Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Exécuté par Sylvain (01-10-2018 20:07:42) Run:3
Exécuté depuis C:\Users\Sylvain\Desktop
Profils chargés: Sylvain (Profils disponibles: Sylvain)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CreateRestorePoint:
StartRegEdit:
Windows Registry Editor Version 5.00
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}]
"URL"=""
[HKLM\Software\Wo6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}]
"URL"=""
[HKLM\Software\Wo6432Node\Microsoft\Internet Explorer\SearchScopes\{C2F7C8A3-D4A6-452E-B677-D148D2A36A44}]
"URL"=""
EndRegEdit:
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A6F9ACCC-5D48-4DF5-88DE-010E084FF544}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{066AC33A-AC67-4CCC-9081-DDB8628C4AF6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{43B3D5A1-1ADA-495C-AE85-12994A6BAAD6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{44FEF1F6-BB62-43E8-8201-23400D896818}
C:\Users\Sylvain\AppData\Local\Google\Chrome\User Data\Default\File System\010
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLVirtualDrive
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}
DeleteKey: HKLM\Software\Classes\Installer\Products\E3E01B881198CAF46836CC6F3EC3853B
DeleteKey: HKLM\Software\Classes\Installer\Features\E3E01B881198CAF46836CC6F3EC3853B
DeleteKey: HKCU\Software\Microsoft\Installer\Products\E3E01B881198CAF46836CC6F3EC3853B
DeleteKey: HKCU\Software\Microsoft\Installer\Features\E3E01B881198CAF46836CC6F3EC3853B
C:\WINDOWS\Installer\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}\ARPPRODUCTICON.exe
DeleteKey: HKLM\SOFTWARE\JavaSoft
DeleteKey: HKLM\SOFTWARE\WOW6432Node\JavaSoft
DeleteKey: HKCU\SOFTWARE\JavaSoft
DeleteKey: HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
DeleteKey: HKU\.DEFAULT\SOFTWARE\JavaSoft
DeleteKey: HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\JavaSoft
C:\Program Files (x86)\Java
DeleteKey: HKLM\SOFTWARE\McAfee.com
DeleteKey: HKLM\SOFTWARE\WOW6432Node\McAfee.com
C:\ProgramData\McAfee
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent hp Master Uninstall
DeleteKey: HKLM\SOFTWARE\WildTangent
DeleteKey: HKLM\SOFTWARE\WOW6432Node\WildTangent
C:\ProgramData\WildTangent
C:\Users\Sylvain\AppData\Roaming\WildTangent
DeleteKey: HKCU\SOFTWARE\Dropbox
DeleteKey: HKCU\SOFTWARE\DropboxUpdate
DeleteKey: HKU\.DEFAULT\SOFTWARE\Dropbox
DeleteKey: HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\Dropbox
DeleteKey: HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\DropboxUpdate
C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Dropbox
C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\Dropbox
DeleteKey: HKLM\SOFTWARE\TeamViewer
DeleteKey: HKLM\SOFTWARE\WOW6432Node\TeamViewer
DeleteKey: HKCU\SOFTWARE\TeamViewer
DeleteKey: HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\TeamViewer
C:\Users\Sylvain\AppData\Roaming\TeamViewer
DeleteValue: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK|YahooMusicEngine.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1568993093-1613427294-323948901-1002.job => C:\Users\Sylvain\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {4A8DB574-E2E6-4CD5-A20C-401FDCDC64A5} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Pas de fichier <==== ATTENTION
Task: {5024AAF4-3B12-42BA-AC4A-2B4E05F13BD5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {50427C64-9D4B-433C-85BA-8FA8DC5BE73F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {520B8E32-36F3-470B-B4E5-3BC89C0F340A} - \Microsoft\Windows\Setup\gwx\rundetector -> Pas de fichier <==== ATTENTION
Task: {53BD9DEA-BC64-4BCD-8EAE-43AB134C1AFD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Pas de fichier <==== ATTENTION
Task: {717625E1-EF9A-4944-8971-208E11B1D68F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {77A37956-3D72-4824-8AFA-35E9404A0264} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Pas de fichier <==== ATTENTION
Task: {7C3EF369-1001-48D7-B7C2-2DA38BDB153F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {8040FFD7-526E-46EE-ACF8-D90242BA9C1B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {8A5ABEA4-D67E-449F-8D8E-4C712D875152} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {8C84D0AA-49B7-474A-8F49-B0B34A81A8C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {9C0483F1-1E4B-4C32-96A4-9365CC592FAD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {B057BD87-3A7A-4495-9B50-788E5BBC9569} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Pas de fichier <==== ATTENTION
Task: {B1E87EEA-26A4-48B2-AF0A-1CD258A1453C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {C3EE0694-27DF-4B50-BCFE-E3917CC75CB9} - \WPD\SqmUpload_S-1-5-21-1568993093-1613427294-323948901-1002 -> Pas de fichier <==== ATTENTION
Task: {C4ACCA4D-04B0-458A-98AA-F83BA4C95617} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {DC4FCC91-2676-438C-AB09-6C2F81460194} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\CyberLink Power2Go.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\Desktop Burning Gadget.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\ISO Viewer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\Virtual Drive.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\CyberLink Media Suite.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\CyberLink PowerDVD.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk
C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
C:\Users\Sylvain\Pictures\2018-09-10 - Raccourci.lnk
C:\Users\Sylvain\Desktop\filmora_setup_full1084(1).exe.lnk
C:\Users\Sylvain\Desktop\ZHPDiag.lnk
C:\Users\Sylvain\AppData\Roaming\ZHP\Quarantine\ZHPFix\Folder\Folder21___Wondershare\Filmora\Wondershare Filmora.lnk
C:\Users\Sylvain\AppData\Roaming\ZHP\Quarantine\ZHPFix\File\File103___Driver Booster 2.lnk
C:\Users\Sylvain\AppData\Roaming\ZHP\Quarantine\ZHPFix\File\File105___Wondershare Filmora.lnk
C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2017-08-01.lnk
C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner64.lnk
C:\Users\Sylvain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
C:\Users\Sylvain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> {C2F7C8A3-D4A6-452E-B677-D148D2A36A44} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UT ... earchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1568993093-1613427294-323948901-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Pas de fichier
FF Plugin HKU\S-1-5-21-1568993093-1613427294-323948901-1002: @hola.org/vlc,version=1.8.328 -> C:\Users\Sylvain\AppData\Local\Hola\firefox\app\vlc [Pas de fichier]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
U3 aspnet_state; pas de ImagePath
2018-09-28 10:39 - 2018-09-28 10:39 - 000000000 _____ () C:\Users\Sylvain\AppData\Local\oobelibMkey.log
cmd: dism.exe /online /cleanup-image /restorehealth
cmd: sfc /scannow
Reboot:
Hosts:
CloseProcesses:
EmptyTemp:
RemoveProxy:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
Cmd: netsh advfirewall reset
Cmd: Netsh advfirewall set allprofiles state on
*****************
Le Point de restauration a été créé avec succès.
====> Registre
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6F9ACCC-5D48-4DF5-88DE-010E084FF544}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{066AC33A-AC67-4CCC-9081-DDB8628C4AF6}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43B3D5A1-1ADA-495C-AE85-12994A6BAAD6}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44FEF1F6-BB62-43E8-8201-23400D896818}" => non trouvé(e)
"C:\Users\Sylvain\AppData\Local\Google\Chrome\User Data\Default\File System\010" => non trouvé(e)
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLVirtualDrive => non trouvé(e)
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10 => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3} => non trouvé(e)
HKLM\Software\Classes\Installer\Products\E3E01B881198CAF46836CC6F3EC3853B => non trouvé(e)
HKLM\Software\Classes\Installer\Features\E3E01B881198CAF46836CC6F3EC3853B => non trouvé(e)
HKCU\Software\Microsoft\Installer\Products\E3E01B881198CAF46836CC6F3EC3853B => non trouvé(e)
HKCU\Software\Microsoft\Installer\Features\E3E01B881198CAF46836CC6F3EC3853B => non trouvé(e)
"C:\WINDOWS\Installer\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}\ARPPRODUCTICON.exe" => non trouvé(e)
HKLM\SOFTWARE\JavaSoft => non trouvé(e)
HKLM\SOFTWARE\WOW6432Node\JavaSoft => non trouvé(e)
HKCU\SOFTWARE\JavaSoft => non trouvé(e)
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft => non trouvé(e)
HKU\.DEFAULT\SOFTWARE\JavaSoft => non trouvé(e)
HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\JavaSoft => non trouvé(e)
"C:\Program Files (x86)\Java" => non trouvé(e)
HKLM\SOFTWARE\McAfee.com => non trouvé(e)
HKLM\SOFTWARE\WOW6432Node\McAfee.com => non trouvé(e)
"C:\ProgramData\McAfee" => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent hp Master Uninstall => non trouvé(e)
HKLM\SOFTWARE\WildTangent => non trouvé(e)
HKLM\SOFTWARE\WOW6432Node\WildTangent => non trouvé(e)
"C:\ProgramData\WildTangent" => non trouvé(e)
"C:\Users\Sylvain\AppData\Roaming\WildTangent" => non trouvé(e)
HKCU\SOFTWARE\Dropbox => non trouvé(e)
HKCU\SOFTWARE\DropboxUpdate => non trouvé(e)
Exécuté par Sylvain (01-10-2018 20:07:42) Run:3
Exécuté depuis C:\Users\Sylvain\Desktop
Profils chargés: Sylvain (Profils disponibles: Sylvain)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CreateRestorePoint:
StartRegEdit:
Windows Registry Editor Version 5.00
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}]
"URL"=""
[HKLM\Software\Wo6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}]
"URL"=""
[HKLM\Software\Wo6432Node\Microsoft\Internet Explorer\SearchScopes\{C2F7C8A3-D4A6-452E-B677-D148D2A36A44}]
"URL"=""
EndRegEdit:
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A6F9ACCC-5D48-4DF5-88DE-010E084FF544}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{066AC33A-AC67-4CCC-9081-DDB8628C4AF6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{43B3D5A1-1ADA-495C-AE85-12994A6BAAD6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{44FEF1F6-BB62-43E8-8201-23400D896818}
C:\Users\Sylvain\AppData\Local\Google\Chrome\User Data\Default\File System\010
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLVirtualDrive
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}
DeleteKey: HKLM\Software\Classes\Installer\Products\E3E01B881198CAF46836CC6F3EC3853B
DeleteKey: HKLM\Software\Classes\Installer\Features\E3E01B881198CAF46836CC6F3EC3853B
DeleteKey: HKCU\Software\Microsoft\Installer\Products\E3E01B881198CAF46836CC6F3EC3853B
DeleteKey: HKCU\Software\Microsoft\Installer\Features\E3E01B881198CAF46836CC6F3EC3853B
C:\WINDOWS\Installer\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}\ARPPRODUCTICON.exe
DeleteKey: HKLM\SOFTWARE\JavaSoft
DeleteKey: HKLM\SOFTWARE\WOW6432Node\JavaSoft
DeleteKey: HKCU\SOFTWARE\JavaSoft
DeleteKey: HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
DeleteKey: HKU\.DEFAULT\SOFTWARE\JavaSoft
DeleteKey: HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\JavaSoft
C:\Program Files (x86)\Java
DeleteKey: HKLM\SOFTWARE\McAfee.com
DeleteKey: HKLM\SOFTWARE\WOW6432Node\McAfee.com
C:\ProgramData\McAfee
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent hp Master Uninstall
DeleteKey: HKLM\SOFTWARE\WildTangent
DeleteKey: HKLM\SOFTWARE\WOW6432Node\WildTangent
C:\ProgramData\WildTangent
C:\Users\Sylvain\AppData\Roaming\WildTangent
DeleteKey: HKCU\SOFTWARE\Dropbox
DeleteKey: HKCU\SOFTWARE\DropboxUpdate
DeleteKey: HKU\.DEFAULT\SOFTWARE\Dropbox
DeleteKey: HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\Dropbox
DeleteKey: HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\DropboxUpdate
C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Dropbox
C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\Dropbox
DeleteKey: HKLM\SOFTWARE\TeamViewer
DeleteKey: HKLM\SOFTWARE\WOW6432Node\TeamViewer
DeleteKey: HKCU\SOFTWARE\TeamViewer
DeleteKey: HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\TeamViewer
C:\Users\Sylvain\AppData\Roaming\TeamViewer
DeleteValue: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK|YahooMusicEngine.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1568993093-1613427294-323948901-1002.job => C:\Users\Sylvain\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {4A8DB574-E2E6-4CD5-A20C-401FDCDC64A5} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Pas de fichier <==== ATTENTION
Task: {5024AAF4-3B12-42BA-AC4A-2B4E05F13BD5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {50427C64-9D4B-433C-85BA-8FA8DC5BE73F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {520B8E32-36F3-470B-B4E5-3BC89C0F340A} - \Microsoft\Windows\Setup\gwx\rundetector -> Pas de fichier <==== ATTENTION
Task: {53BD9DEA-BC64-4BCD-8EAE-43AB134C1AFD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Pas de fichier <==== ATTENTION
Task: {717625E1-EF9A-4944-8971-208E11B1D68F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {77A37956-3D72-4824-8AFA-35E9404A0264} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Pas de fichier <==== ATTENTION
Task: {7C3EF369-1001-48D7-B7C2-2DA38BDB153F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {8040FFD7-526E-46EE-ACF8-D90242BA9C1B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {8A5ABEA4-D67E-449F-8D8E-4C712D875152} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {8C84D0AA-49B7-474A-8F49-B0B34A81A8C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {9C0483F1-1E4B-4C32-96A4-9365CC592FAD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {B057BD87-3A7A-4495-9B50-788E5BBC9569} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Pas de fichier <==== ATTENTION
Task: {B1E87EEA-26A4-48B2-AF0A-1CD258A1453C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {C3EE0694-27DF-4B50-BCFE-E3917CC75CB9} - \WPD\SqmUpload_S-1-5-21-1568993093-1613427294-323948901-1002 -> Pas de fichier <==== ATTENTION
Task: {C4ACCA4D-04B0-458A-98AA-F83BA4C95617} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {DC4FCC91-2676-438C-AB09-6C2F81460194} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\CyberLink Power2Go.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\Desktop Burning Gadget.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\ISO Viewer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools\Virtual Drive.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\CyberLink Media Suite.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos\CyberLink PowerDVD.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk
C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
C:\Users\Sylvain\Pictures\2018-09-10 - Raccourci.lnk
C:\Users\Sylvain\Desktop\filmora_setup_full1084(1).exe.lnk
C:\Users\Sylvain\Desktop\ZHPDiag.lnk
C:\Users\Sylvain\AppData\Roaming\ZHP\Quarantine\ZHPFix\Folder\Folder21___Wondershare\Filmora\Wondershare Filmora.lnk
C:\Users\Sylvain\AppData\Roaming\ZHP\Quarantine\ZHPFix\File\File103___Driver Booster 2.lnk
C:\Users\Sylvain\AppData\Roaming\ZHP\Quarantine\ZHPFix\File\File105___Wondershare Filmora.lnk
C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2017-08-01.lnk
C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner64.lnk
C:\Users\Sylvain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast Secure Browser.lnk
C:\Users\Sylvain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> {C2F7C8A3-D4A6-452E-B677-D148D2A36A44} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UT ... earchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1568993093-1613427294-323948901-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Pas de fichier
FF Plugin HKU\S-1-5-21-1568993093-1613427294-323948901-1002: @hola.org/vlc,version=1.8.328 -> C:\Users\Sylvain\AppData\Local\Hola\firefox\app\vlc [Pas de fichier]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
U3 aspnet_state; pas de ImagePath
2018-09-28 10:39 - 2018-09-28 10:39 - 000000000 _____ () C:\Users\Sylvain\AppData\Local\oobelibMkey.log
cmd: dism.exe /online /cleanup-image /restorehealth
cmd: sfc /scannow
Reboot:
Hosts:
CloseProcesses:
EmptyTemp:
RemoveProxy:
cmd: ipconfig /flushdns
cmd: netsh winsock reset
Cmd: netsh advfirewall reset
Cmd: Netsh advfirewall set allprofiles state on
*****************
Le Point de restauration a été créé avec succès.
====> Registre
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6F9ACCC-5D48-4DF5-88DE-010E084FF544}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{066AC33A-AC67-4CCC-9081-DDB8628C4AF6}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43B3D5A1-1ADA-495C-AE85-12994A6BAAD6}" => non trouvé(e)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44FEF1F6-BB62-43E8-8201-23400D896818}" => non trouvé(e)
"C:\Users\Sylvain\AppData\Local\Google\Chrome\User Data\Default\File System\010" => non trouvé(e)
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLVirtualDrive => non trouvé(e)
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10 => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3} => non trouvé(e)
HKLM\Software\Classes\Installer\Products\E3E01B881198CAF46836CC6F3EC3853B => non trouvé(e)
HKLM\Software\Classes\Installer\Features\E3E01B881198CAF46836CC6F3EC3853B => non trouvé(e)
HKCU\Software\Microsoft\Installer\Products\E3E01B881198CAF46836CC6F3EC3853B => non trouvé(e)
HKCU\Software\Microsoft\Installer\Features\E3E01B881198CAF46836CC6F3EC3853B => non trouvé(e)
"C:\WINDOWS\Installer\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}\ARPPRODUCTICON.exe" => non trouvé(e)
HKLM\SOFTWARE\JavaSoft => non trouvé(e)
HKLM\SOFTWARE\WOW6432Node\JavaSoft => non trouvé(e)
HKCU\SOFTWARE\JavaSoft => non trouvé(e)
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft => non trouvé(e)
HKU\.DEFAULT\SOFTWARE\JavaSoft => non trouvé(e)
HKU\S-1-5-21-1568993093-1613427294-323948901-1002\SOFTWARE\JavaSoft => non trouvé(e)
"C:\Program Files (x86)\Java" => non trouvé(e)
HKLM\SOFTWARE\McAfee.com => non trouvé(e)
HKLM\SOFTWARE\WOW6432Node\McAfee.com => non trouvé(e)
"C:\ProgramData\McAfee" => non trouvé(e)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent hp Master Uninstall => non trouvé(e)
HKLM\SOFTWARE\WildTangent => non trouvé(e)
HKLM\SOFTWARE\WOW6432Node\WildTangent => non trouvé(e)
"C:\ProgramData\WildTangent" => non trouvé(e)
"C:\Users\Sylvain\AppData\Roaming\WildTangent" => non trouvé(e)
HKCU\SOFTWARE\Dropbox => non trouvé(e)
HKCU\SOFTWARE\DropboxUpdate => non trouvé(e)