Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2021
Exécuté par admin (administrateur) sur ALFR-6Y1B4M2-L (Dell Inc. Latitude 5480) (15-10-2021 11:28:30)
Exécuté depuis C:\Users\admin\Desktop
Profils chargés: admin & henri.mokrani & Administrator
Platform: Microsoft Windows 10 Professionnel Version 20H2 19042.1165 (X64) Langue: Anglais (États-Unis) -> Français (France)
Navigateur par défaut: Edge
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
() [Fichier non signé] C:\Program Files (x86)\Emerson Process Management\USB Fieldbus Interface\Service\770FieldbusService.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader 2015\Reader\AcroCEF\RdrCEF.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader 2015\Reader\AcroRd32.exe <2>
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe <2>
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe <2>
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe <2>
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe <2>
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(BMC Software, Inc. -> Harman) [Fichier non signé] C:\Program Files (x86)\BMC Software\BBCA\Tuner\Tuner.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\DCF.Loader.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\DellAuthService.exe
(Google Inc -> Google Inc) C:\Program Files (x86)\Google\Legacy Browser Support\lbs_native_host.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <23>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132337.inf_amd64_223d6831ffa64ab1\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132337.inf_amd64_223d6831ffa64ab1\igfxEM.exe <2>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132337.inf_amd64_223d6831ffa64ab1\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132337.inf_amd64_223d6831ffa64ab1\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSetup.exe <2>
(Microsoft Windows -> ) C:\Windows\System32\AppV\AppVStreamingUX.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\AppVClient.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostControlService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostStorageService.exe
(OCS Inventory NG) [Fichier non signé] [Fichier en cours d'utilisation] C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe <2>
(OCS Inventory NG) [Fichier non signé] C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\BMC Software\BBCA\Tuner\lib\jre\bin\java.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <6>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <5>
(RealVNC Ltd -> RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncagent.exe
(RealVNC Ltd -> RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd -> RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
(Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\ccSvcHst.exe <3>
(Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\ccSvcHst.exe
(Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\sepWscSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_44bc22ea00b5928a\WavesSvc64.exe <2>
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_44bc22ea00b5928a\WavesSysSvc64.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [777848 2017-06-02] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269120 2018-11-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2018-11-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Conisio Login Manager] => C:\Program Files\SOLIDWORKS Enterprise PDM\EdmServer.exe [1804288 2015-11-12] (Dassault Systemes SolidWorks Corp.) [Fichier non signé]
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [352736 2017-10-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo.inf_amd64_44bc22ea00b5928a\WavesSvc64.exe [1207152 2017-10-20] (Waves Inc -> Waves Audio Ltd.)
HKLM Group Policy restriction on software: %PROGRAMFILES%\WindowsApps\Microsoft.WindowsStore* <==== ATTENTION
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1879854773-1829175685-1234779376-329370\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\PhotoScreensaver.scr [581120 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1879854773-1829175685-1234779376-556927\...\Policies\system: [NoDispScrSavPage] 1
HKU\S-1-5-21-1879854773-1829175685-1234779376-556927\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-1879854773-1829175685-1234779376-556927\...\MountPoints2: {18c33a91-da3f-11eb-81d5-a44cc885679d} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1879854773-1829175685-1234779376-556927\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\PhotoScreensaver.scr [581120 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-943333821-259348717-465917430-500\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 1
HKU\S-1-5-21-943333821-259348717-465917430-500\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-943333821-259348717-465917430-500\...\Policies\Explorer: [NoDrives] 00000100
HKLM\...\Print\Monitors\MONVNC: C:\windows\system32\VNCpm.dll [37704 2017-04-26] (RealVNC Ltd -> RealVNC Ltd)
HKLM\...\Print\Monitors\pdfcmon: C:\windows\system32\pdfcmon.dll [117248 2018-08-06] (pdfforge GmbH) [Fichier non signé]
HKLM\...\Print\Monitors\ricu06lm: C:\windows\system32\ricu06lm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-21] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [g_00867_cirrato_print-agent-21.7.0_ml_30] -> C:\Program Files (x86)\BMC Software\BBCA\Tuner\.marimba\BBCA_ClientWorkstation\ch.23039\data\scripts\CreateRegCurrentUser.EXE [2012-09-20] () [Fichier non signé]
HKLM\Software\...\Authentication\Credential Providers: [{05102259-6b83-447a-b5f0-5bf949283a12}] -> c:\Program Files\DELL\Dell Data Protection\Security Tools\DellCredentialProvider.dll [2020-07-17] (Dell Inc -> Dell Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{0528589e-4107-4900-832f-15fba63714ef}] -> c:\Program Files\DELL\Dell Data Protection\Security Tools\DellCredentialProviderOU.dll [2020-07-17] (Dell Inc -> Dell Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{05a5ed6c-fd84-43dd-86e7-658afd5bd929}] -> c:\Program Files\DELL\Dell Data Protection\Security Tools\DellCredentialProviderSC.dll [2020-07-17] (Dell Inc -> Dell Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{4B9CAC01-6732-40d0-8B8F-B5B340F9D44F}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Authentication\Credential Providers: [{4EFD0F35-BFBA-44eb-8F25-2B3530203C1D}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Authentication\Credential Providers: [{C1258FBC-F04F-4862-B78A-DDAAEF4A9707}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Authentication\Credential Providers: [{EAB1A79F-DFAA-4faf-A7B9-A6652E97EE16}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Authentication\Credential Provider Filters: [{05102259-6b83-447a-b5f0-5bf949283a12}] -> c:\Program Files\DELL\Dell Data Protection\Security Tools\DellCredentialProvider.dll [2020-07-17] (Dell Inc -> Dell Inc.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{3884BCAA-C611-4e2d-9105-E11B1203294E}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Winlogon\GPExtensions: [{D76B9641-3288-4f75-942D-087DE603E3EA}] -> C:\Program Files\LAPS\CSE\AdmPwd.dll [2015-06-23] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OCS Inventory NG Systray.lnk [2018-11-07]
ShortcutTarget: OCS Inventory NG Systray.lnk -> C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe (OCS Inventory NG) [Fichier non signé] [Fichier en cours d'utilisation]
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {0488ED92-A7EE-49FE-9B9B-FB2AF387BB0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-10] (Google Inc -> Google Inc.)
Task: {10C5B6C7-2991-4EA7-A37A-ED43B1A71740} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000358d6-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\FDC32C5CF2BF0DCCA2BE7B75CFF271FC\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-59-08\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\FDC32C5CF2BF0DCCA2BE7B75CFF271FC\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-59-08" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {1377F095-9F69-4982-8947-436F5FED2546} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {20669C98-9BF1-4720-94F7-C6F3988285A4} - System32\Tasks\AuditVPNCon => C:\Windows\System32\gpupdate.exe [30720 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
Task: {2A0977BD-971E-447E-867A-E1E66759B103} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\windows\system32\gpupdate.exe [30720 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
Task: {33409EE3-3EED-4D13-BDB3-D6CEE6BD3301} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00033dea-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\4CC316955753893D0CC21FF9A559D45E\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-34-52\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\4CC316955753893D0CC21FF9A559D45E\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-34-52" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {3604E364-179C-4814-9298-2368F3A37556} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00034323-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\45229C9B23B84B5F7DAC07E98DA29002\BaseDir\Installation\InstallationSandbox#2020-11-03-T-12-04-58\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\45229C9B23B84B5F7DAC07E98DA29002\BaseDir\Installation\InstallationSandbox#2020-11-03-T-12-04-58" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {3C5216E8-9158-4C67-B236-59F42AE8AF56} - System32\Tasks\CUPInfoScreenReRun => C:\Windows\System32\wscript.exe C:\_INSTALL\CUP2021\g_01273_gio_w10-20h2-upgrade-advertisement-1.0_ml_16\execute_Inplace_Update_Info_Screen.vbs
Task: {48F0D7FE-5867-40AA-BF5A-CA0D7BA55772} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {501B7E4B-891E-4DCE-83DE-4985C1DD5BE1} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\windows\system32\gpupdate.exe [30720 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
Task: {56080845-FF4F-409D-8941-BC632F87832A} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00039f61-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\332BBB32F2889E135028BDBB0AA126A5\BaseDir\Installation\InstallationSandbox#2021-09-06-T-10-15-23\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\332BBB32F2889E135028BDBB0AA126A5\BaseDir\Installation\InstallationSandbox#2021-09-06-T-10-15-23" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {5AC108CD-72C2-4124-96C5-382935536755} - System32\Tasks\mamos_extmon_BBCAClientWorkstation => C:\Program Files (x86)\BMC Software\BBCA\Tuner\lib\mamosmonitor.exe [29184 2021-01-15] () [Fichier non signé]
Task: {5BA66672-0465-407E-9911-12F922C62323} - System32\Tasks\FetchLockscreen-DC => \\EU.CORP.AIRLIQUIDE.COM\SYSVOL\EU.CORP.AIRLIQUIDE.COM\POLICIES\{A6EF46DF-FB7E-4D8C-AB3A-95FDC71D033B}\MACHINE\LockScreens\lockscreen.cmd -Root .\Images
Task: {5E697BED-B623-4EDD-820F-0B640CAE0850} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {625B84DE-3765-453A-BDCD-4A0F3A77DBD2} - System32\Tasks\scstart_tuner_BBCAClientWorkstation => sc.exe start BBCAClientWorkstation
Task: {62985F4E-59A7-4738-9318-0272D4E7ECCE} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00033e2d-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\F3CE5C9A8F7F1F002D1A14B1EF08E51F\BaseDir\Installation\InstallationSandbox#2020-09-26-T-20-39-17\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\F3CE5C9A8F7F1F002D1A14B1EF08E51F\BaseDir\Installation\InstallationSandbox#2020-09-26-T-20-39-17" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {6AD61511-715C-4D6C-8126-96B4D86FD77E} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000357ba-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\14A38D0C62492D930790AE1AB9920161\BaseDir\Installation\InstallationSandbox#2021-03-03-T-00-16-59\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\14A38D0C62492D930790AE1AB9920161\BaseDir\Installation\InstallationSandbox#2021-03-03-T-00-16-59" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {6CE01E10-0420-4850-9B21-EEBF81676E77} - System32\Tasks\AdminAudit => Powershell.exe -executionpolicy bypass -file C:\_INSTALL\scripts\AdminAudit\AdminAudit.ps1 <==== ATTENTION
Task: {702A22C1-20D7-4100-B2A9-0F7A76BB9E41} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000358d3-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\E98DF84C1B8F208AFA1D97C715CEDB3E\BaseDir\Installation\InstallationSandbox#2021-03-03-T-00-14-28\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\E98DF84C1B8F208AFA1D97C715CEDB3E\BaseDir\Installation\InstallationSandbox#2021-03-03-T-00-14-28" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {7743E78F-E4C9-4641-97B8-E920107606E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-10] (Google Inc -> Google Inc.)
Task: {7BC32F26-FB06-437C-8DBD-DCC91E01D588} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Autofix => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\SymErr.exe [90128 2020-10-01] (Symantec Corporation -> Symantec Corporation)
Task: {876DBB3A-242B-4C8F-96B0-30B54ED7AFFB} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000358e4-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\1D9147C1DEC5AD4E1B29A69E0299B4E5\BaseDir\Installation\InstallationSandbox#2021-02-26-T-15-49-32\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\1D9147C1DEC5AD4E1B29A69E0299B4E5\BaseDir\Installation\InstallationSandbox#2021-02-26-T-15-49-32" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {9072E9B1-055A-429D-9836-BC816949B8FC} - System32\Tasks\BootPerf => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy ByPass -WindowStyle Hidden -File c:\_install\scripts\BootPerf.ps1 <==== ATTENTION
Task: {99B85BFC-0355-4F24-A3AB-E83EB90C0E2C} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00033cf7-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\0EEC13B8D97398ABE7B916654D42BB4F\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-36-14\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\0EEC13B8D97398ABE7B916654D42BB4F\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-36-14" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {A11EB3A4-7888-4037-8541-C0318340D6D9} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (0003460a-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\3C8E140EC3DF2F18B81C84B9C37BD20D\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-57-57\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\3C8E140EC3DF2F18B81C84B9C37BD20D\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-57-57" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {AF39A428-F38B-4154-9D0E-AAD493D2EBA2} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00038dab-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\1D3DABA628357B14DE7154B48F9F58F8\BaseDir\Installation\InstallationSandbox#2021-05-03-T-08-53-18\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\1D3DABA628357B14DE7154B48F9F58F8\BaseDir\Installation\InstallationSandbox#2021-05-03-T-08-53-18" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {B9EB3147-6309-4769-94B9-F2B25CD83983} - System32\Tasks\restart_marimba => C:\_INSTALL\scripts\restart_marimba.bat [18023 2020-08-03] () [Fichier non signé]
Task: {BD05A48F-E072-4B75-88A6-4008A0B981F2} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\SymErr.exe [90128 2020-10-01] (Symantec Corporation -> Symantec Corporation)
Task: {BD769565-C731-4818-84C2-BB562A4C3FCC} - System32\Tasks\AuditVPNCon_activate_Win => C:\Windows\System32\cscript.exe //B "%windir%\system32\slmgr.vbs" /ato
Task: {C1CAC73B-EBE2-48A3-A024-D5423F6C6CFD} - System32\Tasks\SetCurrentEntityValue => Powershell.exe -executionpolicy bypass -file C:\_INSTALL\scripts\Registry_UpdateCurrentEntity.ps1
Task: {CC6F2112-2844-4406-B586-29B72A926823} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00039234-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\7D20B2EF808BAFC4A84C186A2C260786\BaseDir\Installation\InstallationSandbox#2021-08-02-T-14-49-34\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\7D20B2EF808BAFC4A84C186A2C260786\BaseDir\Installation\InstallationSandbox#2021-08-02-T-14-49-34" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {D6C064DD-D27D-4B3D-BF3D-DC2A06EF22B0} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000374de-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\BA395539D798D6509C213357FC2F9CAD\BaseDir\Installation\InstallationSandbox#2021-04-11-T-17-33-42\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\BA395539D798D6509C213357FC2F9CAD\BaseDir\Installation\InstallationSandbox#2021-04-11-T-17-33-42" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {D8A92B26-5146-44BF-AD45-79192A38BDD8} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00034831-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\67CE2BB0C680729157EAA80376A6E7BC\BaseDir\Installation\InstallationSandbox#2020-11-29-T-18-59-17\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\67CE2BB0C680729157EAA80376A6E7BC\BaseDir\Installation\InstallationSandbox#2020-11-29-T-18-59-17" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {D9727150-836B-4004-A3A3-463684A5C298} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00033e7f-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\52BF891FA1DB17E8780D117B78819D16\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-49-28\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\52BF891FA1DB17E8780D117B78819D16\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-49-28" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {DB5CADE9-AC52-4DA0-82AC-850A285E36CD} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00034c9f-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\5D1DE6924F1C88A1CAB1D92581D1A542\BaseDir\Installation\InstallationSandbox#2020-12-18-T-19-35-40\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\5D1DE6924F1C88A1CAB1D92581D1A542\BaseDir\Installation\InstallationSandbox#2020-12-18-T-19-35-40" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {E3961C2A-6D6E-42CD-AB96-F903EA8B0883} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (0003981e-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\E0139EE71BD4C9A4332E2EC386AC0218\BaseDir\Installation\InstallationSandbox#2021-07-05-T-21-53-19\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\E0139EE71BD4C9A4332E2EC386AC0218\BaseDir\Installation\InstallationSandbox#2021-07-05-T-21-53-19" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {EA56D8AD-F170-4865-8173-F8C5C49E560F} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000357bc-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\693010592880584A175F5947CCB3FA28\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-55-14\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\693010592880584A175F5947CCB3FA28\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-55-14" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {F3380384-7B96-48EA-A758-77A585855082} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\SymErr.exe [90128 2020-10-01] (Symantec Corporation -> Symantec Corporation)
Task: {F5856CFA-0FB3-4391-87A5-EEF960FB42EE} - System32\Tasks\RunSCRforNewUserOnly => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -windowstyle hidden C:\Windows\tmp\ScreenSaver\ScreenSaver.ps1
Task: {FA95A086-CE89-428C-AA38-CB273D79CB30} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {FC54DF06-965B-4BEA-9FCC-EAF759B2215B} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (0003a2c1-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\5D490D0FAC91B702C8A8FE302A61D98F\BaseDir\Installation\InstallationSandbox#2021-10-12-T-07-18-47\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\5D490D0FAC91B702C8A8FE302A61D98F\BaseDir\Installation\InstallationSandbox#2021-10-12-T-07-18-47" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {FD8B6BBA-8399-437A-B5A6-B0BFDA3BB49F} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (0003a464-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\5749D6D8E3CB69615B5B984751731874\BaseDir\Installation\InstallationSandbox#2021-10-12-T-09-28-52\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\5749D6D8E3CB69615B5B984751731874\BaseDir\Installation\InstallationSandbox#2021-10-12-T-09-28-52" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Edge:
=======
FireFox:
========
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 770FieldbusService; C:\Program Files (x86)\Emerson Process Management\USB Fieldbus Interface\Service\770FieldbusService.exe [920064 2014-03-13] () [Fichier non signé]
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [118808 2017-06-02] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
S3 ConisioWebServer; C:\Program Files\SOLIDWORKS Enterprise PDM\ConisioWebServer.exe [786944 2015-11-12] (Dassault Systemes SolidWorks Corp.) [Fichier non signé]
R2 DellAuthService.exe; c:\Program Files\DELL\Dell Data Protection\Security Tools\DellAuthService.exe [2794864 2020-07-17] (Dell Inc -> Dell Inc.)
S4 DellMgmtAgent; c:\Program Files\DELL\Dell Data Protection\Security Tools\Dell.SecurityFramework.Agent.exe [15728 2020-07-17] (Dell Inc -> )
R2 DellMgmtLoader; c:\Program Files\DELL\Dell Data Protection\Security Tools\DCF.Loader.exe [34160 2020-07-17] (Dell Inc -> Dell Inc.)
R2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2017-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [42496 2017-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 OCS Inventory Service; C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [786432 2018-08-03] (OCS Inventory NG) [Fichier non signé]
R2 PulseSecureService; c:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182224 2019-04-12] (Pulse Secure, LLC -> Pulse Secure, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SepLpsService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\ccSvcHst.exe [161968 2020-10-01] (Symantec Corporation -> Broadcom)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\ccSvcHst.exe [161968 2020-10-01] (Symantec Corporation -> Broadcom)
R2 SepScanService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\bin64\ccSvcHst.exe [198408 2020-10-01] (Symantec Corporation -> Broadcom)
R2 sepWscSvc; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\sepWscSvc64.exe [1750792 2020-10-01] (Symantec Corporation -> Broadcom)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\snac64.exe [398776 2020-10-01] (Symantec Corporation -> Broadcom)
R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [259584 2017-05-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6874408 2020-05-13] (RealVNC Ltd -> RealVNC Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2017-01-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApHidfiltrService; C:\WINDOWS\system32\DRIVERS\ApHidfiltr.sys [365232 2017-06-02] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
S3 bcmnfcusb; C:\WINDOWS\System32\drivers\bcmnfcusb.sys [46176 2017-04-14] (Broadcom Corporation -> Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Data\Definitions\BASHDefs\20211012.011\BHDrvx64.sys [2018776 2021-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé]
R1 ccSettings_{1814D07C-D908-4824-A92D-12184EAC9F9D}; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\ccSetx64.sys [192304 2020-10-01] (Symantec Corporation -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-06-10] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-06-11] (Symantec Corporation -> Broadcom)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [27648 2016-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Mobile Communications)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Data\Definitions\IPSDefs\20211014.061\IDSvia64.sys [1480144 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 imausbhpal; C:\WINDOWS\System32\drivers\imausbhpal.sys [671224 2017-05-19] (Intel(R) Wireless Connectivity Solutions -> )
S3 imausbhub; C:\WINDOWS\System32\drivers\imausbhub.sys [479736 2017-05-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks)
S4 jnprTdi_824_597; C:\windows\system32\Drivers\jnprTdi_824_597.sys [106176 2016-06-01] (Pulse Secure, LLC -> Pulse Secure, LLC)
S3 jnprva; C:\WINDOWS\System32\drivers\jnprva.sys [30072 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks, Inc.)
R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks, Inc.)
S3 mosuport; C:\WINDOWS\System32\drivers\mosuport.sys [367744 2016-12-23] (WDKTestCert Alex,130940336584439605 -> ASIX Electronics Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\SRTSP64.SYS [891248 2020-10-01] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\SRTSPX64.SYS [51056 2020-10-01] (Symantec Corporation -> Symantec Corporation)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
S3 swmbbser05; C:\WINDOWS\System32\drivers\swmbbser05.sys [287792 2017-08-19] (Sierra Wireless, Inc -> Sierra Wireless Incorporated)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\SyDvCtrl64.sys [45736 2020-10-01] (Symantec Corporation -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0703040.007\symefasi64.sys [1965872 2021-06-08] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\SymELAM.sys [25024 2020-10-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [101232 2021-06-08] (Symantec Corporation -> Broadcom)
S4 SymEvnt; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Data\SymPlatform\SymEvnt.sys [802096 2020-09-26] (Symantec Corporation -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\Ironx64.SYS [317232 2020-10-01] (Symantec Corporation -> Broadcom)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\symnets.sys [574320 2020-10-01] (Symantec Corporation -> Broadcom)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [262872 2021-06-10] (Symantec Corporation -> Broadcom)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [130488 2020-10-01] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2021-10-15 11:28 - 2021-10-15 11:28 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1879854773-1829175685-1234779376-329370
2021-10-15 11:28 - 2021-10-15 11:28 - 000000000 ___RD C:\Users\admin\OneDrive
2021-10-15 11:23 - 2021-10-15 11:23 - 000000000 ____D C:\Rem-VBSqt
2021-10-15 11:22 - 2021-10-15 11:21 - 000114176 _____ (bartblaze) C:\Users\admin\Desktop\remediate-vbs-worm_8.0.0.exe
2021-10-15 11:21 - 2021-10-15 11:30 - 000043311 _____ C:\Users\admin\Desktop\FRST.txt
2021-10-15 11:20 - 2021-10-15 11:29 - 000000000 ____D C:\FRST
2021-10-15 11:19 - 2021-10-15 11:04 - 002019328 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2021-10-15 11:19 - 2021-10-15 11:03 - 002310656 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2021-10-15 11:17 - 2021-10-15 11:17 - 000000000 ____D C:\Users\admin\AppData\Local\Publishers
2021-10-15 11:15 - 2021-10-15 11:25 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
2021-10-15 11:14 - 2021-10-15 11:28 - 000002444 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-15 11:14 - 2021-10-15 11:28 - 000000000 ____D C:\Users\admin
2021-10-15 11:14 - 2021-10-15 11:18 - 000000000 ____D C:\Users\admin\AppData\Local\Packages
2021-10-15 11:14 - 2021-10-15 11:15 - 000000000 ____D C:\Users\admin\AppData\Local\Intel
2021-10-15 11:14 - 2021-10-15 11:14 - 000002399 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-15 11:14 - 2021-10-15 11:14 - 000002340 _____ C:\Users\admin\Desktop\Google Chrome.lnk
2021-10-15 11:14 - 2021-10-15 11:14 - 000000020 ___SH C:\Users\admin\ntuser.ini
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Voisinage réseau
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Voisinage d'impression
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Modèles
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Mes documents
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Menu Démarrer
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Documents\Mes vidéos
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Documents\Mes images
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Documents\Ma musique
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\AppData\Local\Historique
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ___RD C:\Users\admin\3D Objects
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Local\Symantec
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Local\Google
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Local\ConnectedDevicesPlatform
2021-10-15 11:14 - 2021-07-17 13:40 - 000000000 ____D C:\Users\admin\Documents\Power BI Desktop
2021-10-15 11:14 - 2020-12-18 21:24 - 000000000 ____D C:\Users\admin\AppData\Local\RealVNC
2021-10-15 11:14 - 2019-05-13 14:45 - 000000000 ____D C:\Users\admin\AppData\Roaming\Sun
2021-10-15 11:14 - 2018-06-11 14:04 - 000000000 ____D C:\Users\admin\AppData\Local\MirrorOp
2021-10-15 11:14 - 2018-04-16 10:42 - 000000000 ____D C:\Users\admin\AppData\Roaming\Pulse Secure
2021-10-15 11:14 - 2018-02-06 17:06 - 000000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2021-10-14 14:07 - 2021-10-15 11:19 - 000003686 _____ C:\WINDOWS\system32\Tasks\mamos_extmon_BBCAClientWorkstation
2021-10-14 14:07 - 2021-10-15 11:19 - 000003546 _____ C:\WINDOWS\system32\Tasks\scstart_tuner_BBCAClientWorkstation
==================== Un mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2021-10-15 11:25 - 2017-05-10 11:06 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-15 11:19 - 2021-06-16 18:24 - 000005320 _____ C:\WINDOWS\system32\Tasks\FetchLockscreen-DC
2021-10-15 11:19 - 2018-01-31 13:05 - 000000800 _____ C:\WINDOWS\system32\config\netlogon.ftl
2021-10-15 11:18 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-15 11:18 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-15 11:18 - 2018-01-31 11:25 - 000336106 __RSH C:\ProgramData\ntuser.pol
2021-10-15 11:15 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-15 11:14 - 2021-03-18 00:22 - 000000000 ____D C:\ProgramData\Zscaler
2021-10-15 11:14 - 2020-11-19 09:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-10-15 11:14 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-15 11:01 - 2020-11-19 09:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-15 11:01 - 2018-08-08 16:02 - 000000447 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-10-12 11:35 - 2018-02-06 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-10-12 11:32 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-12 11:24 - 2018-05-28 18:19 - 000002597 _____ C:\Users\Public\Desktop\KeePass.lnk
2021-10-12 11:24 - 2018-05-28 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass
2021-10-12 11:24 - 2018-05-28 10:05 - 000000000 ____D C:\Program Files (x86)\KeePass2x
2021-10-12 08:32 - 2021-06-16 18:24 - 000003540 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d75fd09b8f7f55
2021-10-12 08:32 - 2020-11-19 09:43 - 000003634 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-12 08:26 - 2021-06-16 18:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Symantec Endpoint Protection
2021-10-11 17:12 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-10-11 17:11 - 2018-02-22 14:52 - 000000000 __SHD C:\Users\henri.mokrani\IntelGraphicsProfiles
2021-10-11 17:09 - 2021-06-05 22:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-11 17:09 - 2020-11-19 09:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-11 17:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-11 17:09 - 2017-12-13 14:01 - 000276161 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2021-10-11 17:09 - 2017-05-10 11:05 - 000000000 ____D C:\ProgramData\RealVNC-Service
2021-10-11 17:07 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-08 11:00 - 2021-06-16 18:24 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1879854773-1829175685-1234779376-556927
2021-10-05 09:33 - 2020-11-19 09:43 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-05 09:33 - 2020-11-19 09:43 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-30 13:18 - 2021-06-16 17:45 - 001847370 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-30 13:18 - 2021-06-06 07:43 - 000850974 _____ C:\WINDOWS\system32\perfh00C.dat
2021-09-30 13:18 - 2021-06-06 07:43 - 000167894 _____ C:\WINDOWS\system32\perfc00C.dat
2021-09-30 13:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-30 12:30 - 2021-06-16 17:22 - 000001527 _____ C:\WINDOWS\system32\config\VSMIDK
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== Fin de FRST.txt ========================
Exécuté par admin (administrateur) sur ALFR-6Y1B4M2-L (Dell Inc. Latitude 5480) (15-10-2021 11:28:30)
Exécuté depuis C:\Users\admin\Desktop
Profils chargés: admin & henri.mokrani & Administrator
Platform: Microsoft Windows 10 Professionnel Version 20H2 19042.1165 (X64) Langue: Anglais (États-Unis) -> Français (France)
Navigateur par défaut: Edge
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
() [Fichier non signé] C:\Program Files (x86)\Emerson Process Management\USB Fieldbus Interface\Service\770FieldbusService.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader 2015\Reader\AcroCEF\RdrCEF.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader 2015\Reader\AcroRd32.exe <2>
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe <2>
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe <2>
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe <2>
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe <2>
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(BMC Software, Inc. -> Harman) [Fichier non signé] C:\Program Files (x86)\BMC Software\BBCA\Tuner\Tuner.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\DCF.Loader.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\DellAuthService.exe
(Google Inc -> Google Inc) C:\Program Files (x86)\Google\Legacy Browser Support\lbs_native_host.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <23>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132337.inf_amd64_223d6831ffa64ab1\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132337.inf_amd64_223d6831ffa64ab1\igfxEM.exe <2>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132337.inf_amd64_223d6831ffa64ab1\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132337.inf_amd64_223d6831ffa64ab1\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSetup.exe <2>
(Microsoft Windows -> ) C:\Windows\System32\AppV\AppVStreamingUX.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\AppVClient.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostControlService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Program Files\Broadcom\CV\bin\HostStorageService.exe
(OCS Inventory NG) [Fichier non signé] [Fichier en cours d'utilisation] C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe <2>
(OCS Inventory NG) [Fichier non signé] C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\BMC Software\BBCA\Tuner\lib\jre\bin\java.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <6>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <5>
(RealVNC Ltd -> RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncagent.exe
(RealVNC Ltd -> RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd -> RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
(Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\ccSvcHst.exe <3>
(Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\ccSvcHst.exe
(Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\sepWscSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_44bc22ea00b5928a\WavesSvc64.exe <2>
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo.inf_amd64_44bc22ea00b5928a\WavesSysSvc64.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [777848 2017-06-02] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269120 2018-11-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2018-11-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Conisio Login Manager] => C:\Program Files\SOLIDWORKS Enterprise PDM\EdmServer.exe [1804288 2015-11-12] (Dassault Systemes SolidWorks Corp.) [Fichier non signé]
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [352736 2017-10-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo.inf_amd64_44bc22ea00b5928a\WavesSvc64.exe [1207152 2017-10-20] (Waves Inc -> Waves Audio Ltd.)
HKLM Group Policy restriction on software: %PROGRAMFILES%\WindowsApps\Microsoft.WindowsStore* <==== ATTENTION
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1879854773-1829175685-1234779376-329370\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\PhotoScreensaver.scr [581120 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1879854773-1829175685-1234779376-556927\...\Policies\system: [NoDispScrSavPage] 1
HKU\S-1-5-21-1879854773-1829175685-1234779376-556927\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-1879854773-1829175685-1234779376-556927\...\MountPoints2: {18c33a91-da3f-11eb-81d5-a44cc885679d} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1879854773-1829175685-1234779376-556927\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\PhotoScreensaver.scr [581120 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-943333821-259348717-465917430-500\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 1
HKU\S-1-5-21-943333821-259348717-465917430-500\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-943333821-259348717-465917430-500\...\Policies\Explorer: [NoDrives] 00000100
HKLM\...\Print\Monitors\MONVNC: C:\windows\system32\VNCpm.dll [37704 2017-04-26] (RealVNC Ltd -> RealVNC Ltd)
HKLM\...\Print\Monitors\pdfcmon: C:\windows\system32\pdfcmon.dll [117248 2018-08-06] (pdfforge GmbH) [Fichier non signé]
HKLM\...\Print\Monitors\ricu06lm: C:\windows\system32\ricu06lm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-21] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [g_00867_cirrato_print-agent-21.7.0_ml_30] -> C:\Program Files (x86)\BMC Software\BBCA\Tuner\.marimba\BBCA_ClientWorkstation\ch.23039\data\scripts\CreateRegCurrentUser.EXE [2012-09-20] () [Fichier non signé]
HKLM\Software\...\Authentication\Credential Providers: [{05102259-6b83-447a-b5f0-5bf949283a12}] -> c:\Program Files\DELL\Dell Data Protection\Security Tools\DellCredentialProvider.dll [2020-07-17] (Dell Inc -> Dell Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{0528589e-4107-4900-832f-15fba63714ef}] -> c:\Program Files\DELL\Dell Data Protection\Security Tools\DellCredentialProviderOU.dll [2020-07-17] (Dell Inc -> Dell Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{05a5ed6c-fd84-43dd-86e7-658afd5bd929}] -> c:\Program Files\DELL\Dell Data Protection\Security Tools\DellCredentialProviderSC.dll [2020-07-17] (Dell Inc -> Dell Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{4B9CAC01-6732-40d0-8B8F-B5B340F9D44F}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Authentication\Credential Providers: [{4EFD0F35-BFBA-44eb-8F25-2B3530203C1D}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Authentication\Credential Providers: [{C1258FBC-F04F-4862-B78A-DDAAEF4A9707}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Authentication\Credential Providers: [{EAB1A79F-DFAA-4faf-A7B9-A6652E97EE16}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Authentication\Credential Provider Filters: [{05102259-6b83-447a-b5f0-5bf949283a12}] -> c:\Program Files\DELL\Dell Data Protection\Security Tools\DellCredentialProvider.dll [2020-07-17] (Dell Inc -> Dell Inc.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{3884BCAA-C611-4e2d-9105-E11B1203294E}] -> c:\Program Files (x86)\Common Files\Pulse Secure\JamUI\jamSSOCredProv64.dll [2019-04-12] (Pulse Secure, LLC -> )
HKLM\Software\...\Winlogon\GPExtensions: [{D76B9641-3288-4f75-942D-087DE603E3EA}] -> C:\Program Files\LAPS\CSE\AdmPwd.dll [2015-06-23] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OCS Inventory NG Systray.lnk [2018-11-07]
ShortcutTarget: OCS Inventory NG Systray.lnk -> C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe (OCS Inventory NG) [Fichier non signé] [Fichier en cours d'utilisation]
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {0488ED92-A7EE-49FE-9B9B-FB2AF387BB0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-10] (Google Inc -> Google Inc.)
Task: {10C5B6C7-2991-4EA7-A37A-ED43B1A71740} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000358d6-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\FDC32C5CF2BF0DCCA2BE7B75CFF271FC\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-59-08\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\FDC32C5CF2BF0DCCA2BE7B75CFF271FC\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-59-08" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {1377F095-9F69-4982-8947-436F5FED2546} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {20669C98-9BF1-4720-94F7-C6F3988285A4} - System32\Tasks\AuditVPNCon => C:\Windows\System32\gpupdate.exe [30720 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
Task: {2A0977BD-971E-447E-867A-E1E66759B103} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\windows\system32\gpupdate.exe [30720 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
Task: {33409EE3-3EED-4D13-BDB3-D6CEE6BD3301} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00033dea-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\4CC316955753893D0CC21FF9A559D45E\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-34-52\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\4CC316955753893D0CC21FF9A559D45E\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-34-52" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {3604E364-179C-4814-9298-2368F3A37556} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00034323-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\45229C9B23B84B5F7DAC07E98DA29002\BaseDir\Installation\InstallationSandbox#2020-11-03-T-12-04-58\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\45229C9B23B84B5F7DAC07E98DA29002\BaseDir\Installation\InstallationSandbox#2020-11-03-T-12-04-58" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {3C5216E8-9158-4C67-B236-59F42AE8AF56} - System32\Tasks\CUPInfoScreenReRun => C:\Windows\System32\wscript.exe C:\_INSTALL\CUP2021\g_01273_gio_w10-20h2-upgrade-advertisement-1.0_ml_16\execute_Inplace_Update_Info_Screen.vbs
Task: {48F0D7FE-5867-40AA-BF5A-CA0D7BA55772} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {501B7E4B-891E-4DCE-83DE-4985C1DD5BE1} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\windows\system32\gpupdate.exe [30720 2021-01-10] (Microsoft Windows -> Microsoft Corporation)
Task: {56080845-FF4F-409D-8941-BC632F87832A} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00039f61-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\332BBB32F2889E135028BDBB0AA126A5\BaseDir\Installation\InstallationSandbox#2021-09-06-T-10-15-23\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\332BBB32F2889E135028BDBB0AA126A5\BaseDir\Installation\InstallationSandbox#2021-09-06-T-10-15-23" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {5AC108CD-72C2-4124-96C5-382935536755} - System32\Tasks\mamos_extmon_BBCAClientWorkstation => C:\Program Files (x86)\BMC Software\BBCA\Tuner\lib\mamosmonitor.exe [29184 2021-01-15] () [Fichier non signé]
Task: {5BA66672-0465-407E-9911-12F922C62323} - System32\Tasks\FetchLockscreen-DC => \\EU.CORP.AIRLIQUIDE.COM\SYSVOL\EU.CORP.AIRLIQUIDE.COM\POLICIES\{A6EF46DF-FB7E-4D8C-AB3A-95FDC71D033B}\MACHINE\LockScreens\lockscreen.cmd -Root .\Images
Task: {5E697BED-B623-4EDD-820F-0B640CAE0850} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {625B84DE-3765-453A-BDCD-4A0F3A77DBD2} - System32\Tasks\scstart_tuner_BBCAClientWorkstation => sc.exe start BBCAClientWorkstation
Task: {62985F4E-59A7-4738-9318-0272D4E7ECCE} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00033e2d-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\F3CE5C9A8F7F1F002D1A14B1EF08E51F\BaseDir\Installation\InstallationSandbox#2020-09-26-T-20-39-17\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\F3CE5C9A8F7F1F002D1A14B1EF08E51F\BaseDir\Installation\InstallationSandbox#2020-09-26-T-20-39-17" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {6AD61511-715C-4D6C-8126-96B4D86FD77E} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000357ba-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\14A38D0C62492D930790AE1AB9920161\BaseDir\Installation\InstallationSandbox#2021-03-03-T-00-16-59\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\14A38D0C62492D930790AE1AB9920161\BaseDir\Installation\InstallationSandbox#2021-03-03-T-00-16-59" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {6CE01E10-0420-4850-9B21-EEBF81676E77} - System32\Tasks\AdminAudit => Powershell.exe -executionpolicy bypass -file C:\_INSTALL\scripts\AdminAudit\AdminAudit.ps1 <==== ATTENTION
Task: {702A22C1-20D7-4100-B2A9-0F7A76BB9E41} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000358d3-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\E98DF84C1B8F208AFA1D97C715CEDB3E\BaseDir\Installation\InstallationSandbox#2021-03-03-T-00-14-28\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\E98DF84C1B8F208AFA1D97C715CEDB3E\BaseDir\Installation\InstallationSandbox#2021-03-03-T-00-14-28" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {7743E78F-E4C9-4641-97B8-E920107606E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-10] (Google Inc -> Google Inc.)
Task: {7BC32F26-FB06-437C-8DBD-DCC91E01D588} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Autofix => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\SymErr.exe [90128 2020-10-01] (Symantec Corporation -> Symantec Corporation)
Task: {876DBB3A-242B-4C8F-96B0-30B54ED7AFFB} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000358e4-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\1D9147C1DEC5AD4E1B29A69E0299B4E5\BaseDir\Installation\InstallationSandbox#2021-02-26-T-15-49-32\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\1D9147C1DEC5AD4E1B29A69E0299B4E5\BaseDir\Installation\InstallationSandbox#2021-02-26-T-15-49-32" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {9072E9B1-055A-429D-9836-BC816949B8FC} - System32\Tasks\BootPerf => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy ByPass -WindowStyle Hidden -File c:\_install\scripts\BootPerf.ps1 <==== ATTENTION
Task: {99B85BFC-0355-4F24-A3AB-E83EB90C0E2C} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00033cf7-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\0EEC13B8D97398ABE7B916654D42BB4F\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-36-14\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\0EEC13B8D97398ABE7B916654D42BB4F\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-36-14" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {A11EB3A4-7888-4037-8541-C0318340D6D9} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (0003460a-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\3C8E140EC3DF2F18B81C84B9C37BD20D\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-57-57\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\3C8E140EC3DF2F18B81C84B9C37BD20D\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-57-57" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {AF39A428-F38B-4154-9D0E-AAD493D2EBA2} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00038dab-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\1D3DABA628357B14DE7154B48F9F58F8\BaseDir\Installation\InstallationSandbox#2021-05-03-T-08-53-18\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\1D3DABA628357B14DE7154B48F9F58F8\BaseDir\Installation\InstallationSandbox#2021-05-03-T-08-53-18" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {B9EB3147-6309-4769-94B9-F2B25CD83983} - System32\Tasks\restart_marimba => C:\_INSTALL\scripts\restart_marimba.bat [18023 2020-08-03] () [Fichier non signé]
Task: {BD05A48F-E072-4B75-88A6-4008A0B981F2} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\SymErr.exe [90128 2020-10-01] (Symantec Corporation -> Symantec Corporation)
Task: {BD769565-C731-4818-84C2-BB562A4C3FCC} - System32\Tasks\AuditVPNCon_activate_Win => C:\Windows\System32\cscript.exe //B "%windir%\system32\slmgr.vbs" /ato
Task: {C1CAC73B-EBE2-48A3-A024-D5423F6C6CFD} - System32\Tasks\SetCurrentEntityValue => Powershell.exe -executionpolicy bypass -file C:\_INSTALL\scripts\Registry_UpdateCurrentEntity.ps1
Task: {CC6F2112-2844-4406-B586-29B72A926823} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00039234-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\7D20B2EF808BAFC4A84C186A2C260786\BaseDir\Installation\InstallationSandbox#2021-08-02-T-14-49-34\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\7D20B2EF808BAFC4A84C186A2C260786\BaseDir\Installation\InstallationSandbox#2021-08-02-T-14-49-34" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {D6C064DD-D27D-4B3D-BF3D-DC2A06EF22B0} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000374de-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\BA395539D798D6509C213357FC2F9CAD\BaseDir\Installation\InstallationSandbox#2021-04-11-T-17-33-42\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\BA395539D798D6509C213357FC2F9CAD\BaseDir\Installation\InstallationSandbox#2021-04-11-T-17-33-42" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {D8A92B26-5146-44BF-AD45-79192A38BDD8} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00034831-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\67CE2BB0C680729157EAA80376A6E7BC\BaseDir\Installation\InstallationSandbox#2020-11-29-T-18-59-17\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\67CE2BB0C680729157EAA80376A6E7BC\BaseDir\Installation\InstallationSandbox#2020-11-29-T-18-59-17" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {D9727150-836B-4004-A3A3-463684A5C298} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00033e7f-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\52BF891FA1DB17E8780D117B78819D16\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-49-28\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\52BF891FA1DB17E8780D117B78819D16\BaseDir\Installation\InstallationSandbox#2020-09-26-T-19-49-28" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {DB5CADE9-AC52-4DA0-82AC-850A285E36CD} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (00034c9f-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\5D1DE6924F1C88A1CAB1D92581D1A542\BaseDir\Installation\InstallationSandbox#2020-12-18-T-19-35-40\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\5D1DE6924F1C88A1CAB1D92581D1A542\BaseDir\Installation\InstallationSandbox#2020-12-18-T-19-35-40" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {E3961C2A-6D6E-42CD-AB96-F903EA8B0883} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (0003981e-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\E0139EE71BD4C9A4332E2EC386AC0218\BaseDir\Installation\InstallationSandbox#2021-07-05-T-21-53-19\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\E0139EE71BD4C9A4332E2EC386AC0218\BaseDir\Installation\InstallationSandbox#2021-07-05-T-21-53-19" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {EA56D8AD-F170-4865-8173-F8C5C49E560F} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (000357bc-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\693010592880584A175F5947CCB3FA28\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-55-14\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\693010592880584A175F5947CCB3FA28\BaseDir\Installation\InstallationSandbox#2021-06-17-T-09-55-14" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {F3380384-7B96-48EA-A758-77A585855082} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\SymErr.exe [90128 2020-10-01] (Symantec Corporation -> Symantec Corporation)
Task: {F5856CFA-0FB3-4391-87A5-EEF960FB42EE} - System32\Tasks\RunSCRforNewUserOnly => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -windowstyle hidden C:\Windows\tmp\ScreenSaver\ScreenSaver.ps1
Task: {FA95A086-CE89-428C-AA38-CB273D79CB30} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {FC54DF06-965B-4BEA-9FCC-EAF759B2215B} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (0003a2c1-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\5D490D0FAC91B702C8A8FE302A61D98F\BaseDir\Installation\InstallationSandbox#2021-10-12-T-07-18-47\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\5D490D0FAC91B702C8A8FE302A61D98F\BaseDir\Installation\InstallationSandbox#2021-10-12-T-07-18-47" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
Task: {FD8B6BBA-8399-437A-B5A6-B0BFDA3BB49F} - System32\Tasks\Company\Product\LaunchSTDeployForPostBootActions (0003a464-0000-0000-0000-000000000000) => C:\Windows\Temp\Marimba\Patches\5749D6D8E3CB69615B5B984751731874\BaseDir\Installation\InstallationSandbox#2021-10-12-T-09-28-52\STDeploy.exe -> package="package.zip" relaunchSandbox="C:\Windows\Temp\Marimba\Patches\5749D6D8E3CB69615B5B984751731874\BaseDir\Installation\InstallationSandbox#2021-10-12-T-09-28-52" relaunchReason="afterPostDeploymentReboot=1" <==== ATTENTION
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Edge:
=======
FireFox:
========
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 770FieldbusService; C:\Program Files (x86)\Emerson Process Management\USB Fieldbus Interface\Service\770FieldbusService.exe [920064 2014-03-13] () [Fichier non signé]
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [118808 2017-06-02] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
S3 ConisioWebServer; C:\Program Files\SOLIDWORKS Enterprise PDM\ConisioWebServer.exe [786944 2015-11-12] (Dassault Systemes SolidWorks Corp.) [Fichier non signé]
R2 DellAuthService.exe; c:\Program Files\DELL\Dell Data Protection\Security Tools\DellAuthService.exe [2794864 2020-07-17] (Dell Inc -> Dell Inc.)
S4 DellMgmtAgent; c:\Program Files\DELL\Dell Data Protection\Security Tools\Dell.SecurityFramework.Agent.exe [15728 2020-07-17] (Dell Inc -> )
R2 DellMgmtLoader; c:\Program Files\DELL\Dell Data Protection\Security Tools\DCF.Loader.exe [34160 2020-07-17] (Dell Inc -> Dell Inc.)
R2 hostcontrolsvc; C:\Program Files\Broadcom\CV\bin\HostControlService.exe [1038336 2017-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 hoststoragesvc; C:\Program Files\Broadcom\CV\bin\HostStorageService.exe [42496 2017-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 OCS Inventory Service; C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [786432 2018-08-03] (OCS Inventory NG) [Fichier non signé]
R2 PulseSecureService; c:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182224 2019-04-12] (Pulse Secure, LLC -> Pulse Secure, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SepLpsService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\ccSvcHst.exe [161968 2020-10-01] (Symantec Corporation -> Broadcom)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\ccSvcHst.exe [161968 2020-10-01] (Symantec Corporation -> Broadcom)
R2 SepScanService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\bin64\ccSvcHst.exe [198408 2020-10-01] (Symantec Corporation -> Broadcom)
R2 sepWscSvc; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\sepWscSvc64.exe [1750792 2020-10-01] (Symantec Corporation -> Broadcom)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\snac64.exe [398776 2020-10-01] (Symantec Corporation -> Broadcom)
R2 ushupgradesvc; C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe [259584 2017-05-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6874408 2020-05-13] (RealVNC Ltd -> RealVNC Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2017-01-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApHidfiltrService; C:\WINDOWS\system32\DRIVERS\ApHidfiltr.sys [365232 2017-06-02] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
S3 bcmnfcusb; C:\WINDOWS\System32\drivers\bcmnfcusb.sys [46176 2017-04-14] (Broadcom Corporation -> Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Data\Definitions\BASHDefs\20211012.011\BHDrvx64.sys [2018776 2021-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé]
R1 ccSettings_{1814D07C-D908-4824-A92D-12184EAC9F9D}; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\ccSetx64.sys [192304 2020-10-01] (Symantec Corporation -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-06-10] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-06-11] (Symantec Corporation -> Broadcom)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [27648 2016-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Mobile Communications)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Data\Definitions\IPSDefs\20211014.061\IDSvia64.sys [1480144 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 imausbhpal; C:\WINDOWS\System32\drivers\imausbhpal.sys [671224 2017-05-19] (Intel(R) Wireless Connectivity Solutions -> )
S3 imausbhub; C:\WINDOWS\System32\drivers\imausbhub.sys [479736 2017-05-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks)
S4 jnprTdi_824_597; C:\windows\system32\Drivers\jnprTdi_824_597.sys [106176 2016-06-01] (Pulse Secure, LLC -> Pulse Secure, LLC)
S3 jnprva; C:\WINDOWS\System32\drivers\jnprva.sys [30072 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks, Inc.)
R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2016-11-30] (Juniper Networks, Inc. -> Juniper Networks, Inc.)
S3 mosuport; C:\WINDOWS\System32\drivers\mosuport.sys [367744 2016-12-23] (WDKTestCert Alex,130940336584439605 -> ASIX Electronics Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\SRTSP64.SYS [891248 2020-10-01] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\SRTSPX64.SYS [51056 2020-10-01] (Symantec Corporation -> Symantec Corporation)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
S3 swmbbser05; C:\WINDOWS\System32\drivers\swmbbser05.sys [287792 2017-08-19] (Sierra Wireless, Inc -> Sierra Wireless Incorporated)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin64\SyDvCtrl64.sys [45736 2020-10-01] (Symantec Corporation -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0703040.007\symefasi64.sys [1965872 2021-06-08] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\SymELAM.sys [25024 2020-10-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [101232 2021-06-08] (Symantec Corporation -> Broadcom)
S4 SymEvnt; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Data\SymPlatform\SymEvnt.sys [802096 2020-09-26] (Symantec Corporation -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\Ironx64.SYS [317232 2020-10-01] (Symantec Corporation -> Broadcom)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E03047C\0064.105\x64\symnets.sys [574320 2020-10-01] (Symantec Corporation -> Broadcom)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [262872 2021-06-10] (Symantec Corporation -> Broadcom)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [130488 2020-10-01] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2021-10-15 11:28 - 2021-10-15 11:28 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1879854773-1829175685-1234779376-329370
2021-10-15 11:28 - 2021-10-15 11:28 - 000000000 ___RD C:\Users\admin\OneDrive
2021-10-15 11:23 - 2021-10-15 11:23 - 000000000 ____D C:\Rem-VBSqt
2021-10-15 11:22 - 2021-10-15 11:21 - 000114176 _____ (bartblaze) C:\Users\admin\Desktop\remediate-vbs-worm_8.0.0.exe
2021-10-15 11:21 - 2021-10-15 11:30 - 000043311 _____ C:\Users\admin\Desktop\FRST.txt
2021-10-15 11:20 - 2021-10-15 11:29 - 000000000 ____D C:\FRST
2021-10-15 11:19 - 2021-10-15 11:04 - 002019328 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2021-10-15 11:19 - 2021-10-15 11:03 - 002310656 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2021-10-15 11:17 - 2021-10-15 11:17 - 000000000 ____D C:\Users\admin\AppData\Local\Publishers
2021-10-15 11:15 - 2021-10-15 11:25 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
2021-10-15 11:14 - 2021-10-15 11:28 - 000002444 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-15 11:14 - 2021-10-15 11:28 - 000000000 ____D C:\Users\admin
2021-10-15 11:14 - 2021-10-15 11:18 - 000000000 ____D C:\Users\admin\AppData\Local\Packages
2021-10-15 11:14 - 2021-10-15 11:15 - 000000000 ____D C:\Users\admin\AppData\Local\Intel
2021-10-15 11:14 - 2021-10-15 11:14 - 000002399 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-15 11:14 - 2021-10-15 11:14 - 000002340 _____ C:\Users\admin\Desktop\Google Chrome.lnk
2021-10-15 11:14 - 2021-10-15 11:14 - 000000020 ___SH C:\Users\admin\ntuser.ini
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Voisinage réseau
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Voisinage d'impression
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Modèles
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Mes documents
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Menu Démarrer
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Documents\Mes vidéos
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Documents\Mes images
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\Documents\Ma musique
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 _SHDL C:\Users\admin\AppData\Local\Historique
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ___RD C:\Users\admin\3D Objects
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Local\Symantec
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Local\Google
2021-10-15 11:14 - 2021-10-15 11:14 - 000000000 ____D C:\Users\admin\AppData\Local\ConnectedDevicesPlatform
2021-10-15 11:14 - 2021-07-17 13:40 - 000000000 ____D C:\Users\admin\Documents\Power BI Desktop
2021-10-15 11:14 - 2020-12-18 21:24 - 000000000 ____D C:\Users\admin\AppData\Local\RealVNC
2021-10-15 11:14 - 2019-05-13 14:45 - 000000000 ____D C:\Users\admin\AppData\Roaming\Sun
2021-10-15 11:14 - 2018-06-11 14:04 - 000000000 ____D C:\Users\admin\AppData\Local\MirrorOp
2021-10-15 11:14 - 2018-04-16 10:42 - 000000000 ____D C:\Users\admin\AppData\Roaming\Pulse Secure
2021-10-15 11:14 - 2018-02-06 17:06 - 000000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2021-10-14 14:07 - 2021-10-15 11:19 - 000003686 _____ C:\WINDOWS\system32\Tasks\mamos_extmon_BBCAClientWorkstation
2021-10-14 14:07 - 2021-10-15 11:19 - 000003546 _____ C:\WINDOWS\system32\Tasks\scstart_tuner_BBCAClientWorkstation
==================== Un mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2021-10-15 11:25 - 2017-05-10 11:06 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-15 11:19 - 2021-06-16 18:24 - 000005320 _____ C:\WINDOWS\system32\Tasks\FetchLockscreen-DC
2021-10-15 11:19 - 2018-01-31 13:05 - 000000800 _____ C:\WINDOWS\system32\config\netlogon.ftl
2021-10-15 11:18 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-15 11:18 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-15 11:18 - 2018-01-31 11:25 - 000336106 __RSH C:\ProgramData\ntuser.pol
2021-10-15 11:15 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-15 11:14 - 2021-03-18 00:22 - 000000000 ____D C:\ProgramData\Zscaler
2021-10-15 11:14 - 2020-11-19 09:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-10-15 11:14 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-15 11:01 - 2020-11-19 09:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-15 11:01 - 2018-08-08 16:02 - 000000447 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-10-12 11:35 - 2018-02-06 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-10-12 11:32 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-12 11:24 - 2018-05-28 18:19 - 000002597 _____ C:\Users\Public\Desktop\KeePass.lnk
2021-10-12 11:24 - 2018-05-28 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass
2021-10-12 11:24 - 2018-05-28 10:05 - 000000000 ____D C:\Program Files (x86)\KeePass2x
2021-10-12 08:32 - 2021-06-16 18:24 - 000003540 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d75fd09b8f7f55
2021-10-12 08:32 - 2020-11-19 09:43 - 000003634 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-12 08:26 - 2021-06-16 18:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Symantec Endpoint Protection
2021-10-11 17:12 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-10-11 17:11 - 2018-02-22 14:52 - 000000000 __SHD C:\Users\henri.mokrani\IntelGraphicsProfiles
2021-10-11 17:09 - 2021-06-05 22:39 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-11 17:09 - 2020-11-19 09:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-11 17:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-11 17:09 - 2017-12-13 14:01 - 000276161 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2021-10-11 17:09 - 2017-05-10 11:05 - 000000000 ____D C:\ProgramData\RealVNC-Service
2021-10-11 17:07 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-08 11:00 - 2021-06-16 18:24 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1879854773-1829175685-1234779376-556927
2021-10-05 09:33 - 2020-11-19 09:43 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-05 09:33 - 2020-11-19 09:43 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-30 13:18 - 2021-06-16 17:45 - 001847370 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-30 13:18 - 2021-06-06 07:43 - 000850974 _____ C:\WINDOWS\system32\perfh00C.dat
2021-09-30 13:18 - 2021-06-06 07:43 - 000167894 _____ C:\WINDOWS\system32\perfc00C.dat
2021-09-30 13:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-30 12:30 - 2021-06-16 17:22 - 000001527 _____ C:\WINDOWS\system32\config\VSMIDK
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== Fin de FRST.txt ========================