Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2020 01
Exécuté par Daniel (administrateur) sur PORTABLE-DANIEL (ASUSTeK Computer Inc. K50IJ) (24-01-2020 21:15:08)
Exécuté depuis C:\Users\Daniel\Desktop
Profils chargés: Daniel (Profils disponibles: Daniel & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 10 Home Version 1903 18362.592 (X64) Langue: Français (France)
Navigateur par défaut: Opera
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Huawei Technologies Co., Ltd. -> ) [Fichier non signé] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe [980944 2018-07-22] (Glarysoft LTD -> Glarysoft Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [25294848 2019-12-17] () [Fichier non signé]
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Run: [Eye4] => C:\Program Files (x86)\Eye4\SuperIPCam.exe [5232640 2018-08-23] () [Fichier non signé]
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2020-01-18]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {02FEA434-E6A9-4BDC-8601-07F2BD566677} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {04788EA9-991F-4BF9-B1D4-5C0412FC391E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {051AE9E0-8377-46D0-AFDA-A9D3DD3FC106} - System32\Tasks\ESTsoft RunAsStdUser 36437562Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe
Task: {15242963-B15C-402F-9EF2-18FE8AEDA186} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [2438608 2018-07-22] (Glarysoft LTD -> Glarysoft Ltd)
Task: {15567E95-DEDB-44B7-8D73-DA4DF50A953D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {16FFD081-B62B-4756-B355-F6E05780FAA0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [107000 2016-06-24] (Siber Systems -> Siber Systems)
Task: {183F4A3D-96E6-4C5A-914E-EB2F37751D27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {1C77A5C6-9BDD-4476-B05D-C8334EFB972F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2056262D-F462-4BCC-9A5B-6CE557D31D97} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2211BC13-915B-405D-8634-C93CE2A5A651} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {23441E1E-97E6-4630-89E8-02966B304EDA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Pas de fichier <==== ATTENTION
Task: {24158E72-79C0-4BBC-B259-47AB484FB4FB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2AC33AEF-A019-4EF5-BEB4-9D46E775ED05} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe)
Task: {33C20D13-599A-407E-8C0A-9860EEB8085E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3FD1043C-D0E1-4D0E-AD69-466C0CA66E0F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {40FDF2FD-C2B3-4ECB-AF1E-9A18D8CD133C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-07] (Google Inc -> Google Inc.)
Task: {42D627E6-E6D3-4EB0-A8AD-D82A46C73B68} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4810DED4-9C96-4076-82D7-5DDFF2E5D251} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {48985F04-E597-4175-8402-FCA3293E06DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C1F3AD5-3A11-49D0-83E2-7E988E3012FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {53EE44C7-6517-423C-ABB8-99846BF6B0F3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56F0CEFC-130C-412E-870E-A0FE743F7260} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {58C7A99D-48A8-4E25-BB94-B83FD45EF0D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5E7F25B7-2437-4021-92EE-534F5A7F875C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5EE085CF-C11B-4100-BEC8-490F0935DA78} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMNMOJIMOJJMNJNJCNIMKJGMLMCNLMHMNJNJCNNJJJMJLMCNLJGMNJLJMJIMGMNJKJPMHMHMJNJICMIMCNJMCNLMFMGMCNOMOMCNOMPMKMHMJMFMJMCNNMCNGMNMPMPMCNNMJNPICMHMFMEKMICNJJCKFMOMMMIMJNHICMEKMICNJJCKJNBJCMLLOJBJGJKJDJJNKJCMJNNICMJNDJCMJJNI"
Task: {6028D8D1-5FE2-48C9-A5AE-9A3D450DDF03} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {67540958-2C64-420E-BE29-921306D0A777} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [120202352 2020-01-18] (Microsoft Windows -> Microsoft Corporation)
Task: {69FFA5D1-4EA7-4F4F-8C74-4F478639A11B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {6BF5E140-1816-495D-A065-CEA8E38B38D5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Pas de fichier <==== ATTENTION
Task: {6DA07C88-672C-4BD9-811F-581D728EEB3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {6E4921CC-0297-4534-909D-0D91B18D23B5} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {712C72ED-4D9C-4F14-9FEE-278A64D8D52A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-07] (Google Inc -> Google Inc.)
Task: {71A4B114-86C3-43BC-B8CF-5367BD5B1911} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7368C52B-E0C7-4CF2-AF2F-EBC1747942EF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7645C6DD-E8DC-4597-961E-4AC26900A260} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-01-21] (Adobe Inc. -> Adobe)
Task: {76739592-31F8-4C1D-9CB5-7EB6A3F9DD65} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7A12873E-BF3E-4DED-80F8-2755EE36D54B} - System32\Tasks\Opera scheduled Autoupdate 1466294128 => C:\Program Files (x86)\Opera\launcher.exe [1350680 2020-01-22] (Opera Software AS -> Opera Software)
Task: {874369B4-AB6D-4812-9B8B-BE8528CB1C91} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {8C2F7FC1-4CF4-4138-973C-89C4A740B07B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {967AC4FA-2AEB-45ED-8BC0-406218189304} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9BD00944-2B7F-499D-A115-FC0E6BD0F562} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9EDF7DEA-366B-4633-9537-16FAE90F7F9C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A56B9D72-D475-48ED-A804-A96487A73A3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A70CB08A-8DAD-4F8F-A919-FFA856A81CA3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AC3221AF-3207-4C60-8E5B-F3182B421079} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {AC42ED55-CDF5-4184-AC2E-4AA1A70B429C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B2059D96-70E2-4028-8217-457C384BD374} - System32\Tasks\ESTsoft RunAsStdUser 6375062Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe
Task: {BFD63708-EE33-42DA-AEBE-7C0D0E935087} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0EB7B3E-6FD7-466A-884C-3840504D5D8C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C440E4AC-28CB-4546-BEF8-175EB3A0B0E2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {C96BA95B-BEA2-4084-AB31-E775DE934A41} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {CA9EFB19-D0CC-425A-9B57-5D8A3E61047B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE36CCFD-B0A9-4F16-AF2B-9E8ABED4F039} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {CF5001A3-F0F7-4C82-BA63-723F86E81435} - System32\Tasks\{731FF66A-CBB6-4F09-A016-876DA4EAE72A} => C:\WINDOWS\system32\pcalua.exe -a C:\DriveKey\HPUSBFW.EXE -d C:\Users\Daniel\Desktop
Task: {CFA44550-EF7B-4D77-A348-D4A186D98FAD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {D022E69A-44DA-4802-A5D1-85269D5EAA36} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D2F33A69-904B-436D-827A-DBB097F89623} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {D8D1CE0D-B6B4-45AB-B7B2-4C019CDBA447} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
Task: {E2FD973C-C242-47FC-81EC-5EC2D60A6B28} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {EB9E1168-6965-4222-A66F-10B7CE15855B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {F6277D7E-9E2B-4657-97C6-DDA0941E5C78} - System32\Tasks\SoftwareUpdate Pro => C:\Program Files (x86)\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe
Task: {F704C624-C2C7-448E-8FE6-7BE5F5F4B812} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F83A5CE9-F713-4515-A864-F87A5AF3575C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F904F284-2A95-443C-89EF-F1137C5211D7} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {FF97221E-906C-4E48-A580-CED5E2285DDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{55b139ac-2f96-442d-a470-3c4118df05ce}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ab30bb4e-ec21-477a-85ab-f61694b95e62}: [DhcpNameServer] 192.168.0.1 135.19.0.18 70.80.0.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-ca/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => Pas de fichier
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Pas de nom -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Pas de fichier
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Pas de nom -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2009-03-13] (Siber Systems Inc.) [Fichier non signé]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-20] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2009-03-13] (Siber Systems Inc.) [Fichier non signé]
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKU\S-1-5-21-4024821978-2350809512-895266991-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - Pas de fichier
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/ca/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: intu-ti2017 - {49E885C3-0DD2-48F6-BC59-955BE5FEB3C5} - C:\Program Files (x86)\TurboImpot 2017\ic2017pp.dll Pas de fichier
Handler: intu-ti2018 - {21f48c3a-fdbd-47d2-b702-6e1ddebee10d} - C:\Program Files (x86)\TurboImpot 2018\ic2018pp.dll Pas de fichier
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\TomTom\HOME\Profiles\p1hw2oz7.default [2019-08-06]
FF Extension: (Emulator) - C:\Users\Daniel\AppData\Roaming\TomTom\HOME\Profiles\p1hw2oz7.default\Extensions\Navcore.8.010.9369@tomtom.com [2016-06-19] [] [non signé]
FF Extension: (Pas de nom) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [non trouvé(e)]
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\e1YVy467.default [2020-01-24]
FF Homepage: Mozilla\Firefox\Profiles\e1YVy467.default -> hxxps://www.google.ca/
FF Extension: (Avira Browser Safety) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\e1YVy467.default\Extensions\abs@avira.com [2017-05-06] []
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\e1YVy467.default\Extensions\sp@avast.com.xpi [2019-02-10]
FF Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\e1YVy467.default\Extensions\wrc@avast.com.xpi [2019-02-10]
FF Extension: (Pas de nom) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi\ [non trouvé(e)]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2017-10-17] (CANON INC.) [Fichier non signé]
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://ethor.net/login3.php?returnto=%2Fdp#/index.php","hxxps://www.google.ca/","hxxps://www.google.com/intl/fr/gmail/about/#","hxxps://www.facebook.com/"
CHR NewTab: Default -> "active": true,
"entry": "chrome-extension://lceefillmbhhileboicaeakgcikdocmm/index.html"
CHR DefaultSearchURL: Default -> hxxps://www.facebook.com/search/top/?q={searchTerms}&opensearch=1
CHR DefaultSearchKeyword: Default -> facebook.com
CHR DefaultSuggestURL: Default -> hxxps://www.facebook.com/search/opensearch/suggestions/?q={searchTerms}
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2020-01-22]
CHR Extension: (Slides) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-29]
CHR Extension: (Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-29]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-02]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-02]
CHR Extension: (Sheets) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-29]
CHR Extension: (Protection Web Avira) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-12-16]
CHR Extension: (Google Docs hors connexion) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-29]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-12-16]
CHR Extension: (Speed Dial 3(Web)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lceefillmbhhileboicaeakgcikdocmm [2016-07-09]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-28]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-31]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-09]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
Opera:
=======
OPR StartupUrls: "hxxps://ethor.net/dp#/browse.php?orderby=leechers&","hxxps://www.google.ca/?hl=fr","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.facebook.com/"
OPR Extension: (Honey) - C:\Users\Daniel\AppData\Roaming\Opera Software\Opera Stable\Extensions\bdbghbgbindbkaainmmmekddaokgbffn [2018-05-30]
Exécuté par Daniel (administrateur) sur PORTABLE-DANIEL (ASUSTeK Computer Inc. K50IJ) (24-01-2020 21:15:08)
Exécuté depuis C:\Users\Daniel\Desktop
Profils chargés: Daniel (Profils disponibles: Daniel & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 10 Home Version 1903 18362.592 (X64) Langue: Français (France)
Navigateur par défaut: Opera
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Huawei Technologies Co., Ltd. -> ) [Fichier non signé] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe [980944 2018-07-22] (Glarysoft LTD -> Glarysoft Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [25294848 2019-12-17] () [Fichier non signé]
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Run: [Eye4] => C:\Program Files (x86)\Eye4\SuperIPCam.exe [5232640 2018-08-23] () [Fichier non signé]
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\...\AppCompatFlags\Custom\chrome.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\explorer.zza: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2020-01-18]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {02FEA434-E6A9-4BDC-8601-07F2BD566677} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {04788EA9-991F-4BF9-B1D4-5C0412FC391E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {051AE9E0-8377-46D0-AFDA-A9D3DD3FC106} - System32\Tasks\ESTsoft RunAsStdUser 36437562Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe
Task: {15242963-B15C-402F-9EF2-18FE8AEDA186} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [2438608 2018-07-22] (Glarysoft LTD -> Glarysoft Ltd)
Task: {15567E95-DEDB-44B7-8D73-DA4DF50A953D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {16FFD081-B62B-4756-B355-F6E05780FAA0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [107000 2016-06-24] (Siber Systems -> Siber Systems)
Task: {183F4A3D-96E6-4C5A-914E-EB2F37751D27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {1C77A5C6-9BDD-4476-B05D-C8334EFB972F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2056262D-F462-4BCC-9A5B-6CE557D31D97} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2211BC13-915B-405D-8634-C93CE2A5A651} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {23441E1E-97E6-4630-89E8-02966B304EDA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Pas de fichier <==== ATTENTION
Task: {24158E72-79C0-4BBC-B259-47AB484FB4FB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2AC33AEF-A019-4EF5-BEB4-9D46E775ED05} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe)
Task: {33C20D13-599A-407E-8C0A-9860EEB8085E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3FD1043C-D0E1-4D0E-AD69-466C0CA66E0F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {40FDF2FD-C2B3-4ECB-AF1E-9A18D8CD133C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-07] (Google Inc -> Google Inc.)
Task: {42D627E6-E6D3-4EB0-A8AD-D82A46C73B68} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4810DED4-9C96-4076-82D7-5DDFF2E5D251} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {48985F04-E597-4175-8402-FCA3293E06DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C1F3AD5-3A11-49D0-83E2-7E988E3012FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {53EE44C7-6517-423C-ABB8-99846BF6B0F3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56F0CEFC-130C-412E-870E-A0FE743F7260} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {58C7A99D-48A8-4E25-BB94-B83FD45EF0D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5E7F25B7-2437-4021-92EE-534F5A7F875C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5EE085CF-C11B-4100-BEC8-490F0935DA78} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMNMOJIMOJJMNJNJCNIMKJGMLMCNLMHMNJNJCNNJJJMJLMCNLJGMNJLJMJIMGMNJKJPMHMHMJNJICMIMCNJMCNLMFMGMCNOMOMCNOMPMKMHMJMFMJMCNNMCNGMNMPMPMCNNMJNPICMHMFMEKMICNJJCKFMOMMMIMJNHICMEKMICNJJCKJNBJCMLLOJBJGJKJDJJNKJCMJNNICMJNDJCMJJNI"
Task: {6028D8D1-5FE2-48C9-A5AE-9A3D450DDF03} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {67540958-2C64-420E-BE29-921306D0A777} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [120202352 2020-01-18] (Microsoft Windows -> Microsoft Corporation)
Task: {69FFA5D1-4EA7-4F4F-8C74-4F478639A11B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {6BF5E140-1816-495D-A065-CEA8E38B38D5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Pas de fichier <==== ATTENTION
Task: {6DA07C88-672C-4BD9-811F-581D728EEB3E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {6E4921CC-0297-4534-909D-0D91B18D23B5} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {712C72ED-4D9C-4F14-9FEE-278A64D8D52A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-07] (Google Inc -> Google Inc.)
Task: {71A4B114-86C3-43BC-B8CF-5367BD5B1911} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7368C52B-E0C7-4CF2-AF2F-EBC1747942EF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7645C6DD-E8DC-4597-961E-4AC26900A260} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-01-21] (Adobe Inc. -> Adobe)
Task: {76739592-31F8-4C1D-9CB5-7EB6A3F9DD65} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7A12873E-BF3E-4DED-80F8-2755EE36D54B} - System32\Tasks\Opera scheduled Autoupdate 1466294128 => C:\Program Files (x86)\Opera\launcher.exe [1350680 2020-01-22] (Opera Software AS -> Opera Software)
Task: {874369B4-AB6D-4812-9B8B-BE8528CB1C91} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {8C2F7FC1-4CF4-4138-973C-89C4A740B07B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {967AC4FA-2AEB-45ED-8BC0-406218189304} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9BD00944-2B7F-499D-A115-FC0E6BD0F562} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9EDF7DEA-366B-4633-9537-16FAE90F7F9C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A56B9D72-D475-48ED-A804-A96487A73A3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A70CB08A-8DAD-4F8F-A919-FFA856A81CA3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AC3221AF-3207-4C60-8E5B-F3182B421079} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {AC42ED55-CDF5-4184-AC2E-4AA1A70B429C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B2059D96-70E2-4028-8217-457C384BD374} - System32\Tasks\ESTsoft RunAsStdUser 6375062Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe
Task: {BFD63708-EE33-42DA-AEBE-7C0D0E935087} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0EB7B3E-6FD7-466A-884C-3840504D5D8C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C440E4AC-28CB-4546-BEF8-175EB3A0B0E2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {C96BA95B-BEA2-4084-AB31-E775DE934A41} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {CA9EFB19-D0CC-425A-9B57-5D8A3E61047B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE36CCFD-B0A9-4F16-AF2B-9E8ABED4F039} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {CF5001A3-F0F7-4C82-BA63-723F86E81435} - System32\Tasks\{731FF66A-CBB6-4F09-A016-876DA4EAE72A} => C:\WINDOWS\system32\pcalua.exe -a C:\DriveKey\HPUSBFW.EXE -d C:\Users\Daniel\Desktop
Task: {CFA44550-EF7B-4D77-A348-D4A186D98FAD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {D022E69A-44DA-4802-A5D1-85269D5EAA36} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D2F33A69-904B-436D-827A-DBB097F89623} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {D8D1CE0D-B6B4-45AB-B7B2-4C019CDBA447} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
Task: {E2FD973C-C242-47FC-81EC-5EC2D60A6B28} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {EB9E1168-6965-4222-A66F-10B7CE15855B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {F6277D7E-9E2B-4657-97C6-DDA0941E5C78} - System32\Tasks\SoftwareUpdate Pro => C:\Program Files (x86)\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe
Task: {F704C624-C2C7-448E-8FE6-7BE5F5F4B812} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F83A5CE9-F713-4515-A864-F87A5AF3575C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F904F284-2A95-443C-89EF-F1137C5211D7} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {FF97221E-906C-4E48-A580-CED5E2285DDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{55b139ac-2f96-442d-a470-3c4118df05ce}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ab30bb4e-ec21-477a-85ab-f61694b95e62}: [DhcpNameServer] 192.168.0.1 135.19.0.18 70.80.0.66
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#/?show_is=1&source=art
HKU\S-1-5-21-4024821978-2350809512-895266991-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-ca/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => Pas de fichier
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Pas de nom -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Pas de fichier
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Pas de nom -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2009-03-13] (Siber Systems Inc.) [Fichier non signé]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-20] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2009-03-13] (Siber Systems Inc.) [Fichier non signé]
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKU\S-1-5-21-4024821978-2350809512-895266991-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - Pas de fichier
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/ca/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: intu-ti2017 - {49E885C3-0DD2-48F6-BC59-955BE5FEB3C5} - C:\Program Files (x86)\TurboImpot 2017\ic2017pp.dll Pas de fichier
Handler: intu-ti2018 - {21f48c3a-fdbd-47d2-b702-6e1ddebee10d} - C:\Program Files (x86)\TurboImpot 2018\ic2018pp.dll Pas de fichier
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\TomTom\HOME\Profiles\p1hw2oz7.default [2019-08-06]
FF Extension: (Emulator) - C:\Users\Daniel\AppData\Roaming\TomTom\HOME\Profiles\p1hw2oz7.default\Extensions\Navcore.8.010.9369@tomtom.com [2016-06-19] [] [non signé]
FF Extension: (Pas de nom) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [non trouvé(e)]
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\e1YVy467.default [2020-01-24]
FF Homepage: Mozilla\Firefox\Profiles\e1YVy467.default -> hxxps://www.google.ca/
FF Extension: (Avira Browser Safety) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\e1YVy467.default\Extensions\abs@avira.com [2017-05-06] []
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\e1YVy467.default\Extensions\sp@avast.com.xpi [2019-02-10]
FF Extension: (Avast Online Security) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\e1YVy467.default\Extensions\wrc@avast.com.xpi [2019-02-10]
FF Extension: (Pas de nom) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi\ [non trouvé(e)]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2017-10-17] (CANON INC.) [Fichier non signé]
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://ethor.net/login3.php?returnto=%2Fdp#/index.php","hxxps://www.google.ca/","hxxps://www.google.com/intl/fr/gmail/about/#","hxxps://www.facebook.com/"
CHR NewTab: Default -> "active": true,
"entry": "chrome-extension://lceefillmbhhileboicaeakgcikdocmm/index.html"
CHR DefaultSearchURL: Default -> hxxps://www.facebook.com/search/top/?q={searchTerms}&opensearch=1
CHR DefaultSearchKeyword: Default -> facebook.com
CHR DefaultSuggestURL: Default -> hxxps://www.facebook.com/search/opensearch/suggestions/?q={searchTerms}
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2020-01-22]
CHR Extension: (Slides) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-29]
CHR Extension: (Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-29]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-02]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-02]
CHR Extension: (Sheets) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-29]
CHR Extension: (Protection Web Avira) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-12-16]
CHR Extension: (Google Docs hors connexion) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-29]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-12-16]
CHR Extension: (Speed Dial 3(Web)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lceefillmbhhileboicaeakgcikdocmm [2016-07-09]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-28]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-31]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-09]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
Opera:
=======
OPR StartupUrls: "hxxps://ethor.net/dp#/browse.php?orderby=leechers&","hxxps://www.google.ca/?hl=fr","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.facebook.com/"
OPR Extension: (Honey) - C:\Users\Daniel\AppData\Roaming\Opera Software\Opera Stable\Extensions\bdbghbgbindbkaainmmmekddaokgbffn [2018-05-30]