3028E} - System32\Tasks\psv_Freetax => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Biolight.reg" & del "C:\ProgramData\Medlight\Biolight.reg" & SCHTASKS /Delete /TN "psv_Freetax" /F <==== ATTENTION
Task: {A4E359C1-23C7-4001-B908-2860BCCA8A14} - System32\Tasks\{13CED89B-561D-4413-8771-D868CF98422C} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\Downloads\adguardInstaller.exe -d C:\Users\PC\Downloads
Task: {A7DD5262-8ACD-459C-BF0B-3D8449445A3F} - System32\Tasks\Driver Tonic_Logon => C:\Program Files\Driver Tonic\dtn.exe
Task: {AE9389E4-3EF0-4476-98CC-2E7CCD930321} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2054802823-372819606-554328605-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746880 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Task: {B22A405A-17C6-4F8A-9D6A-E91BBDB46E2F} - \{0C7A0E47-7F04-0B04-7E11-0B0F080E1179} -> Pas de fichier <==== ATTENTION
Task: {BAB3AC4D-0122-403F-A76F-6F17646A80AB} - System32\Tasks\psv_Overhome => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Subtax.reg" & del "C:\ProgramData\Medlight\Subtax.reg" & SCHTASKS /Delete /TN "psv_Overhome" /F <==== ATTENTION
Task: {C1AE6EC4-41D8-41A8-838D-3A00CE032D40} - System32\Tasks\psv_Villa-Nix => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Fasestring.reg" & del "C:\ProgramData\Medlight\Fasestring.reg" & SCHTASKS /Delete /TN "psv_Villa-Nix" /F <==== ATTENTION
Task: {C3F5FAEA-DF57-41A2-9557-01209B5CDBB6} - System32\Tasks\psv_Joylab => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Donransing.reg" & del "C:\ProgramData\Medlight\Donransing.reg" & SCHTASKS /Delete /TN "psv_Joylab" /F <==== ATTENTION
Task: {CE74063E-F51E-4163-A1ED-B445C96251A4} - System32\Tasks\psv_Vaiarancof => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Truelex.reg" & del "C:\ProgramData\Medlight\Truelex.reg" & SCHTASKS /Delete /TN "psv_Vaiarancof" /F <==== ATTENTION
Task: {D3C0A923-3562-40EC-B7F6-C744E0857073} - System32\Tasks\psv_SolFlex => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Quadsoft.reg" & del "C:\ProgramData\Medlight\Quadsoft.reg" & SCHTASKS /Delete /TN "psv_SolFlex" /F <==== ATTENTION
Task: {FB62781C-346E-4568-9171-42D4A74578BD} - System32\Tasks\psv_Plusla => cmd.exe /c regedit.exe /s "C:\ProgramData\Medlight\Temprantough.reg" & del "C:\ProgramData\Medlight\Temprantough.reg" & SCHTASKS /Delete /TN "psv_Plusla" /F <==== ATTENTION
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-10_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-5_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-6.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9uec9h16.default-1441821945333\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\9uec9h16.default-1441821945333 -> hxxps://www.searchgoose.com/?path=firefox/newtab&u=7e5610af6ae67e31&subid=11118
FF NewTab: Mozilla\Firefox\Profiles\9uec9h16.default-1441821945333 -> C:\\ProgramData\\Medlights\\ff.NT
FF Extension: (System Table) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9uec9h16.default-1441821945333\Extensions\143734@modext.tech.xpi [2018-03-01] [UpdateUrl:hxxps://amazon-space.ru/mupd/updates.json]
FF Extension: (System Table) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9uec9h16.default-1441821945333\Extensions\214028@modext.tech.xpi [2018-02-28] [UpdateUrl:hxxps://amazon-space.ru/mupd/updates.json]
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9uec9h16.default-1441821945333\Extensions\sp@avast.com.xpi [2020-03-11]
FF Extension: (Avast Online Security) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9uec9h16.default-1441821945333\Extensions\wrc@avast.com.xpi [2020-03-11]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9uec9h16.default-1441821945333\searchplugins\yahoo-lavasoft-ff59.xml [2018-04-23]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Pas de fichier]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Pas de fichier]
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2054802823-372819606-554328605-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Pas de fichier]
CHR HomePage: Default -> hxxp://www.surf-ma.com/
CHR StartupUrls: Default -> "hxxp://www.surf-ma.com/"
CHR DefaultNewTabURL: Default -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=7e5610af6ae67e31&subid=11118
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha
CHR HomePage: Profile 1 -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWpoE9FMzuYVvM8KUQpU0PrH51x3AuiNweck6SmQ7INqsuuGIFbD9Cnn6q3H6diu7VON-FoaTjPHww75qKg25qI_FcP0gfjYx2O0G0HoI-6is29j2KwXTtHT7u9-bsf2EwC8g_8Dr7aGxAH5FN8HfY6GDtBA,,
CHR NewTab: Profile 1 -> Not-active:"chrome-extension://jknfnmpagdiiabgnnonllhcdjflganlm/html/newtab.html"
CHR DefaultNewTabURL: Profile 1 -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=7e5610af6ae67e31&subid=11118
CHR DefaultSuggestURL: Profile 1 -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhmffijkepkhjmccjggphbifmblmghjd
CHR DefaultSearchURL: Profile 2 -> hxxps://www.search-fine.com/search?subid=11118&u=7e5610af6ae67e31&keyword={searchTerms}
CHR DefaultNewTabURL: Profile 2 -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=7e5610af6ae67e31&subid=11118
CHR DefaultSuggestURL: Profile 2 -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR DefaultNewTabURL: System Profile -> hxxps://www.searchgoose.com/?path=chrome/newtab&u=7e5610af6ae67e31&subid=11118
CHR DefaultSuggestURL: System Profile -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
S2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe -f "C:\ProgramData\\ApplicationHosting\\ApplicationHosting.dat" -l -a
S2 egtraupddt; pas de ImagePath
S2 hotnix32; pas de ImagePath
S2 Medlight; C:\ProgramData\\Medlight\\Medlight.exe -f "C:\ProgramData\\Medlight\\Medlight.dat" -l -a
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCRtp.exe" -r [X]
S2 Service Mgr LuckyBright; "C:\ProgramData\9466af57-1f38-4973-ab1c-22f7e17e2d6a\plugincontainer.exe" [X] <==== ATTENTION
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QMUdisk64.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TS888x64.sys [X]
S1 TsDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TsDefenseBT64.sys [X]
2021-02-23 15:18 - 2021-02-23 15:18 - 000000000 ____D C:\ProgramData\Norton
2021-03-18 17:41 - 2018-04-23 13:42 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-03-18 17:43 - 2015-10-20 17:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-03-09 12:50 - 2020-12-19 11:34 - 000003028 _____ C:\Windows\system32\Tasks\Driver Tonic_Logon
2015-04-14 17:28 - 2015-04-14 17:28 - 000004387 ____N () C:\Users\PC\AppData\Roaming\0ZPaAkafykHcSNjka
2015-04-19 13:20 - 2015-04-19 13:20 - 000005872 ____N () C:\Users\PC\AppData\Roaming\A8luklgXPm7keUVegdWqMRK
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKU\S-1-5-21-2054802823-372819606-554328605-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWpoE9FMzuYVvM8KUQpU0PrH51x3AuiNweck6SmQ7INqsuuGIFbD9Cnn6q3H6diu7VON-FoaTjPHww75qRfbWA_LogYHExNjvqy2sixNsu5xlFCqse4Acq5DauhKlIXFE8t0F_eY5mN5sKOIf469stUq9jTw,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWpoE9FMzuYVvM8KUQpU0PrH51x3AuiNweck6SmQ7INqsuuGIFbD9Cnn6q3H6diu7VON-FoaTjPHww75qRfbWA_LogYHExNjvqy2sixNsu5xlFCqse4Acq5DauhKlIXFE8t0F_eY5mN5sKOIf469stUq9jTw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2054802823-372819606-554328605-1000 -> DefaultScope {E77E1A1A-A70B-4679-8C00-474ECE835958} URL = hxxp://www.surf-ma.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2054802823-372819606-554328605-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2054802823-372819606-554328605-1000 -> {E77E1A1A-A70B-4679-8C00-474ECE835958} URL = hxxp://www.surf-ma.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2054802823-372819606-554328605-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWpoE9FMzuYVvM8KUQpU0PrH51x3AuiNweck6SmQ7INqsuuGIFbD9Cnn6q3H6diu7VON-FoaTjPHww75qRfbWA_LogYHExNjvqy2sixNsu5xlFCqse4Acq5DauhKlIXFE8t0F_eY5mN5sKOIf469stUq9jTw,,&q={searchTerms}
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll Pas de fichier
IE trusted site: HKU\S-1-5-21-2054802823-372819606-554328605-1000\...\webcompanion.com -> hxxp://webcompanion.com
cmd: netsh advfirewall reset
emptytemp:
end
*****************

Processus fermé avec succès.