==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Security Agent\pccntmon.exe [1989040 2014-02-17] (Trend Micro Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1980416 2013-12-18] (Wondershare)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1962944 2016-11-22] ()
HKLM-x32\...\Run: [crssl-client] => C:\Program Files (x86)\CrSSL\bin\crssl-client.exe [392704 2013-01-17] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {02fc8cae-e75a-11e5-8043-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {3bd4d46f-d34b-11e7-8077-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {3bd4d771-d34b-11e7-8077-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {557f820e-5210-11e5-800b-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {57f2b82d-e114-11e5-8042-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {5c7ce3f1-4e6e-11e6-8051-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {72345e6a-dd2a-11e4-bfc2-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {72345eef-dd2a-11e4-bfc2-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {7f729793-ff16-11e6-8068-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {7f7297b6-ff16-11e6-8068-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {84810171-ffd4-11e5-804e-90a4dee3201e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {87020989-a7e5-11e6-8061-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {870214c9-a7e5-11e6-8061-90a4dee3201e} - "F:\Autorun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {892cb759-2bac-11e5-bff2-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {9d430faa-5668-11e7-806f-90a4dee3201e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {9d5931ba-dbba-11e6-8067-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {a458b013-be7e-11e5-802a-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {c2a39386-999b-11e5-8021-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {d97ba654-1397-11e7-806e-90a4dee3201e} - "F:\.\Setup.exe" AUTORUN=1
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {dd987c25-41b9-11e6-8050-90a4dee3201e} - "F:\AutoRun.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {f95a6392-63ad-11e6-8052-90a4dee3201e} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\...\MountPoints2: {f95a6a32-63ad-11e6-8052-90a4dee3201e} - "F:\Lenovo_Suite.exe"
Startup: C:\Users\Wbenslima001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2015-12-29]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.192 193.95.66.10
Tcpip\..\Interfaces\{1C38B356-082D-445C-8E71-1BE1AAFAE8E5}: [DhcpNameServer] 192.168.1.192 193.95.66.10
Tcpip\..\Interfaces\{4D7DF8BE-99F5-4B49-BCDD-0BDE3E5E8D3D}: [DhcpNameServer] 192.168.1.192 193.95.66.10
Tcpip\..\Interfaces\{C45B0564-BDA3-494E-B350-69863B0C103C}: [DhcpNameServer] 192.168.1.192 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-xl/?ocid=iehp
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3035152675-1067335792-1631548692-1163\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWv3E6lQ11TXxwEQBBU6LufZUaZvR56nNScLDhfiQkSWqNoVwp0PIMkaaz8Mn5mF_lVqmi_XRLoPCjCMGmuhyRdd8fe0f5lVk9tPZrwENk4PXdJX-EITK6q3iojsY8NiL2lnaDJXr7jICT-51jL7JlNHHhXg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3035152675-1067335792-1631548692-1163 -> DefaultScope {713D254C-05FC-4C55-9E02-E034B529607D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3035152675-1067335792-1631548692-1163 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3035152675-1067335792-1631548692-1163 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=HitachiXHTS543232A7A384_E2P312330RE7RP0RE7RPX&ts=1421063680&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3035152675-1067335792-1631548692-1163 -> {713D254C-05FC-4C55-9E02-E034B529607D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3035152675-1067335792-1631548692-1163 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=HitachiXHTS543232A7A384_E2P312330RE7RP0RE7RPX&ts=1421063680&type=default&q={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg.dll [2014-01-22] (Trend Micro Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-02-01] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg32.dll [2014-01-22] (Trend Micro Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-11] (Oracle Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-22] (Wondershare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-11] (Oracle Corporation)
DPF: HKLM-x32 {3141A4B9-16D5-4B76-B1EB-B595C8308D42} hxxps://192.168.1.192:4343/SMB/console/html/root/AtxConsole.cab?ver=18,0,0,1334
DPF: HKLM-x32 {8157E81A-275D-4BE8-A7A9-E36E62DF9C68} hxxps://192.168.1.192:4343/SMB/console/html/root/AtxEnc.cab?ver=18,0,0,1334
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-02-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-02-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-02-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-02-01] (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg.dll [2014-01-22] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Security Agent\TmopIEPlg32.dll [2014-01-22] (Trend Micro Inc.)
Handler: WSAllMyTubechrome - Pas de valeur CLSID
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - Pas de fichier
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1421063615&from=amt&uid=HitachiXHTS543232A7A384_E2P312330RE7RP0RE7RPX

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files (x86)\Trend Micro\Security Agent\FirefoxExtensionOsprey
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files (x86)\Trend Micro\Security Agent\FirefoxExtensionOsprey [2015-09-29] [Legacy] [non signé]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [2017-02-28] [Legacy]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-02-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-25] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Profile 17
CHR Profile: C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-05-02]
CHR Profile: C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 15 [2018-05-02]
CHR Extension: (Google Docs) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-16]
CHR Extension: (Google Drive) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16]
CHR Extension: (YouTube) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16]
CHR Extension: (Google Search) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-12-17]
CHR Extension: (Google Docs Offline) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-16]
CHR Extension: (Gmail) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16]
CHR Profile: C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 16 [2017-03-09]
CHR Profile: C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 17 [2018-05-16]
CHR Extension: (Docs) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-06]
CHR Extension: (YouTube) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Wbenslima001\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Cyberoam SSL VPN Helper; C:\Program Files (x86)\CrSSL\bin\crssladmmgr.exe [158208 2013-01-17] () [Fichier non signé]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-14] (Dropbox, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd.)
S4 Dim@net. RunOuc; C:\Program Files (x86)\Dim@net\UpdateDog\ouc.exe [655712 2014-02-13] ()
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [Fichier non signé]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP) [Fichier non signé]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Fichier non signé]
S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [Fichier non signé]
S4 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Security Agent\ntrtscan.exe [3747816 2014-02-17] (Trend Micro Inc.)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [Fichier non signé]
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [573488 2014-01-23] (Trend Micro Inc.)
R3 TmCCSF; C:\Program Files (x86)\Trend Micro\Security Agent\CCSF\TmCCSF.exe [661912 2014-02-17] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Security Agent\tmlisten.exe [4041088 2014-02-17] (Trend Micro Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 ADSafeSvc; C:\Program Files (x86)\ADSafe\ADSafeSvc.exe [X]
S2 producthpd; pas de ImagePath

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R0 DMProtectEx; C:\WINDOWS\System32\drivers\DMProtectEx64.sys [232192 2015-12-03] (Shanghai Damo Network Sci. & Tech. Co. Ltd.)
S3 DMRedirect; C:\WINDOWS\system32\drivers\DMRedirect.sys [52480 2015-12-03] (Billion)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 GemCCID; C:\WINDOWS\system32\DRIVERS\GemCCID.sys [130944 2014-11-10] (Gemalto)
S3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [12311776 2012-11-27] (Intel Corporation) [Fichier non signé]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
S3 tapoas; C:\WINDOWS\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R2 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [85912 2014-01-23] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS\system32\DRIVERS\tmcomm.sys [286232 2013-10-31] (Trend Micro Inc.)
R2 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [101152 2013-08-15] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [66896 2014-01-23] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmXPFlt.sys [396944 2017-10-24] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Security Agent\TmPreFlt.sys [70288 2017-10-24] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [92448 2013-12-20] (Trend Micro Inc.)
S3 vNICdrv; C:\WINDOWS\system32\DRIVERS\vNICdrv.sys [20048 2013-05-20] (Iomega Corporation)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Security Agent\VSApiNt.sys [2788504 2017-10-24] (Trend Micro Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusb_cdcacm; \SystemRoot\system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; \SystemRoot\system32\DRIVERS\ew_wwanecm.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 wfdrvr_vw_1_10_0_28; system32\drivers\wfdrvr_vw_1_10_0_28.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2018-05-16 15:37 - 2018-05-16 16:03 - 000025984 _____ C:\Users\Wbenslima001\Desktop\FRST.txt
2018-05-16 15:36 - 2018-05-16 16:01 - 000000000 ____D C:\FRST
2018-05-16 15:36 - 2018-05-16 15:36 - 002404864 _____ (Farbar) C:\Users\Wbenslima001\Desktop\FRST64.exe
2018-05-14 17:16 - 2017-07-18 19:53 - 003559620 _____ C:\Users\Wbenslima001\Desktop\KMSAuto crack win 10.rar
2018-05-14 12:45 - 2018-05-14 12:45 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-05-14 12:45 - 2018-05-14 12:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-05-14 12:45 - 2018-05-14 12:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-05-14 12:45 - 2018-05-14 12:45 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-07 17:04 - 2018-05-07 17:04 - 000001423 _____ C:\Users\Public\Desktop\Ontrack EasyRecovery Enterprise.lnk
2018-05-07 16:28 - 2018-05-07 17:04 - 000000000 ____D C:\Users\Wbenslima001\Downloads\logiciel de recuperation donné plus crack
2018-05-07 16:11 - 2018-05-07 16:11 - 000000000 ____D C:\Users\Wbenslima001\EREnt64
2018-05-07 16:10 - 2018-05-07 16:10 - 000000000 ____D C:\Users\Wbenslima001\EREnt
2018-05-07 16:08 - 2018-05-07 16:09 - 024044984 _____ C:\Users\Wbenslima001\Downloads\Tunisia-sat (Ontrack EasyRecovery Enterprise v11) by med0101.rar
2018-05-07 15:58 - 2018-05-07 15:58 - 024454663 _____ C:\Users\Wbenslima001\Downloads\Ontrack EasyRecovery Professional 12.0.0.2 [Adam Bedoui] [TNSAT] (1).zip
2018-05-07 15:58 - 2018-05-07 15:58 - 000000000 ____D C:\Users\Wbenslima001\Downloads\Ontrack EasyRecovery Professional 12.0.0.2 [Adam Bedoui] [TNSAT] (1)
2018-05-07 15:52 - 2018-05-07 15:52 - 000000000 ____D C:\Users\Wbenslima001\Downloads\Ontrack EasyRecovery Professional 12.0.0.2 [Adam Bedoui] [TNSAT]
2018-05-07 15:51 - 2018-05-07 15:51 - 024454663 _____ C:\Users\Wbenslima001\Downloads\Ontrack EasyRecovery Professional 12.0.0.2 [Adam Bedoui] [TNSAT].zip
2018-05-07 14:05 - 2018-05-07 14:07 - 000000000 ____D C:\Users\Wbenslima001\AppData\Local\MSfree Inc
2018-05-03 16:06 - 2018-05-03 16:07 - 000000000 ____D C:\WINDOWS\SysWOW64\nlcspro
2018-05-03 16:00 - 2018-05-03 16:01 - 033052408 _____ (EduIQ.com) C:\Users\Wbenslima001\Desktop\Outil de visualisation classroomspypro.exe
2018-05-03 15:38 - 2018-05-03 15:38 - 000000000 ____D C:\Users\Wbenslima001\AppData\Local\RealVNC
2018-05-03 15:36 - 2018-05-03 15:36 - 018401536 _____ (RealVNC Ltd ) C:\Users\Wbenslima001\Downloads\vnc_5-3-2_fr_10084.exe

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2018-05-16 16:01 - 2014-02-12 18:15 - 000012208 _____ C:\WINDOWS\cfgall.ini
2018-05-16 15:37 - 2018-01-11 18:32 - 000001220 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-16 14:58 - 2014-12-25 16:45 - 000000000 ____D C:\Users\Wbenslima001\Documents\Fichiers Outlook
2018-05-16 14:53 - 2014-02-12 17:32 - 000000136 _____ C:\WINDOWS\system32\config\netlogon.ftl
2018-05-16 14:42 - 2015-01-05 09:48 - 000002240 ____H C:\Users\Wbenslima001\Documents\Default.rdp
2018-05-16 12:28 - 2014-02-26 11:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-16 11:06 - 2017-12-29 15:19 - 000000000 ____D C:\Users\Public\SmartPSS
2018-05-16 09:52 - 2018-02-28 14:31 - 000005092 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for {597d8417-8e75-4ee6-a9a2-1a54181cb8b8} WBENSLIMA001.horwathacf.local
2018-05-16 09:06 - 2016-01-05 09:06 - 000000000 __RDO C:\Users\Wbenslima001\OneDrive
2018-05-16 08:29 - 2018-01-11 18:32 - 000001216 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-15 17:21 - 2014-12-25 12:53 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3035152675-1067335792-1631548692-1163
2018-05-15 16:55 - 2018-01-11 18:32 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-14 17:21 - 2014-12-25 16:50 - 000000000 ____D C:\Users\Wbenslima001\AppData\Roaming\TeamViewer
2018-05-14 14:03 - 2018-04-12 09:37 - 000000000 ____D C:\Users\Wbenslima001\AppData\Local\Adobe
2018-05-10 11:28 - 2013-11-14 08:31 - 002448698 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-10 11:28 - 2013-11-14 08:13 - 001042240 _____ C:\WINDOWS\system32\perfh00C.dat
2018-05-10 11:28 - 2013-11-14 08:13 - 000248506 _____ C:\WINDOWS\system32\perfc00C.dat
2018-05-10 11:28 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2018-05-10 07:46 - 2016-04-25 11:49 - 000000000 ____D C:\Users\Wbenslima001\AppData\Local\CrashDumps
2018-05-07 17:08 - 2016-10-20 11:28 - 000000000 ____D C:\Program Files (x86)\Kroll Ontrack
2018-05-07 17:08 - 2016-10-19 12:23 - 000000000 ____D C:\Program Files (x86)\Ontrack
2018-05-07 16:11 - 2014-12-25 12:47 - 000000000 ____D C:\Users\Wbenslima001
2018-05-07 15:20 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-07 15:17 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-05-07 13:53 - 2014-02-27 10:09 - 000451584 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2018-05-04 12:37 - 2013-08-22 15:44 - 000503672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-04 12:31 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-02 09:07 - 2017-03-28 12:02 - 000000000 ____D C:\Program Files (x86)\InternetEverywhere
2018-05-02 09:04 - 2015-06-02 14:28 - 000000000 ____D C:\Users\Wbenslima001\Desktop\travail
2018-05-02 08:57 - 2016-02-13 11:08 - 000000000 ____D C:\Users\Wbenslima001\Desktop\tel portable walid
2018-04-26 16:09 - 2017-11-14 11:12 - 000025136 _____ C:\Users\Wbenslima001\Desktop\Parc informatique ACF 2017 V2.xlsx
2018-04-17 15:50 - 2015-03-25 14:52 - 000000000 ____D C:\Users\Wbenslima001\AppData\Roaming\Nitro
2018-04-16 08:56 - 2014-12-25 12:48 - 000000000 ____D C:\Users\Wbenslima001\AppData\Roaming\Adobe

==================== Fichiers à la racine de certains dossiers =======

2015-12-17 11:25 - 2015-12-17 11:25 - 000005120 _____ () C:\Users\Wbenslima001\AppData\Roaming\GiftBag.db
2016-12-21 11:13 - 2016-12-21 11:13 - 000000092 _____ () C:\Users\Wbenslima001\AppData\Roaming\wfbshelp.ini

Certains fichiers dans TEMP:
====================
2018-05-02 09:06 - 2017-06-14 00:05 - 000752304 _____ () C:\Users\Wbenslima001\AppData\Local\Temp\Uninstaller.exe

==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2018-05-10 11:02

==================== Fin de FRST.txt ============================