Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Exécuté par christophe (15-05-2018 16:44:09) Run:1
Exécuté depuis C:\Users\christophe\Desktop
Profils chargés: christophe & csc3_ (Profils disponibles: christophe & csc3_)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CloseProcesses:
CreateRestorePoint:
ShortcutTarget: LibreOffice 5.2.lnk -> C:\Program Files (x86)\LibreOffice 5\program\quickstart.exe (Pas de fichier)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-955706339-1380046564-3651520312-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
Task: {1A1B0196-2B9C-486B-B6DE-4523D0BDD4E3} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {CEE428BB-D2BE-4549-AF2B-E50918685F8B} - \WPD\SqmUpload_S-1-5-21-955706339-1380046564-3651520312-1001 -> Pas de fichier <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered narim.job => Wscript.exe C:\ProgramData\{E48221E1-6EC0-AB27-E806-35657244BEAB}\tafa.txt <==== ATTENTION
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
DeleteKey: HKLM\SOFTWARE\SlimWare Utilities Inc
DeleteKey: HKLM\SOFTWARE\WOW6432Node\SlimWare Utilities Inc
C:\ProgramData\Goodgame Empire
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{EC69200F-17CB-4B64-983F-77B8EBB725A4}G:\camera\monitorclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F86D8C44-71F0-4040-AA05-176C478065E1}G:\camera\monitorclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D459D46E-D0AA-4D48-A2BC-63452A9C197F}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4273C73F-2985-4DBE-87BD-336D26730589}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D74329F6-553D-4018-B607-D592078E4B92}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5B0EF4BF-569C-4490-BEFC-64D21D2B8F5E}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C5DE2407-26D9-4E48-8B84-B0337A4062D6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C8B88C97-2119-4173-9077-B613EAF1596C}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DCFC913F-4E9B-42C6-A013-5F67C358A0AA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7D154CCC-4CAA-4C79-91C8-4A6FFCEDDEE0}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A51ED1F7-5FD6-4845-96F7-81FCE23259F6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4A5A2620-117F-4F99-B198-5016CF4408DF}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\POContextMenuHandler64
DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{FFB89EEA-EFCF-4156-BC81-CA72A260FB62}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\POContextMenuHandler64
DeleteKey: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\POContextMenuHandler64
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\001
EmptyTemp:
*****************
Processus fermé avec succès.
Erreur: (0) Impossible de créer un point de restauration.
"C:\Program Files (x86)\LibreOffice 5\program\quickstart.exe" => non trouvé(e)
C:\WINDOWS\system32\GroupPolicy\Machine => déplacé(es) avec succès
C:\WINDOWS\system32\GroupPolicy\GPT.ini => déplacé(es) avec succès
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => déplacé(es) avec succès
"HKLM\SOFTWARE\Policies\Google" => supprimé(es) avec succès
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valeur restauré(es) avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => supprimé(es) avec succès
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => non trouvé(e)
"HKU\S-1-5-21-955706339-1380046564-3651520312-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A1B0196-2B9C-486B-B6DE-4523D0BDD4E3}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A1B0196-2B9C-486B-B6DE-4523D0BDD4E3}" => supprimé(es) avec succès
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE428BB-D2BE-4549-AF2B-E50918685F8B}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE428BB-D2BE-4549-AF2B-E50918685F8B}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-955706339-1380046564-3651520312-1001" => supprimé(es) avec succès
C:\WINDOWS\Tasks\Yahoo! Powered narim.job => déplacé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence" => supprimé(es) avec succès
HKLM\SOFTWARE\SlimWare Utilities Inc => non trouvé(e)
"HKLM\SOFTWARE\WOW6432Node\SlimWare Utilities Inc" => supprimé(es) avec succès
C:\ProgramData\Goodgame Empire => déplacé(es) avec succès
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32" => supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32" => supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EC69200F-17CB-4B64-983F-77B8EBB725A4}G:\camera\monitorclient.exe" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F86D8C44-71F0-4040-AA05-176C478065E1}G:\camera\monitorclient.exe" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D459D46E-D0AA-4D48-A2BC-63452A9C197F}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4273C73F-2985-4DBE-87BD-336D26730589}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D74329F6-553D-4018-B607-D592078E4B92}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B0EF4BF-569C-4490-BEFC-64D21D2B8F5E}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5DE2407-26D9-4E48-8B84-B0337A4062D6}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8B88C97-2119-4173-9077-B613EAF1596C}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCFC913F-4E9B-42C6-A013-5F67C358A0AA}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D154CCC-4CAA-4C79-91C8-4A6FFCEDDEE0}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A51ED1F7-5FD6-4845-96F7-81FCE23259F6}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A5A2620-117F-4F99-B198-5016CF4408DF}" => supprimé(es) avec succès
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\POContextMenuHandler64" => supprimé(es) avec succès
HKLM\Software\Wow6432Node\Classes\CLSID\{FFB89EEA-EFCF-4156-BC81-CA72A260FB62} => non trouvé(e)
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\POContextMenuHandler64" => supprimé(es) avec succès
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\POContextMenuHandler64" => supprimé(es) avec succès
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\000 => déplacé(es) avec succès
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\001 => déplacé(es) avec succès
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39463937 B
Java, Flash, Steam htmlcache => 58520821 B
Windows/system/drivers => 58995990 B
Edge => 7575211 B
Chrome => 59183485 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 20480 B
NetworkService => 24817888 B
christophe => 79233283 B
csc3_ => 127125641 B
RecycleBin => 191507558 B
EmptyTemp: => 624 MB données temporaires supprimées.
================================
Le système a dû redémarrer.
==== Fin de Fixlog 16:44:55 ====
Exécuté par christophe (15-05-2018 16:44:09) Run:1
Exécuté depuis C:\Users\christophe\Desktop
Profils chargés: christophe & csc3_ (Profils disponibles: christophe & csc3_)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CloseProcesses:
CreateRestorePoint:
ShortcutTarget: LibreOffice 5.2.lnk -> C:\Program Files (x86)\LibreOffice 5\program\quickstart.exe (Pas de fichier)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-955706339-1380046564-3651520312-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
Task: {1A1B0196-2B9C-486B-B6DE-4523D0BDD4E3} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {CEE428BB-D2BE-4549-AF2B-E50918685F8B} - \WPD\SqmUpload_S-1-5-21-955706339-1380046564-3651520312-1001 -> Pas de fichier <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered narim.job => Wscript.exe C:\ProgramData\{E48221E1-6EC0-AB27-E806-35657244BEAB}\tafa.txt <==== ATTENTION
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
DeleteKey: HKLM\SOFTWARE\SlimWare Utilities Inc
DeleteKey: HKLM\SOFTWARE\WOW6432Node\SlimWare Utilities Inc
C:\ProgramData\Goodgame Empire
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{EC69200F-17CB-4B64-983F-77B8EBB725A4}G:\camera\monitorclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F86D8C44-71F0-4040-AA05-176C478065E1}G:\camera\monitorclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D459D46E-D0AA-4D48-A2BC-63452A9C197F}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4273C73F-2985-4DBE-87BD-336D26730589}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D74329F6-553D-4018-B607-D592078E4B92}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5B0EF4BF-569C-4490-BEFC-64D21D2B8F5E}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C5DE2407-26D9-4E48-8B84-B0337A4062D6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C8B88C97-2119-4173-9077-B613EAF1596C}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DCFC913F-4E9B-42C6-A013-5F67C358A0AA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7D154CCC-4CAA-4C79-91C8-4A6FFCEDDEE0}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A51ED1F7-5FD6-4845-96F7-81FCE23259F6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4A5A2620-117F-4F99-B198-5016CF4408DF}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\POContextMenuHandler64
DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{FFB89EEA-EFCF-4156-BC81-CA72A260FB62}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\POContextMenuHandler64
DeleteKey: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\POContextMenuHandler64
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\001
EmptyTemp:
*****************
Processus fermé avec succès.
Erreur: (0) Impossible de créer un point de restauration.
"C:\Program Files (x86)\LibreOffice 5\program\quickstart.exe" => non trouvé(e)
C:\WINDOWS\system32\GroupPolicy\Machine => déplacé(es) avec succès
C:\WINDOWS\system32\GroupPolicy\GPT.ini => déplacé(es) avec succès
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => déplacé(es) avec succès
"HKLM\SOFTWARE\Policies\Google" => supprimé(es) avec succès
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valeur restauré(es) avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => supprimé(es) avec succès
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => non trouvé(e)
"HKU\S-1-5-21-955706339-1380046564-3651520312-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A1B0196-2B9C-486B-B6DE-4523D0BDD4E3}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A1B0196-2B9C-486B-B6DE-4523D0BDD4E3}" => supprimé(es) avec succès
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => non trouvé(e)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE428BB-D2BE-4549-AF2B-E50918685F8B}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE428BB-D2BE-4549-AF2B-E50918685F8B}" => supprimé(es) avec succès
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-955706339-1380046564-3651520312-1001" => supprimé(es) avec succès
C:\WINDOWS\Tasks\Yahoo! Powered narim.job => déplacé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence" => supprimé(es) avec succès
HKLM\SOFTWARE\SlimWare Utilities Inc => non trouvé(e)
"HKLM\SOFTWARE\WOW6432Node\SlimWare Utilities Inc" => supprimé(es) avec succès
C:\ProgramData\Goodgame Empire => déplacé(es) avec succès
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32" => supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32" => supprimé(es) avec succès
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EC69200F-17CB-4B64-983F-77B8EBB725A4}G:\camera\monitorclient.exe" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F86D8C44-71F0-4040-AA05-176C478065E1}G:\camera\monitorclient.exe" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D459D46E-D0AA-4D48-A2BC-63452A9C197F}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4273C73F-2985-4DBE-87BD-336D26730589}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D74329F6-553D-4018-B607-D592078E4B92}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B0EF4BF-569C-4490-BEFC-64D21D2B8F5E}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5DE2407-26D9-4E48-8B84-B0337A4062D6}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8B88C97-2119-4173-9077-B613EAF1596C}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCFC913F-4E9B-42C6-A013-5F67C358A0AA}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D154CCC-4CAA-4C79-91C8-4A6FFCEDDEE0}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A51ED1F7-5FD6-4845-96F7-81FCE23259F6}" => supprimé(es) avec succès
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A5A2620-117F-4F99-B198-5016CF4408DF}" => supprimé(es) avec succès
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\POContextMenuHandler64" => supprimé(es) avec succès
HKLM\Software\Wow6432Node\Classes\CLSID\{FFB89EEA-EFCF-4156-BC81-CA72A260FB62} => non trouvé(e)
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => non trouvé(e)
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\POContextMenuHandler64" => supprimé(es) avec succès
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\POContextMenuHandler64" => supprimé(es) avec succès
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => non trouvé(e)
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\000 => déplacé(es) avec succès
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\001 => déplacé(es) avec succès
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39463937 B
Java, Flash, Steam htmlcache => 58520821 B
Windows/system/drivers => 58995990 B
Edge => 7575211 B
Chrome => 59183485 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 20480 B
NetworkService => 24817888 B
christophe => 79233283 B
csc3_ => 127125641 B
RecycleBin => 191507558 B
EmptyTemp: => 624 MB données temporaires supprimées.
================================
Le système a dû redémarrer.
==== Fin de Fixlog 16:44:55 ====