1. ========================= SEAF 1.0.1.0 - C_XX 2. 3. Commencé à: 11:13:17 le 29/04/2018 4. 5. Valeur(s) recherchée(s): 6. reimage 7. taboola 8. 9. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès 10. 11. (!) --- Recherche registre 12. 13. ====== Fichier(s) ====== 14. 15. 16. "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.9226.20641.0_x64__8wekyb3d8bbwe\xaml\onenote\CaptureImageControl.xaml" [ ARCHIVE | 2 Ko ] 17. TC: 13/12/2017,20:08:47 | TM: 13/12/2017,20:14:10 | DA: 13/12/2017,20:08:47 18. 19. 20. ========================= 21. 22. 23. "C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Recent\taboola.lnk" [ ARCHIVE | 668 o ] 24. TC: 27/04/2018,16:51:52 | TM: 27/04/2018,16:51:52 | DA: 27/04/2018,16:51:52 25. 26. 27. ========================= 28. 29. 30. "C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Recent\taboola2.lnk" [ ARCHIVE | 510 o ] 31. TC: 27/04/2018,16:52:46 | TM: 27/04/2018,16:52:46 | DA: 27/04/2018,16:52:46 32. 33. 34. ========================= 35. 36. 37. "C:\Users\Alain\AppData\Roaming\Microsoft\Windows\Recent\taboola3.lnk" [ ARCHIVE | 675 o ] 38. TC: 27/04/2018,16:59:09 | TM: 27/04/2018,16:59:09 | DA: 27/04/2018,16:59:09 39. 40. 41. ========================= 42. 43. 44. "C:\Windows\InfusedApps\Packages\Microsoft.Office.OneNote_17.8366.57611.0_x64__8wekyb3d8bbwe\xaml\onenote\CaptureImageControl.xaml" [ ARCHIVE | 2 Ko ] 45. TC: 30/09/2017,16:43:28 | TM: 30/09/2017,16:43:28 | DA: 30/09/2017,16:43:28 46. 47. 48. ========================= 49. 50. 51. 52. ====== Entrée(s) du registre ====== 53. 54. 55. [HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Services.Store.StoreImage] 56. DA: 30/09/2017 16:41:34 57. 58. [HKLM\Software\Microsoft\WindowsRuntime\CLSID\{adcb9f2b-3700-3e20-aeec-7d5fa27fa8a5}] 59. "ActivatableClassId"="Windows.Services.Store.StoreImage" (REG_SZ) 60. 61. [HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Services.Store.StoreImage] 62. DA: 30/09/2017 16:41:34 63. 64. [HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{adcb9f2b-3700-3e20-aeec-7d5fa27fa8a5}] 65. "ActivatableClassId"="Windows.Services.Store.StoreImage" (REG_SZ) 66. 67. [HKLM\Software\WOW6432Node\Classes\Interface\{081FD248-ADB4-4B64-A993-784789926ED5}] 68. ""="IStoreImage" (REG_SZ) 69. 70. [HKLM\Software\WOW6432Node\Classes\WOW6432Node\Interface\{081FD248-ADB4-4B64-A993-784789926ED5}] 71. ""="IStoreImage" (REG_SZ) 72. 73. [HKLM\Software\Classes\Interface\{081FD248-ADB4-4B64-A993-784789926ED5}] 74. ""="IStoreImage" (REG_SZ) 75. 76. [HKLM\Software\Classes\WOW6432Node\Interface\{081FD248-ADB4-4B64-A993-784789926ED5}] 77. ""="IStoreImage" (REG_SZ) 78. 79. [HKLM\System\ControlSet001\Control\Session Manager\Power] 80. "ResumeRestoreImageStartTimestamp"="8323" (REG_DWORD) 81. 82. [HKLM\System\CurrentControlSet\Control\Session Manager\Power] 83. "ResumeRestoreImageStartTimestamp"="8323" (REG_DWORD) 84. 85. [HKU\S-1-5-21-1108268618-665824514-65864651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs] 86. "123"="taboola.PNG" (REG_BINARY) 87. 88. [HKU\S-1-5-21-1108268618-665824514-65864651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs] 89. "124"="taboola2.PNG" (REG_BINARY) 90. 91. [HKU\S-1-5-21-1108268618-665824514-65864651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs] 92. "125"="taboola3.PNG" (REG_BINARY) 93. 94. [HKU\S-1-5-21-1108268618-665824514-65864651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.PNG] 95. "16"="taboola.PNG" (REG_BINARY) 96. 97. [HKU\S-1-5-21-1108268618-665824514-65864651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.PNG] 98. "17"="taboola2.PNG" (REG_BINARY) 99. 100. [HKU\S-1-5-21-1108268618-665824514-65864651-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.PNG] 101. "18"="taboola3.PNG" (REG_BINARY) 102. 103. ========================= 104. 105. Fin à: 11:20:33 le 29/04/2018 106. 809026 Éléments analysés 107. 108. ========================= 109. E.O.F