Publicité
Publicité
Commentaire : FRST Rapport
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 25-08-2023
Exécuté par bedek (administrateur) sur DESKTOP-QP9JPF4 (Dell Inc. XPS 8500) (27-08-2023 13:21:38)
Exécuté depuis D:\Users\bedek\Desktop\FRST64.exe
Profils chargés: bedek
Plate-forme: Microsoft Windows 10 Famille Version 22H2 19045.3324 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe ->) (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe <7>
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe <2>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (Mega Limited -> Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <4>
(explorer.exe ->) (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\Vpn.exe <5>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(Heidi Computers Ltd -> The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\bedek\AppData\Local\Microsoft\OneDrive\23.153.0724.0003\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(services.exe ->) (ArcSoft, Inc. -> ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(services.exe ->) (GuinpinSoft inc) [Fichier non signé] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.2.0_x64.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Photodex Corporation -> ) C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(services.exe ->) (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\VpnSvc.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> ) C:\Windows\runSW.exe
(services.exe ->) (voidtools -> ) C:\Program Files (x86)\Everything\Everything.exe <3>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1068560 2019-08-18] (Heidi Computers Ltd -> The Eraser Project)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3992208 2014-10-03] (Stardock Corporation -> Stardock Corporation)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1667208 2020-11-24] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-21] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Fichier non signé]
HKLM-x32\...\Run: [XPE] => C:\Program Files (x86)\XPE Windows 10 DPI Fix\XPEWindows10_DPI.exe [28672 2015-08-21] (XPExplorer.com - 2015) [Fichier non signé]
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1710880 2019-01-26] (voidtools -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-26] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-915969086-1333566815-1066330387-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\bedek\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-915969086-1333566815-1066330387-1001\...\Run: [MicrosoftEdgeAutoLaunch_53B5C0E94C8AB9E07EB8DCDF45C66283] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4107728 2023-08-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-915969086-1333566815-1066330387-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] True
HKU\S-1-5-21-915969086-1333566815-1066330387-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ENTERT~1.SCR [1687552 2004-01-04] () [Fichier non signé]
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\system32\cpwmon64.dll [89008 2016-01-22] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\PDF-XChange5-ABBYY-FR15: C:\Windows\system32\pxc50pmaf15.dll [57328 2018-12-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.111\Installer\chrmstp.exe [2023-08-25] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{09B25A4E-0D4F-4F1C-8823-4D1883624626}] -> C:\Program Files (x86)\ABBYY FineReader 15\ScreenshotReader.exe [2020-06-15] (ABBYY Production LLC -> ABBYY Production LLC.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA VPN.lnk [2023-07-27]
ShortcutTarget: HMA VPN.lnk -> C:\Program Files\Privax\HMA VPN\Vpn.exe (Privax Limited -> Privax Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk [2020-09-10]
ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP Button Manager\BM.exe (Hewlett-Packard Company -> )
Startup: C:\Users\bedek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2020-10-31]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\bedek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-08-05]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
==================== Tâches planifiées (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {02CE61B9-57F3-4703-BD10-586E87FB255F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {0D130C25-2661-4DED-8AFC-2D7E1A5E336E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {BF647C1B-F79A-4B60-A32D-55BE8620CE82} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {725DED6E-C263-4AA9-B321-90C9FC09AAB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-04] (Google LLC -> Google LLC)
Task: {AB95C05E-3B0F-47D5-876E-05064B7CE415} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-04] (Google LLC -> Google LLC)
Task: {53018614-8D49-4832-905D-947D51A9AF54} - System32\Tasks\HMA VPN Update => C:\Program Files\Privax\HMA VPN\VpnUpdate.exe [1369992 2023-07-27] (Privax Limited -> Privax Limited)
Task: {4061E76F-E23A-425F-9709-C6299C76DBD0} - System32\Tasks\IcarusPrivaxVpnUpgrade => C:\Program Files\Privax\HMA VPN\setup\privax_vpn_online_setup.exe -> /silent /ShowVpnGui=0 /RestartUpdaterTaskName=IcarusPrivaxVpnUpgrade /RestartUpdaterAppExe="C:\Program Files\Privax\HMA VPN\setup\privax_vpn_online_setup.exe"
Task: {8494F64F-9A14-40C0-AB01-6B947F3A20FB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-07-06] () [Fichier non signé]
Task: {DCC65680-7A64-4078-9DFA-3A6C1664DBF4} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-915969086-1333566815-1066330387-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [1776304 2023-08-23] (Mega Limited -> )
Task: {17A6B558-15CA-48C4-9657-7C0952EAB176} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAE24948-9604-4334-BC5D-CAA895486578} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {476923EA-16F6-4402-95AD-32F1F15DBA42} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7A81C0A-7648-4A0C-A3E6-1F4880A70B74} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {45837E39-A575-4247-8870-72F7A5A68778} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {6BC86D2E-2E0F-468A-B20D-E87249D64458} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {0A84E8D8-E954-4532-B0AD-7620FB2BC061} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {0A84E8D8-E954-4532-B0AD-7620FB2BC061} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {0A84E8D8-E954-4532-B0AD-7620FB2BC061} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {63AB2460-483A-4C26-84A3-6F474BEBC0C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A8C624B6-D613-439F-8F64-0407250CC3F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5F909EB-E88E-4695-B360-F130BFCF5BC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1D8BF942-AFBF-4878-999B-38F41FE3378A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7A177D77-92C2-4335-82B3-60279E7B0024} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [687008 2023-08-23] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B4DC4F4A-9D63-49E6-A683-7CC1F64AB4B5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {99EB03DC-3EEA-425A-8805-E1831BA80C81} - System32\Tasks\Privax\HMA VPN Bug Report => C:\Program Files\Privax\HMA VPN\AvBugReport.exe [4759432 2023-07-27] (Privax Limited -> Privax Limited) -> --filter "*.dmp;*.mdmp;icarus.log" --send "dumps|report" --silent --product 78 --programpath "C:\Program Files\Privax\HMA VPN" --configpath "C:\ProgramData\Privax\HMA VPN" --path "C:\ProgramData\Privax\HMA VPN\log" --path "C:\ProgramData\Privax\Icarus\Logs" --logpath "C:\ProgramData\Privax\HMA VPN\l (l'élément de données a 47 caractères en plus).
Task: {9A50155A-C991-42D0-A1B0-407280FBD8DB} - System32\Tasks\Privax\HMA VPN Update => C:\Program Files\Common Files\Privax\Icarus\privax-vpn\icarus.exe [7095688 2023-07-18] (Privax Limited -> Privax Limited)
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\..\Interfaces\{03b78802-2349-4e6b-ab89-81071c83f03d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1af915a2-ac3d-4d8f-9bf3-0b80f5ff8d09}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a57acf03-29bb-4001-8b2b-bc7c34666620}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{df16ff73-a6ab-442f-9d99-147d0e72503b}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge Profile: C:\Users\bedek\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-27]
Edge Extension: (Edge relevant text changes) - C:\Users\bedek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-23]
FireFox:
========
FF DefaultProfile: i56jfzeq.default
FF ProfilePath: C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default [2023-07-27]
FF Homepage: Mozilla\Firefox\Profiles\i56jfzeq.default -> www.google.fr
FF Extension: (Easy Screenshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2020-03-06]
FF Extension: (FoxyTab) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\foxytab@eros.man.xpi [2020-03-06]
FF Extension: (Disable WebRTC) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2020-04-19]
FF Extension: (Page Captures d'écran Web - Fireshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2020-06-27]
FF Extension: (Voir image) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2020-04-24]
FF Extension: (Video DownloadHelper) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-30]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-07-23]
FF ProfilePath: C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818 [2023-08-27]
FF Homepage: Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818 -> google.com
FF Extension: (Easy Screenshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\easyscreenshot@mozillaonline.com.xpi [2023-01-03]
FF Extension: (Disable WebRTC) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2021-09-21]
FF Extension: (uBlock Origin) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\uBlock0@raymondhill.net.xpi [2023-07-26]
FF Extension: (Page Captures d'écran Web - Fireshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2023-06-22]
FF Extension: (Voir image) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2023-08-23]
FF Extension: (EPUBReader) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2023-01-25]
FF Extension: (IIIF Download) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{9c16ac2c-a272-4136-9493-277c55d7f39c}.xpi [2021-09-21]
FF Extension: (Video DownloadHelper) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-26]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2021-01-25] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-10-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-10-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-26] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2022-01-22] () [Fichier non signé]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-26] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default [2023-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-25]
CHR Extension: (Pas de nom) - C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllpomlmiljchdbigeahkpflkonfjiob [2023-07-03]
CHR Extension: (Pas de nom) - C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-03]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-26] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.2.0_x64.exe [9728 2022-01-19] (GuinpinSoft inc) [Fichier non signé]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11878368 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1710880 2019-01-26] (voidtools -> )
R2 HmaProVpn; C:\Program Files\Privax\HMA VPN\VpnSvc.exe [10781064 2023-07-27] (Privax Limited -> Privax Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9283096 2023-08-25] (Malwarebytes Inc. -> Malwarebytes)
R2 RunSwUSB; C:\Windows\runSW.exe [59232 2018-05-02] (Realtek Semiconductor Corp. -> )
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2022-01-22] (Photodex Corporation -> )
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [145984 2012-01-18] (ArcSoft, Inc. -> ArcSoft, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe [3104488 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe [133576 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
R3 ANVSOFT_WaveExtensible; C:\Windows\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 ArcSoftKsUFilter; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-03] (ArcSoft, Inc. -> ArcSoft, Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2021-09-16] (Microsoft Corporation) [Fichier non signé]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [154112 2021-10-13] (Microsoft Corporation) [Fichier non signé]
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Fichier non signé]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Fichier non signé]
S3 hmatap; C:\Windows\System32\drivers\hmatap.sys [36456 2018-09-05] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222672 2023-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl06c70f8a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF0B31C4-2D34-4263-A478-5792E71F37AB}\MpKslDrv.sys [222464 2023-08-27] (Microsoft Windows -> Microsoft Corporation)
R3 pvxVpnRdr; C:\Windows\System32\drivers\pvxVpnRdr.sys [76504 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Privax Limited)
R3 pvxWintun; C:\Windows\System32\drivers\pvxWintun.sys [48016 2022-12-02] (Privax Limited -> Privax Limited)
S3 pvxWireGuard; C:\Windows\System32\drivers\pvxWireguard.sys [500440 2022-12-02] (Privax Limited -> WireGuard LLC)
R1 RsProxy; C:\Windows\system32\drivers\RsProxy.sys [15976 2020-09-10] (Realtek Semiconductor Corp -> )
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55704 2023-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572656 2023-08-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [104688 2023-08-23] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Trois mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2023-08-27 13:20 - 2023-08-27 13:21 - 000000000 ____D C:\FRST
2023-08-26 10:51 - 2023-08-26 10:55 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Access
2023-08-25 09:09 - 2023-08-25 11:39 - 000000000 ____D C:\Users\bedek\AppData\Roaming\balena-etcher
2023-08-23 14:51 - 2023-08-27 09:06 - 106430464 _____ C:\Windows\system32\config\SOFTWARE
2023-08-23 14:45 - 2023-08-23 14:51 - 000000000 ____D C:\Windows\Microsoft Antimalware
2023-08-23 10:49 - 2023-08-24 09:37 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-08-23 08:38 - 2023-08-23 08:38 - 000000000 ___HD C:\$WinREAgent
2023-08-23 08:02 - 2023-08-23 10:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-07-30 08:17 - 2023-07-30 08:17 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-07-27 08:00 - 2023-07-27 08:00 - 000001972 _____ C:\Users\Public\Desktop\HMA VPN.lnk
2023-07-17 17:58 - 2023-07-17 17:58 - 000000000 ____D C:\Users\bedek\AppData\Roaming\MPC-HC
2023-06-22 14:41 - 2023-06-22 14:57 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Deezloader Remix
==================== Trois mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2023-08-27 13:19 - 2022-02-10 15:32 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-27 13:16 - 2020-08-04 18:53 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Everything
2023-08-27 13:16 - 2020-08-04 18:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-27 12:55 - 2021-12-16 00:39 - 000000000 ____D C:\Windows\SystemTemp
2023-08-27 12:55 - 2020-08-04 20:35 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-27 12:51 - 2020-08-05 08:08 - 000000000 ____D C:\Users\bedek\AppData\Roaming\ZHP
2023-08-27 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-27 11:03 - 2020-08-04 19:42 - 000000000 ____D C:\Users\bedek\AppData\LocalLow\Mozilla
2023-08-27 10:44 - 2021-05-27 17:53 - 003343008 _____ (Nicolas Coolman) C:\Users\bedek\ZHPCleaner.exe
2023-08-27 10:44 - 2020-08-04 19:49 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Word
2023-08-27 10:44 - 2020-08-04 18:14 - 000000000 ____D C:\Users\bedek
2023-08-27 09:12 - 2020-08-04 18:10 - 001681370 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-27 09:12 - 2019-12-07 16:49 - 000755174 _____ C:\Windows\system32\perfh00C.dat
2023-08-27 09:12 - 2019-12-07 16:49 - 000141980 _____ C:\Windows\system32\perfc00C.dat
2023-08-27 09:12 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-08-27 09:07 - 2022-10-27 16:31 - 000003946 _____ C:\Windows\system32\Tasks\HMA VPN Update
2023-08-27 09:07 - 2020-08-04 22:14 - 000000000 ____D C:\ProgramData\Privax
2023-08-27 09:07 - 2020-08-04 19:36 - 000000000 ____D C:\ProgramData\NVIDIA
2023-08-27 09:07 - 2020-08-04 18:05 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-27 09:07 - 2020-08-04 18:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-27 09:06 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-08-27 08:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-27 08:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-26 23:06 - 2020-08-05 09:08 - 000000000 ____D C:\Users\bedek\AppData\Roaming\vlc
2023-08-26 19:53 - 2020-08-27 01:04 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-26 19:53 - 2020-08-27 01:04 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-08-26 09:09 - 2021-02-20 13:28 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-08-26 09:09 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-08-25 13:04 - 2020-08-04 19:49 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Office
2023-08-25 11:32 - 2020-08-06 01:03 - 000000028 _____ C:\Windows\OutLog.txt
2023-08-25 08:59 - 2020-08-04 20:35 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-08-24 09:37 - 2020-08-04 19:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-24 00:00 - 2023-02-10 00:40 - 000000000 ____D C:\Users\bedek\AppData\Roaming\calibre
2023-08-23 23:15 - 2023-02-10 00:40 - 000001053 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2023-08-23 23:15 - 2023-02-10 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2023-08-23 23:15 - 2023-02-10 00:39 - 000000000 ____D C:\Program Files\Calibre2
2023-08-23 22:51 - 2021-04-20 00:41 - 000001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-08-23 19:47 - 2023-03-22 23:23 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2023-08-23 19:46 - 2021-05-22 08:14 - 000545970 _____ C:\Windows\ntbtlog.txt
2023-08-23 16:19 - 2020-08-16 12:37 - 000000000 ____D C:\Program Files\Recuva
2023-08-23 14:04 - 2021-05-22 08:14 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-08-23 10:45 - 2020-08-04 18:05 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-23 10:35 - 2020-08-04 18:05 - 005172712 _____ C:\Windows\system32\FNTCACHE.DAT
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2023-08-23 08:44 - 2020-08-04 18:09 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-08-23 08:37 - 2020-08-04 18:30 - 000000000 ____D C:\Windows\system32\MRT
2023-08-23 08:34 - 2020-08-04 18:30 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-23 08:33 - 2022-01-21 11:42 - 000000000 ____D C:\Program Files\dotnet
2023-08-23 08:33 - 2020-08-04 21:54 - 000000000 ____D C:\ProgramData\Package Cache
2023-08-23 08:04 - 2020-08-04 19:42 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-23 08:01 - 2022-10-13 19:24 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-08-23 08:01 - 2022-10-13 19:24 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-08-23 08:01 - 2020-11-27 12:48 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-08-23 07:58 - 2020-08-04 19:39 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-23 07:53 - 2022-08-18 15:51 - 000002417 _____ C:\Users\bedek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-23 07:53 - 2021-12-13 18:09 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-915969086-1333566815-1066330387-1001
2023-08-23 07:53 - 2020-08-04 18:19 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-915969086-1333566815-1066330387-1001
2023-08-23 07:52 - 2020-08-04 22:53 - 000000000 ____D C:\ProgramData\MEGAsync
2023-08-23 07:50 - 2020-12-04 20:21 - 000003884 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2023-08-23 07:50 - 2020-12-04 20:21 - 000003760 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-31 13:10 - 2021-01-05 23:52 - 000000000 ____D C:\Program Files (x86)\Everything
2023-07-30 17:07 - 2020-08-04 19:51 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Excel
2023-07-30 08:17 - 2021-03-06 01:25 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2023-07-28 13:17 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2023-07-28 08:24 - 2020-08-04 18:31 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Fichiers à la racine de certains dossiers ========
2021-05-27 17:53 - 2023-08-27 10:44 - 003343008 _____ (Nicolas Coolman) C:\Users\bedek\ZHPCleaner.exe
2023-06-07 23:54 - 2022-10-18 09:24 - 007176968 _____ () C:\Program Files\_DSC6361.JPG
2021-02-07 01:29 - 2021-02-07 01:29 - 000000112 _____ () C:\Users\bedek\AppData\Roaming\Préfs JP2K CS6
2020-11-24 20:10 - 2020-11-24 20:10 - 000000000 _____ () C:\Users\bedek\AppData\Local\oobelibMkey.log
==================== SigCheckExt =========================
2020-08-06 01:01 - 2015-09-21 00:30 - 003557000 _____ C:\Windows\system32\BootMan.exe
2020-08-06 01:01 - 2014-11-18 14:46 - 000017504 _____ C:\Windows\system32\EuEpmGdi.dll
2021-04-20 01:00 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2020-08-06 01:01 - 2014-11-18 14:38 - 000101984 _____ C:\Windows\system32\setupempdrvx64.exe
2021-04-20 01:00 - 2017-07-30 12:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2021-04-20 01:00 - 2019-12-28 11:00 - 000784384 _____ C:\Windows\system32\xvidcore.dll
2021-04-20 01:00 - 2019-12-28 11:00 - 000310784 _____ C:\Windows\system32\xvidvfw.dll
2020-08-21 10:57 - 2016-09-29 09:44 - 001298584 _____ C:\Windows\ddmmain.exe
2020-08-06 01:01 - 2015-09-21 00:19 - 002658952 _____ C:\Windows\SysWOW64\BootMan.exe
2020-08-06 01:01 - 2014-11-18 14:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2021-04-20 01:00 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2020-09-10 18:42 - 2005-05-28 06:58 - 000393216 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLUP60.dll
2020-09-10 18:42 - 2005-05-27 14:58 - 000249856 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLURT.dll
2020-09-10 18:42 - 2003-03-18 22:14 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2020-09-10 18:42 - 2003-02-21 04:42 - 000348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2022-01-21 11:09 - 2012-03-23 19:59 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2020-09-10 18:42 - 1995-07-31 13:44 - 000212480 _____ (Eastman Kodak) C:\Windows\SysWOW64\PCDLIB32.DLL
2020-08-06 01:01 - 2014-11-18 14:38 - 000088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2021-04-20 01:00 - 2017-07-30 12:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2021-04-20 01:00 - 2019-12-28 11:00 - 000681984 _____ C:\Windows\SysWOW64\xvidcore.dll
2021-04-20 01:00 - 2019-12-28 11:00 - 000284160 _____ C:\Windows\SysWOW64\xvidvfw.dll
2021-05-27 17:53 - 2023-08-27 10:44 - 003343008 _____ (Nicolas Coolman) C:\Users\bedek\ZHPCleaner.exe
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== BCD ================================
Gestionnaire de démarrage du microprogramme
-------------------------------------------
identificateur {fwbootmgr}
displayorder {bootmgr}
{5faa8920-44a8-11ee-b764-806e6f6e6963}
{3251514a-d674-11ea-8bc8-a600eed70c0c}
{32515147-d674-11ea-8bc8-a600eed70c0c}
{43025186-43f7-11ee-b762-806e6f6e6963}
timeout 0
Gestionnaire de démarrage Windows
---------------------------------
identificateur {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale fr-FR
inherit {globalsettings}
default {current}
resumeobject {3251514b-d674-11ea-8bc8-a600eed70c0c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Application logicielle (101fffff)
--------------------------------
identificateur {32515147-d674-11ea-8bc8-a600eed70c0c}
description KingstonDataTraveler 2.0PMAP
Application logicielle (101fffff)
--------------------------------
identificateur {3251514a-d674-11ea-8bc8-a600eed70c0c}
description KINGSTON SA400S37480G
Application logicielle (101fffff)
--------------------------------
identificateur {43025186-43f7-11ee-b762-806e6f6e6963}
description P2: PLDS DVDRW/BDROM DH-12E3SH
Application logicielle (101fffff)
--------------------------------
identificateur {5faa8920-44a8-11ee-b764-806e6f6e6963}
device unknown
description UEFI: KingstonDataTraveler 2.0PMAP
Chargeur de démarrage Windows
-----------------------------
identificateur {current}
device partition=C:
path \Windows\system32\winload.efi
description Windows 10
locale fr-FR
inherit {bootloadersettings}
recoverysequence {3251514d-d674-11ea-8bc8-a600eed70c0c}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {3251514b-d674-11ea-8bc8-a600eed70c0c}
nx OptIn
bootmenupolicy Standard
Chargeur de démarrage Windows
-----------------------------
identificateur {3251514d-d674-11ea-8bc8-a600eed70c0c}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{3251514e-d674-11ea-8bc8-a600eed70c0c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale fr-fr
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{3251514e-d674-11ea-8bc8-a600eed70c0c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Reprendre à partir de la mise en veille prolongée
-------------------------------------------------
identificateur {3251514b-d674-11ea-8bc8-a600eed70c0c}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale fr-FR
inherit {resumeloadersettings}
recoverysequence {3251514d-d674-11ea-8bc8-a600eed70c0c}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Testeur de mémoire Windows
--------------------------
identificateur {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Diagnostics mémoire Windows
locale fr-FR
inherit {globalsettings}
badmemoryaccess Yes
Paramètres EMS
--------------
identificateur {emssettings}
bootems No
Paramètres du débogueur
-----------------------
identificateur {dbgsettings}
debugtype Local
Erreurs de mémoire RAM
----------------------
identificateur {badmemory}
Paramètres globaux
------------------
identificateur {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Paramètres du chargeur de démarrage
-----------------------------------
identificateur {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Paramètres de l'hyperviseur
-------------------
identificateur {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Paramètres du chargeur de reprise
---------------------------------
identificateur {resumeloadersettings}
inherit {globalsettings}
Options de périphérique
-----------------------
identificateur {3251514e-d674-11ea-8bc8-a600eed70c0c}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== Fin de FRST.txt ========================
Exécuté par bedek (administrateur) sur DESKTOP-QP9JPF4 (Dell Inc. XPS 8500) (27-08-2023 13:21:38)
Exécuté depuis D:\Users\bedek\Desktop\FRST64.exe
Profils chargés: bedek
Plate-forme: Microsoft Windows 10 Famille Version 22H2 19045.3324 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe ->) (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe <7>
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe <2>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (Mega Limited -> Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <4>
(explorer.exe ->) (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\Vpn.exe <5>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(Heidi Computers Ltd -> The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\bedek\AppData\Local\Microsoft\OneDrive\23.153.0724.0003\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(services.exe ->) (ArcSoft, Inc. -> ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(services.exe ->) (GuinpinSoft inc) [Fichier non signé] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.2.0_x64.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Photodex Corporation -> ) C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(services.exe ->) (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\VpnSvc.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> ) C:\Windows\runSW.exe
(services.exe ->) (voidtools -> ) C:\Program Files (x86)\Everything\Everything.exe <3>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1068560 2019-08-18] (Heidi Computers Ltd -> The Eraser Project)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3992208 2014-10-03] (Stardock Corporation -> Stardock Corporation)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1667208 2020-11-24] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-21] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Fichier non signé]
HKLM-x32\...\Run: [XPE] => C:\Program Files (x86)\XPE Windows 10 DPI Fix\XPEWindows10_DPI.exe [28672 2015-08-21] (XPExplorer.com - 2015) [Fichier non signé]
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1710880 2019-01-26] (voidtools -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-26] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-915969086-1333566815-1066330387-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\bedek\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-915969086-1333566815-1066330387-1001\...\Run: [MicrosoftEdgeAutoLaunch_53B5C0E94C8AB9E07EB8DCDF45C66283] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4107728 2023-08-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-915969086-1333566815-1066330387-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] True
HKU\S-1-5-21-915969086-1333566815-1066330387-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ENTERT~1.SCR [1687552 2004-01-04] () [Fichier non signé]
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\system32\cpwmon64.dll [89008 2016-01-22] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\PDF-XChange5-ABBYY-FR15: C:\Windows\system32\pxc50pmaf15.dll [57328 2018-12-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.111\Installer\chrmstp.exe [2023-08-25] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{09B25A4E-0D4F-4F1C-8823-4D1883624626}] -> C:\Program Files (x86)\ABBYY FineReader 15\ScreenshotReader.exe [2020-06-15] (ABBYY Production LLC -> ABBYY Production LLC.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA VPN.lnk [2023-07-27]
ShortcutTarget: HMA VPN.lnk -> C:\Program Files\Privax\HMA VPN\Vpn.exe (Privax Limited -> Privax Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk [2020-09-10]
ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP Button Manager\BM.exe (Hewlett-Packard Company -> )
Startup: C:\Users\bedek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2020-10-31]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\bedek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-08-05]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
==================== Tâches planifiées (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {02CE61B9-57F3-4703-BD10-586E87FB255F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {0D130C25-2661-4DED-8AFC-2D7E1A5E336E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {BF647C1B-F79A-4B60-A32D-55BE8620CE82} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {725DED6E-C263-4AA9-B321-90C9FC09AAB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-04] (Google LLC -> Google LLC)
Task: {AB95C05E-3B0F-47D5-876E-05064B7CE415} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-04] (Google LLC -> Google LLC)
Task: {53018614-8D49-4832-905D-947D51A9AF54} - System32\Tasks\HMA VPN Update => C:\Program Files\Privax\HMA VPN\VpnUpdate.exe [1369992 2023-07-27] (Privax Limited -> Privax Limited)
Task: {4061E76F-E23A-425F-9709-C6299C76DBD0} - System32\Tasks\IcarusPrivaxVpnUpgrade => C:\Program Files\Privax\HMA VPN\setup\privax_vpn_online_setup.exe -> /silent /ShowVpnGui=0 /RestartUpdaterTaskName=IcarusPrivaxVpnUpgrade /RestartUpdaterAppExe="C:\Program Files\Privax\HMA VPN\setup\privax_vpn_online_setup.exe"
Task: {8494F64F-9A14-40C0-AB01-6B947F3A20FB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-07-06] () [Fichier non signé]
Task: {DCC65680-7A64-4078-9DFA-3A6C1664DBF4} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-915969086-1333566815-1066330387-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [1776304 2023-08-23] (Mega Limited -> )
Task: {17A6B558-15CA-48C4-9657-7C0952EAB176} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAE24948-9604-4334-BC5D-CAA895486578} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {476923EA-16F6-4402-95AD-32F1F15DBA42} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7A81C0A-7648-4A0C-A3E6-1F4880A70B74} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {45837E39-A575-4247-8870-72F7A5A68778} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {6BC86D2E-2E0F-468A-B20D-E87249D64458} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {0A84E8D8-E954-4532-B0AD-7620FB2BC061} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {0A84E8D8-E954-4532-B0AD-7620FB2BC061} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {0A84E8D8-E954-4532-B0AD-7620FB2BC061} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {63AB2460-483A-4C26-84A3-6F474BEBC0C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A8C624B6-D613-439F-8F64-0407250CC3F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5F909EB-E88E-4695-B360-F130BFCF5BC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1D8BF942-AFBF-4878-999B-38F41FE3378A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7A177D77-92C2-4335-82B3-60279E7B0024} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [687008 2023-08-23] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B4DC4F4A-9D63-49E6-A683-7CC1F64AB4B5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {99EB03DC-3EEA-425A-8805-E1831BA80C81} - System32\Tasks\Privax\HMA VPN Bug Report => C:\Program Files\Privax\HMA VPN\AvBugReport.exe [4759432 2023-07-27] (Privax Limited -> Privax Limited) -> --filter "*.dmp;*.mdmp;icarus.log" --send "dumps|report" --silent --product 78 --programpath "C:\Program Files\Privax\HMA VPN" --configpath "C:\ProgramData\Privax\HMA VPN" --path "C:\ProgramData\Privax\HMA VPN\log" --path "C:\ProgramData\Privax\Icarus\Logs" --logpath "C:\ProgramData\Privax\HMA VPN\l (l'élément de données a 47 caractères en plus).
Task: {9A50155A-C991-42D0-A1B0-407280FBD8DB} - System32\Tasks\Privax\HMA VPN Update => C:\Program Files\Common Files\Privax\Icarus\privax-vpn\icarus.exe [7095688 2023-07-18] (Privax Limited -> Privax Limited)
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\..\Interfaces\{03b78802-2349-4e6b-ab89-81071c83f03d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1af915a2-ac3d-4d8f-9bf3-0b80f5ff8d09}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a57acf03-29bb-4001-8b2b-bc7c34666620}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{df16ff73-a6ab-442f-9d99-147d0e72503b}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge Profile: C:\Users\bedek\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-27]
Edge Extension: (Edge relevant text changes) - C:\Users\bedek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-23]
FireFox:
========
FF DefaultProfile: i56jfzeq.default
FF ProfilePath: C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default [2023-07-27]
FF Homepage: Mozilla\Firefox\Profiles\i56jfzeq.default -> www.google.fr
FF Extension: (Easy Screenshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2020-03-06]
FF Extension: (FoxyTab) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\foxytab@eros.man.xpi [2020-03-06]
FF Extension: (Disable WebRTC) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2020-04-19]
FF Extension: (Page Captures d'écran Web - Fireshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2020-06-27]
FF Extension: (Voir image) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2020-04-24]
FF Extension: (Video DownloadHelper) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-30]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-07-23]
FF ProfilePath: C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818 [2023-08-27]
FF Homepage: Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818 -> google.com
FF Extension: (Easy Screenshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\easyscreenshot@mozillaonline.com.xpi [2023-01-03]
FF Extension: (Disable WebRTC) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2021-09-21]
FF Extension: (uBlock Origin) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\uBlock0@raymondhill.net.xpi [2023-07-26]
FF Extension: (Page Captures d'écran Web - Fireshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2023-06-22]
FF Extension: (Voir image) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2023-08-23]
FF Extension: (EPUBReader) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2023-01-25]
FF Extension: (IIIF Download) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{9c16ac2c-a272-4136-9493-277c55d7f39c}.xpi [2021-09-21]
FF Extension: (Video DownloadHelper) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-26]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2021-01-25] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-10-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-10-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-26] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2022-01-22] () [Fichier non signé]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-26] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default [2023-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-25]
CHR Extension: (Pas de nom) - C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllpomlmiljchdbigeahkpflkonfjiob [2023-07-03]
CHR Extension: (Pas de nom) - C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-03]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-26] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.2.0_x64.exe [9728 2022-01-19] (GuinpinSoft inc) [Fichier non signé]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11878368 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1710880 2019-01-26] (voidtools -> )
R2 HmaProVpn; C:\Program Files\Privax\HMA VPN\VpnSvc.exe [10781064 2023-07-27] (Privax Limited -> Privax Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9283096 2023-08-25] (Malwarebytes Inc. -> Malwarebytes)
R2 RunSwUSB; C:\Windows\runSW.exe [59232 2018-05-02] (Realtek Semiconductor Corp. -> )
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2022-01-22] (Photodex Corporation -> )
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [145984 2012-01-18] (ArcSoft, Inc. -> ArcSoft, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe [3104488 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe [133576 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
R3 ANVSOFT_WaveExtensible; C:\Windows\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 ArcSoftKsUFilter; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-03] (ArcSoft, Inc. -> ArcSoft, Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2021-09-16] (Microsoft Corporation) [Fichier non signé]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [154112 2021-10-13] (Microsoft Corporation) [Fichier non signé]
S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Fichier non signé]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Fichier non signé]
S3 hmatap; C:\Windows\System32\drivers\hmatap.sys [36456 2018-09-05] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222672 2023-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl06c70f8a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF0B31C4-2D34-4263-A478-5792E71F37AB}\MpKslDrv.sys [222464 2023-08-27] (Microsoft Windows -> Microsoft Corporation)
R3 pvxVpnRdr; C:\Windows\System32\drivers\pvxVpnRdr.sys [76504 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Privax Limited)
R3 pvxWintun; C:\Windows\System32\drivers\pvxWintun.sys [48016 2022-12-02] (Privax Limited -> Privax Limited)
S3 pvxWireGuard; C:\Windows\System32\drivers\pvxWireguard.sys [500440 2022-12-02] (Privax Limited -> WireGuard LLC)
R1 RsProxy; C:\Windows\system32\drivers\RsProxy.sys [15976 2020-09-10] (Realtek Semiconductor Corp -> )
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55704 2023-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572656 2023-08-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [104688 2023-08-23] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Trois mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2023-08-27 13:20 - 2023-08-27 13:21 - 000000000 ____D C:\FRST
2023-08-26 10:51 - 2023-08-26 10:55 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Access
2023-08-25 09:09 - 2023-08-25 11:39 - 000000000 ____D C:\Users\bedek\AppData\Roaming\balena-etcher
2023-08-23 14:51 - 2023-08-27 09:06 - 106430464 _____ C:\Windows\system32\config\SOFTWARE
2023-08-23 14:45 - 2023-08-23 14:51 - 000000000 ____D C:\Windows\Microsoft Antimalware
2023-08-23 10:49 - 2023-08-24 09:37 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-08-23 08:38 - 2023-08-23 08:38 - 000000000 ___HD C:\$WinREAgent
2023-08-23 08:02 - 2023-08-23 10:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-07-30 08:17 - 2023-07-30 08:17 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-07-27 08:00 - 2023-07-27 08:00 - 000001972 _____ C:\Users\Public\Desktop\HMA VPN.lnk
2023-07-17 17:58 - 2023-07-17 17:58 - 000000000 ____D C:\Users\bedek\AppData\Roaming\MPC-HC
2023-06-22 14:41 - 2023-06-22 14:57 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Deezloader Remix
==================== Trois mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2023-08-27 13:19 - 2022-02-10 15:32 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-27 13:16 - 2020-08-04 18:53 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Everything
2023-08-27 13:16 - 2020-08-04 18:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-27 12:55 - 2021-12-16 00:39 - 000000000 ____D C:\Windows\SystemTemp
2023-08-27 12:55 - 2020-08-04 20:35 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-27 12:51 - 2020-08-05 08:08 - 000000000 ____D C:\Users\bedek\AppData\Roaming\ZHP
2023-08-27 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-27 11:03 - 2020-08-04 19:42 - 000000000 ____D C:\Users\bedek\AppData\LocalLow\Mozilla
2023-08-27 10:44 - 2021-05-27 17:53 - 003343008 _____ (Nicolas Coolman) C:\Users\bedek\ZHPCleaner.exe
2023-08-27 10:44 - 2020-08-04 19:49 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Word
2023-08-27 10:44 - 2020-08-04 18:14 - 000000000 ____D C:\Users\bedek
2023-08-27 09:12 - 2020-08-04 18:10 - 001681370 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-27 09:12 - 2019-12-07 16:49 - 000755174 _____ C:\Windows\system32\perfh00C.dat
2023-08-27 09:12 - 2019-12-07 16:49 - 000141980 _____ C:\Windows\system32\perfc00C.dat
2023-08-27 09:12 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-08-27 09:07 - 2022-10-27 16:31 - 000003946 _____ C:\Windows\system32\Tasks\HMA VPN Update
2023-08-27 09:07 - 2020-08-04 22:14 - 000000000 ____D C:\ProgramData\Privax
2023-08-27 09:07 - 2020-08-04 19:36 - 000000000 ____D C:\ProgramData\NVIDIA
2023-08-27 09:07 - 2020-08-04 18:05 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-27 09:07 - 2020-08-04 18:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-27 09:06 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-08-27 08:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-27 08:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-26 23:06 - 2020-08-05 09:08 - 000000000 ____D C:\Users\bedek\AppData\Roaming\vlc
2023-08-26 19:53 - 2020-08-27 01:04 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-26 19:53 - 2020-08-27 01:04 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-08-26 09:09 - 2021-02-20 13:28 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-08-26 09:09 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-08-25 13:04 - 2020-08-04 19:49 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Office
2023-08-25 11:32 - 2020-08-06 01:03 - 000000028 _____ C:\Windows\OutLog.txt
2023-08-25 08:59 - 2020-08-04 20:35 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-08-24 09:37 - 2020-08-04 19:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-24 00:00 - 2023-02-10 00:40 - 000000000 ____D C:\Users\bedek\AppData\Roaming\calibre
2023-08-23 23:15 - 2023-02-10 00:40 - 000001053 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2023-08-23 23:15 - 2023-02-10 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2023-08-23 23:15 - 2023-02-10 00:39 - 000000000 ____D C:\Program Files\Calibre2
2023-08-23 22:51 - 2021-04-20 00:41 - 000001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-08-23 19:47 - 2023-03-22 23:23 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2023-08-23 19:46 - 2021-05-22 08:14 - 000545970 _____ C:\Windows\ntbtlog.txt
2023-08-23 16:19 - 2020-08-16 12:37 - 000000000 ____D C:\Program Files\Recuva
2023-08-23 14:04 - 2021-05-22 08:14 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-08-23 10:45 - 2020-08-04 18:05 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-23 10:35 - 2020-08-04 18:05 - 005172712 _____ C:\Windows\system32\FNTCACHE.DAT
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2023-08-23 08:44 - 2020-08-04 18:09 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-08-23 08:37 - 2020-08-04 18:30 - 000000000 ____D C:\Windows\system32\MRT
2023-08-23 08:34 - 2020-08-04 18:30 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-23 08:33 - 2022-01-21 11:42 - 000000000 ____D C:\Program Files\dotnet
2023-08-23 08:33 - 2020-08-04 21:54 - 000000000 ____D C:\ProgramData\Package Cache
2023-08-23 08:04 - 2020-08-04 19:42 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-23 08:01 - 2022-10-13 19:24 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-08-23 08:01 - 2022-10-13 19:24 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-08-23 08:01 - 2020-11-27 12:48 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-08-23 07:58 - 2020-08-04 19:39 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-23 07:53 - 2022-08-18 15:51 - 000002417 _____ C:\Users\bedek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-23 07:53 - 2021-12-13 18:09 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-915969086-1333566815-1066330387-1001
2023-08-23 07:53 - 2020-08-04 18:19 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-915969086-1333566815-1066330387-1001
2023-08-23 07:52 - 2020-08-04 22:53 - 000000000 ____D C:\ProgramData\MEGAsync
2023-08-23 07:50 - 2020-12-04 20:21 - 000003884 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2023-08-23 07:50 - 2020-12-04 20:21 - 000003760 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-31 13:10 - 2021-01-05 23:52 - 000000000 ____D C:\Program Files (x86)\Everything
2023-07-30 17:07 - 2020-08-04 19:51 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Excel
2023-07-30 08:17 - 2021-03-06 01:25 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2023-07-28 13:17 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2023-07-28 08:24 - 2020-08-04 18:31 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Fichiers à la racine de certains dossiers ========
2021-05-27 17:53 - 2023-08-27 10:44 - 003343008 _____ (Nicolas Coolman) C:\Users\bedek\ZHPCleaner.exe
2023-06-07 23:54 - 2022-10-18 09:24 - 007176968 _____ () C:\Program Files\_DSC6361.JPG
2021-02-07 01:29 - 2021-02-07 01:29 - 000000112 _____ () C:\Users\bedek\AppData\Roaming\Préfs JP2K CS6
2020-11-24 20:10 - 2020-11-24 20:10 - 000000000 _____ () C:\Users\bedek\AppData\Local\oobelibMkey.log
==================== SigCheckExt =========================
2020-08-06 01:01 - 2015-09-21 00:30 - 003557000 _____ C:\Windows\system32\BootMan.exe
2020-08-06 01:01 - 2014-11-18 14:46 - 000017504 _____ C:\Windows\system32\EuEpmGdi.dll
2021-04-20 01:00 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2020-08-06 01:01 - 2014-11-18 14:38 - 000101984 _____ C:\Windows\system32\setupempdrvx64.exe
2021-04-20 01:00 - 2017-07-30 12:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2021-04-20 01:00 - 2019-12-28 11:00 - 000784384 _____ C:\Windows\system32\xvidcore.dll
2021-04-20 01:00 - 2019-12-28 11:00 - 000310784 _____ C:\Windows\system32\xvidvfw.dll
2020-08-21 10:57 - 2016-09-29 09:44 - 001298584 _____ C:\Windows\ddmmain.exe
2020-08-06 01:01 - 2015-09-21 00:19 - 002658952 _____ C:\Windows\SysWOW64\BootMan.exe
2020-08-06 01:01 - 2014-11-18 14:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2021-04-20 01:00 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2020-09-10 18:42 - 2005-05-28 06:58 - 000393216 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLUP60.dll
2020-09-10 18:42 - 2005-05-27 14:58 - 000249856 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLURT.dll
2020-09-10 18:42 - 2003-03-18 22:14 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2020-09-10 18:42 - 2003-02-21 04:42 - 000348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2022-01-21 11:09 - 2012-03-23 19:59 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2020-09-10 18:42 - 1995-07-31 13:44 - 000212480 _____ (Eastman Kodak) C:\Windows\SysWOW64\PCDLIB32.DLL
2020-08-06 01:01 - 2014-11-18 14:38 - 000088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2021-04-20 01:00 - 2017-07-30 12:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2021-04-20 01:00 - 2019-12-28 11:00 - 000681984 _____ C:\Windows\SysWOW64\xvidcore.dll
2021-04-20 01:00 - 2019-12-28 11:00 - 000284160 _____ C:\Windows\SysWOW64\xvidvfw.dll
2021-05-27 17:53 - 2023-08-27 10:44 - 003343008 _____ (Nicolas Coolman) C:\Users\bedek\ZHPCleaner.exe
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== BCD ================================
Gestionnaire de démarrage du microprogramme
-------------------------------------------
identificateur {fwbootmgr}
displayorder {bootmgr}
{5faa8920-44a8-11ee-b764-806e6f6e6963}
{3251514a-d674-11ea-8bc8-a600eed70c0c}
{32515147-d674-11ea-8bc8-a600eed70c0c}
{43025186-43f7-11ee-b762-806e6f6e6963}
timeout 0
Gestionnaire de démarrage Windows
---------------------------------
identificateur {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale fr-FR
inherit {globalsettings}
default {current}
resumeobject {3251514b-d674-11ea-8bc8-a600eed70c0c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Application logicielle (101fffff)
--------------------------------
identificateur {32515147-d674-11ea-8bc8-a600eed70c0c}
description KingstonDataTraveler 2.0PMAP
Application logicielle (101fffff)
--------------------------------
identificateur {3251514a-d674-11ea-8bc8-a600eed70c0c}
description KINGSTON SA400S37480G
Application logicielle (101fffff)
--------------------------------
identificateur {43025186-43f7-11ee-b762-806e6f6e6963}
description P2: PLDS DVDRW/BDROM DH-12E3SH
Application logicielle (101fffff)
--------------------------------
identificateur {5faa8920-44a8-11ee-b764-806e6f6e6963}
device unknown
description UEFI: KingstonDataTraveler 2.0PMAP
Chargeur de démarrage Windows
-----------------------------
identificateur {current}
device partition=C:
path \Windows\system32\winload.efi
description Windows 10
locale fr-FR
inherit {bootloadersettings}
recoverysequence {3251514d-d674-11ea-8bc8-a600eed70c0c}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {3251514b-d674-11ea-8bc8-a600eed70c0c}
nx OptIn
bootmenupolicy Standard
Chargeur de démarrage Windows
-----------------------------
identificateur {3251514d-d674-11ea-8bc8-a600eed70c0c}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{3251514e-d674-11ea-8bc8-a600eed70c0c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale fr-fr
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{3251514e-d674-11ea-8bc8-a600eed70c0c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Reprendre à partir de la mise en veille prolongée
-------------------------------------------------
identificateur {3251514b-d674-11ea-8bc8-a600eed70c0c}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale fr-FR
inherit {resumeloadersettings}
recoverysequence {3251514d-d674-11ea-8bc8-a600eed70c0c}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Testeur de mémoire Windows
--------------------------
identificateur {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Diagnostics mémoire Windows
locale fr-FR
inherit {globalsettings}
badmemoryaccess Yes
Paramètres EMS
--------------
identificateur {emssettings}
bootems No
Paramètres du débogueur
-----------------------
identificateur {dbgsettings}
debugtype Local
Erreurs de mémoire RAM
----------------------
identificateur {badmemory}
Paramètres globaux
------------------
identificateur {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Paramètres du chargeur de démarrage
-----------------------------------
identificateur {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Paramètres de l'hyperviseur
-------------------
identificateur {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Paramètres du chargeur de reprise
---------------------------------
identificateur {resumeloadersettings}
inherit {globalsettings}
Options de périphérique
-----------------------
identificateur {3251514e-d674-11ea-8bc8-a600eed70c0c}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== Fin de FRST.txt ========================