Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2021
Exécuté par Admin (administrateur) sur DESKTOP-MGHF6B7 (ASUS All Series) (04-11-2021 19:55:21)
Exécuté depuis C:\Users\Admin\Desktop
Profils chargés: Admin
Plate-forme: Microsoft Windows 10 Famille Version 20H2 19042.1288 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender LLC) [Fichier non signé] C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
(Code Sector -> ) C:\Program Files\TeraCopy\TeraCopyService.exe <2>
(EJIE Technology) [Fichier non signé] C:\Program Files (x86)\Clover\clover.exe
(FSL - FreeSoftLand) [Fichier non signé] C:\Program Files (x86)\FSL\FSL_Launcher\FSL_Launcher.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Heidi Computers Ltd -> The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Open Source Developer, Dominik Reichl -> Dominik Reichl) C:\Program Files\KeePass Password Safe 2\KeePass.exe
(QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Siliten) [Fichier non signé] C:\Program Files (x86)\SilverCrest SMLM 807 A1 Driver\MouClient_FD2_9063RL.exe
(TomTom) [Fichier non signé] C:\Program Files\TomTom HOME\TTHOMEService.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9274304 2018-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3190384 2021-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1068624 2020-10-11] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [InboxMonitor] => C:\Program Files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe [114688 2012-02-17] () [Fichier non signé]
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2012-02-17] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641384 2012-02-17] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PdfProInboxMonitor] => C:\Program Files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe [114688 2012-02-17] () [Fichier non signé]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [512536 2021-09-28] (QFX Software Corporation -> QFX Software Corporation)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\49.0.9.0\GoogleDriveFS.exe --startup_mode
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\49.0.9.0\GoogleDriveFS.exe --startup_mode
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35116160 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME\TTHOMERunner.exe [332288 2019-12-17] (TomTom) [Fichier non signé]
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [] => [X]
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3190384 2021-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [WinLaunch] => Z:\00-images mail af\WinLaunch\WinLaunch.exe -hide
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9803720 2021-11-03] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] True
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\MountPoints2: {aff99e7c-234e-11ea-8d1c-7824af3b34eb} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-188433853-1034861487-459835961-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [581120 2021-01-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\49.0.9.0\GoogleDriveFS.exe --startup_mode
HKU\S-1-5-18\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9803720 2021-11-03] (GlassWire -> SecureMix LLC)
HKLM\...\Print\Monitors\EPSON Stylus DX4400 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMCAE.DLL [129536 2006-12-08] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-01] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-09-09] (Adobe Inc. -> Adobe Systems, Inc.)
IFEO\CompatTelRunner.exe: [Debugger] %windir%\System32\taskkill.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FSL Launcher.lnk [2019-12-14]
ShortcutTarget: FSL Launcher.lnk -> C:\Program Files (x86)\FSL\FSL_Launcher\FSL_Launcher.exe (FSL - FreeSoftLand) [Fichier non signé]
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MouClient.lnk [2020-06-03]
ShortcutTarget: MouClient.lnk -> C:\Program Files (x86)\SilverCrest SMLM 807 A1 Driver\MouClient_FD2_9063RL.exe (Siliten) [Fichier non signé]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2020-01-06]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {003BC3A3-5050-474B-B468-AE7EA86D7174} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [1586688 2017-01-23] (Bitdefender LLC) [Fichier non signé]
Task: {07829167-7713-46FB-93C7-F8074927A395} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {08CA2421-DFF8-4A8A-A67B-5B8355290389} - System32\Tasks\taches CB\Chat_bouffe => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('Remplir la gamelle des chats.','Chats.')}"
Task: {0A198E85-EBC9-4DB6-B363-8F4B63476535} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-14] (Google Inc -> Google LLC)
Task: {0DAE1B02-DF91-49E4-924C-050D67497676} - System32\Tasks\CCleanerSkipUAC - Admin => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1745A578-8BE4-4EF3-A183-3263786D05FF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {2225A9A5-F387-455B-81C8-A9C0BD2F5DAC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {25E83E7C-D1F7-4FF2-AAE1-8C69D2A2C8FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {2748CB04-F018-4426-9709-1029D9017F91} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
Task: {29FAA161-5C64-4266-BC1B-CA6F09AD8682} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {4276420C-347F-4705-8F31-0AD12D385AF2} - System32\Tasks\taches CB\O2pulsat => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('Mesurer O² et la pulsation et les inscrire sur fichier XLS.','Mesurer saturation et pulsation')}"
Task: {4282594F-ACD4-4D1A-BA4B-6E723F4F3681} - System32\Tasks\NCH Software\VideoPadCacheDeleteAll => C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe [11085352 2021-10-15] (NCH Software, Inc. -> NCH Software)
Task: {6DDD415E-CCAF-461D-A598-7A758BE766B7} - \TEST AFFICHE FENETRE 2 -> Pas de fichier <==== ATTENTION
Task: {781BB2FF-69F9-48AC-BFA2-B83C1C8B6B0A} - System32\Tasks\NCH Software\VideoPadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [11085352 2021-10-15] (NCH Software, Inc. -> NCH Software)
Task: {9B0AA682-51ED-4451-BAA1-EBDA8F4AD13A} - System32\Tasks\taches CB\Aspi-filtre-mousse => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('NETTOYER FILTRE MOUSSE DE L ASPIRATEUR.','Aspirateur')}"
Task: {9C310E71-44C1-48D9-904C-28B3C64739D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9CC3A8A5-C5F4-4190-A47F-FAA580F805F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0794FDF-35F1-4E88-8C9C-7145B10311F4} - System32\Tasks\taches CB\Aspi-filtre-papier => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('NETTOYER LES FILTRES DE L ASPIRATEUR (MOUSSE ET PAPIER). VERIFIER SI LE BAC DE POUSSIERE EST PLEIN.','Aspirateur')}"
Task: {AECA3303-71EC-48BB-B20C-49F174F2C7E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBA582AB-1003-466A-8D6B-96BB50D81F38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-14] (Google Inc -> Google LLC)
Task: {CF6A84FB-CBF0-44AB-9CAD-6B7359477B96} - System32\Tasks\taches CB\Sauve clé usb => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('FAIRE LA SAUVEGARDE DE LA CLE USB.','Aspirateur')}"
Task: {DF73B7B6-F4A2-4C37-BEE6-E1DF0130219C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3EDB0FE-9040-426E-BCE3-D664AFCBAC80} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-10-20] () [Fichier non signé]
Task: {E99871BF-C585-4C40-BB0E-E7EE9DC5E6CC} - System32\Tasks\taches CB\restosys => cscript C:\retauration\create_restore_point.vbs"
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{44466e0e-f511-4a62-a56e-5c9d79bc8c39}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7872780d-a5cb-4fc8-841e-18e2d70efa7d}: [NameServer] 8.8.8.8,8.8.4.4
Edge:
=======
DownloadDir: C:\Users\Admin\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-188433853-1034861487-459835961-1001 -> hxxp://free.fr/
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-03]
Edge DownloadDir: Default -> C:\Users\Admin\Downloads
Edge HomePage: Default -> hxxp://free.fr/
Edge StartupUrls: Default -> "hxxp://www.free.fr/"
Edge Extension: (Extension Abonnement RSS) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbjofpiipnjjiedmddjdbhbfpbafbakk [2021-07-26]
Edge Extension: (Satin Stacks) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cgilogkdbbgmgabhfoaaaedodhelhndn [2021-07-23]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-26]
Edge Extension: (RSS Reader Extension (by Inoreader)) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lbjfhdjlblncekgomhadnnpampcahhal [2021-07-26]
Edge HKU\S-1-5-21-188433853-1034861487-459835961-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: LyN92pbQ.default
FF DefaultProfile: 76khbak4.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299 [2021-11-04]
FF Homepage: Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299 -> hxxps://zimbra.free.fr|hxxp://panbelgique.motards.net/search?search_id=newposts
FF Notifications: Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299 -> hxxps://motosnord.forumdesfans.com
FF Extension: (WebTranslate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\98a81af4-fb95-4bd5-addd-72e6d3957dde@webtranslate.fr.xpi [2021-07-18]
FF Extension: (Facebook Container) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\@contain-facebook.xpi [2021-08-03]
FF Extension: (AdBlocker Ultimate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\adblockultimate@adblockultimate.net.xpi [2021-10-07]
FF Extension: (Google images view image button) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\google_images_view_image_button@mail.com.xpi [2021-07-18]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-10-01]
FF Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com.xpi [2021-09-14]
FF Extension: (Voir image) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2021-08-03]
FF Extension: (Search by Image) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c}.xpi [2021-11-04]
FF Extension: (Nightly and Aurora) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{596ea437-a17b-4b82-a56c-23a33177512e}.xpi [2021-07-18]
FF Extension: (Aurora Borealis) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{66890fd9-47b8-4c1f-a749-ed27a1f88834}.xpi [2021-07-18]
FF Extension: (Livemarks) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{c5867acc-54c9-4074-9574-04d8818d53e8}.xpi [2021-10-15]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-01]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\LyN92pbQ.default [2020-05-25]
FF Extension: (Avira Password Manager) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\LyN92pbQ.default\Extensions\passwordmanager@avira.com [2019-12-14]
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\LyN92pbQ.default\searchplugins\AdTrustMediaComodo Dragon.xml [2020-02-20]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\kompozer.net\KompoZer\Profiles\ridsx094.default [2021-10-13]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default [2020-04-12]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-cs@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-de@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (English (US) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Español (España) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Finnish Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-fi@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Français Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-fr@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Galego (España) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-gl@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-he@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-hu@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-it@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Japanese Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-ja@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Korean (KR) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-ko@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-nl@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Polski Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-pl@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Russian (RU) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-ru@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-sl@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (српски (sr) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-sr@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => non trouvé(e)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\adslTV\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-07-18] <==== ATTENTION (Pointe vers un fichier *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-07-18] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2021-11-04]
CHR HomePage: Default -> hxxp://google.fr/
CHR StartupUrls: Default -> "hxxps://fr.yahoo.com/?fr=fpc-comodo&type=81_33050001006_80.0.3987.87_u_hp_sp"
CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_33050001006_80.0.3987.87_u_ds_sp&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-09-15]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-14]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-14]
CHR Extension: (Avira Password Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-11-02]
CHR Extension: (Search by Image) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnojnbdhbhnkbcieeekonklommdnndci [2021-11-04]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-14]
CHR Extension: (Easy AdBlocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gginmiamniniinhbipmknjiefidjlnob [2020-01-06]
CHR Extension: (Google Docs hors connexion) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-14]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-22]
CHR Extension: (Lanceur d'applications pour Drive (par Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-07-22]
CHR Extension: (Extension Abonnement RSS (par Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2021-07-26]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-10]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-03]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-11-03]
CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-08-15]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-15]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-15]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-15]
CHR Extension: (Avira Password Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-08-15]
CHR Extension: (Avira Safe Shopping) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-08-15]
CHR Extension: (Adblock pour Youtube™) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-08-15]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-15]
CHR Extension: (Stay secure with CyberGhost VPN Free Proxy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffbkglfijbcbgblgflchnbphjdllaogb [2021-08-15]
CHR Extension: (Google Docs hors connexion) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-15]
CHR Extension: (Lanceur d'applications pour Drive (par Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-08-15]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-15]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-15]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-15]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-03]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKU\S-1-5-21-188433853-1034861487-459835961-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2021-06-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7055304 2021-10-22] (GlassWire -> SecureMix LLC)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [447104 2021-06-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7826104 2021-11-03] (Malwarebytes Inc -> Malwarebytes)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2012-02-17] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [83480 2021-09-28] (QFX Software Corporation -> )
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [114384 2021-04-21] (Code Sector -> )
R2 TeraCopyService.exe; C:\Program Files\TeraCopy\TeraCopyService.exe [114384 2021-04-21] (Code Sector -> )
R2 TTHOMEService; C:\Program Files\TomTom HOME\TTHOMEService.exe [97792 2019-04-17] (TomTom) [Fichier non signé]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [101152 2017-06-01] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 AviraUpdaterService; "C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe" [X]
S3 DisplayFusionService; "F:\displayFusion\DisplayFusion\DisplayFusionService.exe" [X]
S2 HCloverService; C:\Program Files (x86)\Clover\CloverSvc.dll [X]
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbc.sys [46384 2021-05-11] (Sena Technologies, Inc. -> CSR plc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R3 InputFilter_Hid_FlexDef2b; C:\WINDOWS\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Siliten)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [243800 2018-09-08] (QFX Software Corporation -> QFX Software Corporation)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [674104 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1469240 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [273176 2021-08-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-06-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [265176 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [315032 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [113952 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [225648 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-03] (Malwarebytes Inc -> Malwarebytes)
R3 MouFilter_Mou_FlexDef4; C:\WINDOWS\System32\drivers\MouFilter_FlexDef4.sys [15360 2010-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Siliten)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-14] (Microsoft Windows -> Microsoft Corporation)
S3 WiseUnlock; C:\Windows\WiseUnlock64.sys [33864 2020-03-11] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Exécuté par Admin (administrateur) sur DESKTOP-MGHF6B7 (ASUS All Series) (04-11-2021 19:55:21)
Exécuté depuis C:\Users\Admin\Desktop
Profils chargés: Admin
Plate-forme: Microsoft Windows 10 Famille Version 20H2 19042.1288 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender LLC) [Fichier non signé] C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
(Code Sector -> ) C:\Program Files\TeraCopy\TeraCopyService.exe <2>
(EJIE Technology) [Fichier non signé] C:\Program Files (x86)\Clover\clover.exe
(FSL - FreeSoftLand) [Fichier non signé] C:\Program Files (x86)\FSL\FSL_Launcher\FSL_Launcher.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Heidi Computers Ltd -> The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Open Source Developer, Dominik Reichl -> Dominik Reichl) C:\Program Files\KeePass Password Safe 2\KeePass.exe
(QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation -> QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Siliten) [Fichier non signé] C:\Program Files (x86)\SilverCrest SMLM 807 A1 Driver\MouClient_FD2_9063RL.exe
(TomTom) [Fichier non signé] C:\Program Files\TomTom HOME\TTHOMEService.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9274304 2018-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3190384 2021-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1068624 2020-10-11] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [InboxMonitor] => C:\Program Files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe [114688 2012-02-17] () [Fichier non signé]
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2012-02-17] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641384 2012-02-17] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PdfProInboxMonitor] => C:\Program Files (x86)\Nuance\PDF Professional 7\InboxMonitor.exe [114688 2012-02-17] () [Fichier non signé]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [512536 2021-09-28] (QFX Software Corporation -> QFX Software Corporation)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\49.0.9.0\GoogleDriveFS.exe --startup_mode
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\49.0.9.0\GoogleDriveFS.exe --startup_mode
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35116160 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME\TTHOMERunner.exe [332288 2019-12-17] (TomTom) [Fichier non signé]
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [] => [X]
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [3190384 2021-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [WinLaunch] => Z:\00-images mail af\WinLaunch\WinLaunch.exe -hide
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9803720 2021-11-03] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] True
HKU\S-1-5-21-188433853-1034861487-459835961-1001\...\MountPoints2: {aff99e7c-234e-11ea-8d1c-7824af3b34eb} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-188433853-1034861487-459835961-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [581120 2021-01-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\49.0.9.0\GoogleDriveFS.exe --startup_mode
HKU\S-1-5-18\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9803720 2021-11-03] (GlassWire -> SecureMix LLC)
HKLM\...\Print\Monitors\EPSON Stylus DX4400 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMCAE.DLL [129536 2006-12-08] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-01] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-09-09] (Adobe Inc. -> Adobe Systems, Inc.)
IFEO\CompatTelRunner.exe: [Debugger] %windir%\System32\taskkill.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FSL Launcher.lnk [2019-12-14]
ShortcutTarget: FSL Launcher.lnk -> C:\Program Files (x86)\FSL\FSL_Launcher\FSL_Launcher.exe (FSL - FreeSoftLand) [Fichier non signé]
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MouClient.lnk [2020-06-03]
ShortcutTarget: MouClient.lnk -> C:\Program Files (x86)\SilverCrest SMLM 807 A1 Driver\MouClient_FD2_9063RL.exe (Siliten) [Fichier non signé]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2020-01-06]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {003BC3A3-5050-474B-B468-AE7EA86D7174} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [1586688 2017-01-23] (Bitdefender LLC) [Fichier non signé]
Task: {07829167-7713-46FB-93C7-F8074927A395} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {08CA2421-DFF8-4A8A-A67B-5B8355290389} - System32\Tasks\taches CB\Chat_bouffe => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('Remplir la gamelle des chats.','Chats.')}"
Task: {0A198E85-EBC9-4DB6-B363-8F4B63476535} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-14] (Google Inc -> Google LLC)
Task: {0DAE1B02-DF91-49E4-924C-050D67497676} - System32\Tasks\CCleanerSkipUAC - Admin => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1745A578-8BE4-4EF3-A183-3263786D05FF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {2225A9A5-F387-455B-81C8-A9C0BD2F5DAC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {25E83E7C-D1F7-4FF2-AAE1-8C69D2A2C8FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {2748CB04-F018-4426-9709-1029D9017F91} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
Task: {29FAA161-5C64-4266-BC1B-CA6F09AD8682} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {4276420C-347F-4705-8F31-0AD12D385AF2} - System32\Tasks\taches CB\O2pulsat => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('Mesurer O² et la pulsation et les inscrire sur fichier XLS.','Mesurer saturation et pulsation')}"
Task: {4282594F-ACD4-4D1A-BA4B-6E723F4F3681} - System32\Tasks\NCH Software\VideoPadCacheDeleteAll => C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe [11085352 2021-10-15] (NCH Software, Inc. -> NCH Software)
Task: {6DDD415E-CCAF-461D-A598-7A758BE766B7} - \TEST AFFICHE FENETRE 2 -> Pas de fichier <==== ATTENTION
Task: {781BB2FF-69F9-48AC-BFA2-B83C1C8B6B0A} - System32\Tasks\NCH Software\VideoPadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [11085352 2021-10-15] (NCH Software, Inc. -> NCH Software)
Task: {9B0AA682-51ED-4451-BAA1-EBDA8F4AD13A} - System32\Tasks\taches CB\Aspi-filtre-mousse => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('NETTOYER FILTRE MOUSSE DE L ASPIRATEUR.','Aspirateur')}"
Task: {9C310E71-44C1-48D9-904C-28B3C64739D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9CC3A8A5-C5F4-4190-A47F-FAA580F805F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972184 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0794FDF-35F1-4E88-8C9C-7145B10311F4} - System32\Tasks\taches CB\Aspi-filtre-papier => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('NETTOYER LES FILTRES DE L ASPIRATEUR (MOUSSE ET PAPIER). VERIFIER SI LE BAC DE POUSSIERE EST PLEIN.','Aspirateur')}"
Task: {AECA3303-71EC-48BB-B20C-49F174F2C7E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBA582AB-1003-466A-8D6B-96BB50D81F38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-12-14] (Google Inc -> Google LLC)
Task: {CF6A84FB-CBF0-44AB-9CAD-6B7359477B96} - System32\Tasks\taches CB\Sauve clé usb => powershell -WindowStyle hidden -Command "& {[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('FAIRE LA SAUVEGARDE DE LA CLE USB.','Aspirateur')}"
Task: {DF73B7B6-F4A2-4C37-BEE6-E1DF0130219C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3EDB0FE-9040-426E-BCE3-D664AFCBAC80} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-10-20] () [Fichier non signé]
Task: {E99871BF-C585-4C40-BB0E-E7EE9DC5E6CC} - System32\Tasks\taches CB\restosys => cscript C:\retauration\create_restore_point.vbs"
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{44466e0e-f511-4a62-a56e-5c9d79bc8c39}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7872780d-a5cb-4fc8-841e-18e2d70efa7d}: [NameServer] 8.8.8.8,8.8.4.4
Edge:
=======
DownloadDir: C:\Users\Admin\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-188433853-1034861487-459835961-1001 -> hxxp://free.fr/
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-03]
Edge DownloadDir: Default -> C:\Users\Admin\Downloads
Edge HomePage: Default -> hxxp://free.fr/
Edge StartupUrls: Default -> "hxxp://www.free.fr/"
Edge Extension: (Extension Abonnement RSS) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbjofpiipnjjiedmddjdbhbfpbafbakk [2021-07-26]
Edge Extension: (Satin Stacks) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cgilogkdbbgmgabhfoaaaedodhelhndn [2021-07-23]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-26]
Edge Extension: (RSS Reader Extension (by Inoreader)) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lbjfhdjlblncekgomhadnnpampcahhal [2021-07-26]
Edge HKU\S-1-5-21-188433853-1034861487-459835961-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: LyN92pbQ.default
FF DefaultProfile: 76khbak4.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299 [2021-11-04]
FF Homepage: Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299 -> hxxps://zimbra.free.fr|hxxp://panbelgique.motards.net/search?search_id=newposts
FF Notifications: Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299 -> hxxps://motosnord.forumdesfans.com
FF Extension: (WebTranslate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\98a81af4-fb95-4bd5-addd-72e6d3957dde@webtranslate.fr.xpi [2021-07-18]
FF Extension: (Facebook Container) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\@contain-facebook.xpi [2021-08-03]
FF Extension: (AdBlocker Ultimate) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\adblockultimate@adblockultimate.net.xpi [2021-10-07]
FF Extension: (Google images view image button) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\google_images_view_image_button@mail.com.xpi [2021-07-18]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-10-01]
FF Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com.xpi [2021-09-14]
FF Extension: (Voir image) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2021-08-03]
FF Extension: (Search by Image) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c}.xpi [2021-11-04]
FF Extension: (Nightly and Aurora) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{596ea437-a17b-4b82-a56c-23a33177512e}.xpi [2021-07-18]
FF Extension: (Aurora Borealis) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{66890fd9-47b8-4c1f-a749-ed27a1f88834}.xpi [2021-07-18]
FF Extension: (Livemarks) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{c5867acc-54c9-4074-9574-04d8818d53e8}.xpi [2021-10-15]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5oslngci.default-release-1626622396299\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-01]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\LyN92pbQ.default [2020-05-25]
FF Extension: (Avira Password Manager) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\LyN92pbQ.default\Extensions\passwordmanager@avira.com [2019-12-14]
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\LyN92pbQ.default\searchplugins\AdTrustMediaComodo Dragon.xml [2020-02-20]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\kompozer.net\KompoZer\Profiles\ridsx094.default [2021-10-13]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default [2020-04-12]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-cs@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-de@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (English (US) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Español (España) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Finnish Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-fi@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Français Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-fr@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Galego (España) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-gl@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-he@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-hu@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-it@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Japanese Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-ja@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Korean (KR) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-ko@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-nl@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Polski Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-pl@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Russian (RU) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-ru@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-sl@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (српски (sr) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-sr@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Admin\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\76khbak4.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2020-04-12] [] [non signé]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => non trouvé(e)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\adslTV\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-07-18] <==== ATTENTION (Pointe vers un fichier *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-07-18] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2021-11-04]
CHR HomePage: Default -> hxxp://google.fr/
CHR StartupUrls: Default -> "hxxps://fr.yahoo.com/?fr=fpc-comodo&type=81_33050001006_80.0.3987.87_u_hp_sp"
CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_33050001006_80.0.3987.87_u_ds_sp&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-09-15]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-14]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-14]
CHR Extension: (Avira Password Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-11-02]
CHR Extension: (Search by Image) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnojnbdhbhnkbcieeekonklommdnndci [2021-11-04]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-14]
CHR Extension: (Easy AdBlocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gginmiamniniinhbipmknjiefidjlnob [2020-01-06]
CHR Extension: (Google Docs hors connexion) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-14]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-22]
CHR Extension: (Lanceur d'applications pour Drive (par Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-07-22]
CHR Extension: (Extension Abonnement RSS (par Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2021-07-26]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-10]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-03]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-11-03]
CHR Extension: (Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-08-15]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-08-15]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-15]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-08-15]
CHR Extension: (Avira Password Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-08-15]
CHR Extension: (Avira Safe Shopping) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-08-15]
CHR Extension: (Adblock pour Youtube™) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-08-15]
CHR Extension: (Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-15]
CHR Extension: (Stay secure with CyberGhost VPN Free Proxy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffbkglfijbcbgblgflchnbphjdllaogb [2021-08-15]
CHR Extension: (Google Docs hors connexion) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-15]
CHR Extension: (Lanceur d'applications pour Drive (par Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-08-15]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-15]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-15]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-15]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-03]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKU\S-1-5-21-188433853-1034861487-459835961-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2021-06-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052952 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7055304 2021-10-22] (GlassWire -> SecureMix LLC)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [447104 2021-06-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7826104 2021-11-03] (Malwarebytes Inc -> Malwarebytes)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2012-02-17] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [83480 2021-09-28] (QFX Software Corporation -> )
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [114384 2021-04-21] (Code Sector -> )
R2 TeraCopyService.exe; C:\Program Files\TeraCopy\TeraCopyService.exe [114384 2021-04-21] (Code Sector -> )
R2 TTHOMEService; C:\Program Files\TomTom HOME\TTHOMEService.exe [97792 2019-04-17] (TomTom) [Fichier non signé]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [101152 2017-06-01] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 AviraUpdaterService; "C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe" [X]
S3 DisplayFusionService; "F:\displayFusion\DisplayFusion\DisplayFusionService.exe" [X]
S2 HCloverService; C:\Program Files (x86)\Clover\CloverSvc.dll [X]
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbc.sys [46384 2021-05-11] (Sena Technologies, Inc. -> CSR plc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R3 InputFilter_Hid_FlexDef2b; C:\WINDOWS\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Siliten)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [243800 2018-09-08] (QFX Software Corporation -> QFX Software Corporation)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [674104 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1469240 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [273176 2021-08-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-06-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [265176 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [315032 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [113952 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [225648 2021-09-23] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-03] (Malwarebytes Inc -> Malwarebytes)
R3 MouFilter_Mou_FlexDef4; C:\WINDOWS\System32\drivers\MouFilter_FlexDef4.sys [15360 2010-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Siliten)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-14] (Microsoft Windows -> Microsoft Corporation)
S3 WiseUnlock; C:\Windows\WiseUnlock64.sys [33864 2020-03-11] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)