Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020 Exécuté par barbosa35 (administrateur) sur LEMMY (LENOVO 80G0) (01-01-2021 14:17:22) Exécuté depuis C:\Users\barbosa35\Desktop Profils chargés: barbosa35 Platform: Windows 8.1 (Update) (X64) Langue: Français (France) Navigateur par défaut: Chrome Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) () [Fichier non signé] C:\Program Files (x86)\PureVPN\Dns\DnsLeakProtector.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerFeedbackService.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <5> (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Essential Objects, Inc. -> Essential Objects, Inc.) C:\Program Files (x86)\Betting Assistant\eowp.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe (Gruss Software Ltd) [Fichier non signé] C:\Program Files (x86)\Betting Assistant\Betting Assistant.exe (GZ Systems Limited -> ) C:\Program Files (x86)\PureVPN\purevpn.exe (GZ Systems Limited -> ) C:\Program Files (x86)\PureVPN\PureVPNService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel(R) Corporation) [Fichier non signé] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe (Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe (LENOVO -> LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe (Lenovo -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe (Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> ) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [Fichier non signé] HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276104 2014-05-22] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818552 2013-11-07] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) HKLM\...\Run: [S6000Mnt] => C:\WINDOWS\WebCam\S6000\S6000Mnt.exe [516608 2015-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Alcor) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-06-16] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2015-06-16] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2020-12-16] (Avast Software s.r.o. -> AVAST Software) HKU\S-1-5-21-2104681168-2863157861-2086219480-1001\...\Run: [PureVPN] => C:\Program Files (x86)\PureVPN\purevpn.exe [7590664 2020-07-22] (GZ Systems Limited -> ) HKU\S-1-5-21-2104681168-2863157861-2086219480-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{d0869df6-64b0-4289-b483-9bff61394420}] -> C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfCredProv.dll [2015-06-16] (Lenovo (Beijing) Limited -> ) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" GroupPolicy-x32: Restriction ? <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {0BE56BE7-2E59-446D-905A-903FA9DB9FE7} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {29F8C8B9-A8F5-4087-BD5C-05714BD22238} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [36096 2014-11-21] (LENOVO -> ) Task: {323C2760-0B9B-42C1-9FB6-97915E351871} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.) Task: {4406AD9C-87B7-4C10-9A0D-E93415EA7958} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE Task: {4406AD9C-87B7-4C10-9A0D-E93415EA7958} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE Task: {4406AD9C-87B7-4C10-9A0D-E93415EA7958} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE Task: {4406AD9C-87B7-4C10-9A0D-E93415EA7958} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE Task: {4406AD9C-87B7-4C10-9A0D-E93415EA7958} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE Task: {4406AD9C-87B7-4C10-9A0D-E93415EA7958} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE Task: {4406AD9C-87B7-4C10-9A0D-E93415EA7958} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE Task: {4F7F870F-ED92-4E22-BEE3-ED26F30A04B6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {5CFF0858-C270-4057-B5B0-085A778CC0CD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd) Task: {5EEA3AD1-9707-43CC-9B2C-7AA481BE75CE} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10920216 2018-09-06] (Lenovo -> Lenovo) Task: {612C7B75-12AB-41B0-A303-2CEF2B9E62AE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2020-12-16] (Avast Software s.r.o. -> AVAST Software) Task: {7968F399-7C04-4CA3-8AF2-A46DFFCEC641} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17152 2014-11-21] (LENOVO -> Lenovo) Task: {8522D662-6467-4A59-9F1A-69CA02B5E204} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [331544 2018-09-06] (Lenovo -> ) Task: {8F9EC726-B129-4BB5-BAD4-511053237A2D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1321240 2018-09-06] (Lenovo -> Lenovo) Task: {901AE966-B206-4DBA-A22E-96FA6265B499} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.) Task: {A9EC3453-A271-45E4-A4F0-7F405B35133A} - System32\Tasks\KpRm-quarantines\KpRm-quarantines-20200130114309 => C:\KPRM\tasks-quarantines\kprm-quarantines.exe Task: {ADB6A891-40A6-414C-9606-03ACD66EBB6D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd) Task: {AF41A19C-D390-4573-B1AE-7A837CF31D90} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [10920216 2018-09-06] (Lenovo -> Lenovo) Task: {B5453AA7-078F-49E6-9E5B-B391E19BE836} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [151 2013-06-03] () [Fichier non signé] Task: {BB530960-6E9D-4AAA-9BB6-6552FF11E39C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.) Task: {C4FEB663-13A0-4FF6-A45A-A8F6836B8BB5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software) Task: {C7ED41D4-12ED-4D4E-9966-6B5C5FF578C0} - System32\Tasks\Lenovo App Services => C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe [6190488 2016-10-06] (SweetLabs Inc. -> Lenovo) Task: {E3FA335E-FC0C-41F5-927C-06A8BDAF8CD1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [337408 2018-11-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {F174B76A-6EB1-46B2-A728-E2149E16D010} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.) Task: {F4DEF8E2-8B3E-4760-B543-9668CC930087} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [17184 2014-09-10] (LENOVO -> Lenovo) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\..\Interfaces\{96BF0DE6-9D25-4861-8181-F25AFF69585F}: [NameServer] 2.57.22.179 2.57.22.181 Tcpip\..\Interfaces\{f1665993-3388-465f-8f95-6b437f350451}: [DhcpNameServer] 89.2.0.1 89.2.0.2 Edge: ====== Edge Profile: C:\Users\barbosa35\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-17] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [enquiry@purevpn.com] - C:\ProgramData\purevpn\enquiry@purevpn.com.xpi FF Extension: (PureVPN Proxy - Free VPN to Unblock with Privacy) - C:\ProgramData\purevpn\enquiry@purevpn.com.xpi [2020-04-05] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_93.dll [2018-11-22] (Adobe Systems Incorporated -> ) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_93.dll [2018-11-22] (Adobe Systems Incorporated -> ) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default [2021-01-01] CHR Notifications: Default -> hxxps://bcvc.live; hxxps://live-stream365.com; hxxps://thefaceduck.com; hxxps://ww1.ouo.today; hxxps://ww2.ouo.today; hxxps://ww3.ouo.today; hxxps://ww4.ouo.today; hxxps://ww5.ouo.today CHR HomePage: Default -> qwant.com CHR Extension: (Slides) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-01] CHR Extension: (Docs) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-01] CHR Extension: (Google Drive) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23] CHR Extension: (PureVPN: Extension de proxy n ° 1 pour Chrome) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfidboloedlamgdmenmlbipfnccokknp [2020-12-25] CHR Extension: (YouTube) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-01] CHR Extension: (Tampermonkey) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-11-04] CHR Extension: (Sheets) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-01] CHR Extension: (Tab Suspender) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiabciakcmgepblmdkmemdbbkilneeeh [2020-05-24] CHR Extension: (DeepL Translator) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjokdddhdjnpombkijbljbeemdmajgfj [2020-11-22] CHR Extension: (Google Docs hors connexion) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18] CHR Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-12-17] CHR Extension: (Qwant) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnlkiofnhhoahaiimdicppgemmmomijo [2020-12-20] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-12-22] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05] CHR Extension: (Bitwarden - Gestionnaire de mots de passe gratuit) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2020-12-03] CHR Extension: (Gmail) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR Extension: (Chrome Media Router) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09] CHR Profile: C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-11-17] CHR Extension: (Slides) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-06] CHR Extension: (Docs) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-06] CHR Extension: (Google Drive) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-02-06] CHR Extension: (YouTube) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-06] CHR Extension: (Sheets) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-06] CHR Extension: (Google Docs hors connexion) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-02-06] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-06] CHR Extension: (Gmail) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-02-06] CHR Extension: (Chrome Media Router) - C:\Users\barbosa35\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-06] CHR HKLM-x32\...\Chrome\Extension: [bfidboloedlamgdmenmlbipfnccokknp] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.) R2 AdobeFlashPlayerFeedbackSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerFeedbackService.exe [479744 2018-11-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [337408 2018-11-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [351848 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] (Lenovo (Beijing) Limited -> ) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Fichier non signé] S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (LENOVO -> Lenovo) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO -> LENOVO INCORPORATED.) R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-06-16] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [337688 2018-09-06] (Lenovo -> Lenovo) S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo -> Lenovo(beijing) Limited) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-22] (Malwarebytes Inc -> Malwarebytes) R2 PureVPNService; C:\Program Files (x86)\PureVPN\PureVPNService.exe [195848 2020-07-22] (GZ Systems Limited -> ) S2 UESDK1.0; C:\Program Files (x86)\Lenovo\UESDK\UESDK.exe [329688 2014-12-26] (LENOVO -> Lenovo) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-06-16] (Lenovo (Beijing) Limited -> ) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522480 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469472 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216984 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326064 2020-12-16] (Avast Software s.r.o. -> AVAST Software) R3 btmaux; C:\WINDOWS\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) S3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions Inc. -> Motorola Solutions, Inc.) R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-22] (Malwarebytes Inc -> Malwarebytes) S0 megasr1; C:\WINDOWS\System32\drivers\megasr1.sys [863056 2013-01-25] (LSI Corporation -> LSI Corporation, Inc.) S3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [8272208 2018-08-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) R3 S6000KNT; C:\WINDOWS\System32\Drivers\S6000KNT.sys [899712 2015-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Bison) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [39040 2018-02-06] (GZ Systems Limited -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink) U1 aswbdisk; pas de ImagePath S3 netr28ux; \SystemRoot\system32\DRIVERS\netr28ux.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2021-01-01 14:17 - 2021-01-01 14:19 - 000026609 _____ C:\Users\barbosa35\Desktop\FRST.txt 2021-01-01 10:52 - 2021-01-01 10:52 - 000407397 _____ C:\Users\barbosa35\Desktop\ZHPDiag.html 2021-01-01 10:32 - 2021-01-01 10:32 - 000056253 _____ C:\Users\barbosa35\Desktop\Shortcut.txt 2021-01-01 10:27 - 2021-01-01 10:32 - 000041944 _____ C:\Users\barbosa35\Desktop\Addition.txt 2021-01-01 10:25 - 2021-01-01 10:51 - 000330372 _____ C:\Users\Public\Desktop\ZHPDiag.txt 2021-01-01 10:25 - 2021-01-01 10:51 - 000330372 _____ C:\ProgramData\Desktop\ZHPDiag.txt 2021-01-01 10:13 - 2021-01-01 10:13 - 002286592 _____ (Farbar) C:\Users\barbosa35\Desktop\FRST64 (1).exe 2021-01-01 10:10 - 2021-01-01 14:18 - 000000000 ____D C:\FRST 2021-01-01 10:10 - 2021-01-01 10:10 - 002286592 _____ (Farbar) C:\Users\barbosa35\Downloads\FRST64.exe 2021-01-01 10:04 - 2021-01-01 10:04 - 000000843 _____ C:\Users\barbosa35\Desktop\ZHPSuite.lnk 2021-01-01 10:04 - 2021-01-01 10:04 - 000000000 ____D C:\Users\barbosa35\AppData\Local\ZHP 2021-01-01 10:03 - 2021-01-01 10:03 - 003479936 _____ (Nicolas Coolman) C:\Users\barbosa35\Downloads\ZHPSuite (1).exe 2021-01-01 10:01 - 2021-01-01 10:01 - 003479936 _____ (Nicolas Coolman) C:\Users\barbosa35\Downloads\ZHPSuite.exe 2020-12-30 18:46 - 2020-12-30 18:46 - 000000000 ____D C:\Users\barbosa35\AppData\Roaming\Gruss Software Ltd 2020-12-30 18:45 - 2020-12-30 18:45 - 000002721 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betting Assistant.lnk 2020-12-30 18:45 - 2020-12-30 18:45 - 000002715 _____ C:\Users\Public\Desktop\Betting Assistant.lnk 2020-12-30 18:45 - 2020-12-30 18:45 - 000002715 _____ C:\ProgramData\Desktop\Betting Assistant.lnk 2020-12-30 18:45 - 2020-12-30 18:45 - 000000000 ____D C:\Program Files (x86)\Betting Assistant 2020-12-30 18:42 - 2020-12-30 18:43 - 087246336 _____ C:\Users\barbosa35\Downloads\Betting_Assistant_1_3_0_48 (1).msi 2020-12-30 18:27 - 2020-12-30 18:28 - 067192832 _____ C:\Users\barbosa35\Downloads\Betting_Assistant (1).msi 2020-12-24 08:04 - 2020-12-24 08:04 - 011035920 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.11.1-autoextract (1).exe 2020-12-23 13:13 - 2020-12-31 16:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2020-12-23 08:00 - 2020-12-23 08:00 - 011035920 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.11.1-autoextract.exe 2020-12-22 16:49 - 2020-12-22 16:49 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-12-18 09:20 - 2020-12-18 09:21 - 087246848 _____ C:\Users\barbosa35\Downloads\Betting_Assistant_1_3_0_48.msi 2020-12-16 19:21 - 2020-12-16 19:21 - 000340576 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2020-12-16 19:21 - 2020-12-16 19:21 - 000216984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2020-12-14 16:09 - 2020-12-14 16:09 - 011034498 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.11-autoextract.exe 2020-11-29 11:30 - 2020-11-29 11:31 - 097439663 _____ C:\Users\barbosa35\Downloads\chrome-87-0-4280-66.apk 2020-11-22 11:20 - 2020-12-30 22:40 - 000000000 ____D C:\Users\barbosa35\AppData\Roaming\WATCHED 2020-11-12 19:48 - 2020-11-12 19:48 - 030469496 _____ (Piriform Software Ltd) C:\Users\barbosa35\Downloads\ccsetup574.exe 2020-11-10 21:40 - 2020-10-13 05:31 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2020-11-10 21:40 - 2020-10-13 05:09 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2020-11-08 09:26 - 2020-11-08 09:26 - 000082828 _____ C:\Users\barbosa35\Documents\LEMMY.html 2020-11-08 09:18 - 2020-11-08 09:18 - 000000896 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2020-11-08 09:18 - 2020-11-08 09:18 - 000000896 _____ C:\ProgramData\Desktop\CPUID CPU-Z.lnk 2020-11-08 09:18 - 2020-11-08 09:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2020-11-08 09:18 - 2020-11-08 09:18 - 000000000 ____D C:\Program Files\CPUID 2020-11-08 09:16 - 2020-11-08 09:17 - 001936216 _____ (CPUID, Inc. ) C:\Users\barbosa35\Downloads\cpu-z-1-94.exe 2020-11-07 08:24 - 2020-11-07 08:25 - 011032672 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.10.1-autoextract.exe 2020-11-02 17:54 - 2020-11-02 17:54 - 000089110 _____ C:\Users\barbosa35\Downloads\0342.wav 2020-10-23 08:15 - 2020-10-23 08:26 - 000000000 ____D C:\Users\barbosa35\Downloads\WATCHED-v0.18.8_no_update_mod_Win10 2020-10-21 08:54 - 2020-10-21 08:55 - 011034887 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.10-autoextract (1).exe 2020-10-21 08:53 - 2020-10-21 08:53 - 011034887 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.10-autoextract.exe 2020-10-14 22:33 - 2020-10-02 21:58 - 000835472 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2020-10-14 22:33 - 2020-10-02 21:58 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2020-10-13 14:31 - 2020-12-16 19:21 - 000176384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2020-10-07 14:08 - 2020-10-13 11:03 - 000003866 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper 2020-10-07 13:59 - 2020-10-07 13:59 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk 2020-10-07 13:59 - 2020-10-07 13:59 - 000001955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk 2020-10-07 13:51 - 2020-10-07 14:00 - 000000000 ____D C:\ProgramData\BlueStacks 2020-10-07 13:50 - 2020-10-07 13:51 - 000000000 ____D C:\Program Files\BlueStacks 2020-10-07 13:45 - 2020-10-13 20:19 - 000000000 ____D C:\Users\barbosa35\AppData\Local\Bluestacks 2020-10-07 13:45 - 2020-10-07 13:50 - 000000000 ____D C:\Users\Public\BlueStacks 2020-10-07 13:45 - 2020-10-07 13:49 - 000000000 ____D C:\Users\barbosa35\AppData\Local\BlueStacksSetup 2020-10-07 13:45 - 2020-10-07 13:45 - 001190744 _____ (BlueStack Systems Inc.) C:\Users\barbosa35\Downloads\BlueStacksInstaller_4.240.0.1075_native_d564eb3f2f2a9ce74e33b177f65bf247.exe ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2021-01-01 14:11 - 2018-09-03 17:59 - 000000000 ____D C:\Users\barbosa35\AppData\Roaming\Molotov 2021-01-01 13:15 - 2018-09-02 14:14 - 000000000 ____D C:\Users\barbosa35\AppData\Roaming\Gruss Software 2021-01-01 12:51 - 2020-01-27 16:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-01-01 12:50 - 2020-07-04 08:03 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-01-01 12:50 - 2020-07-04 08:03 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-01-01 12:50 - 2019-06-05 09:30 - 000004478 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-01-01 12:50 - 2018-09-01 20:54 - 000003872 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-01-01 12:50 - 2018-09-01 19:52 - 000003504 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-01-01 12:50 - 2018-09-01 19:52 - 000003376 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-01-01 12:09 - 2018-09-01 18:47 - 000003600 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2104681168-2863157861-2086219480-1001 2021-01-01 10:51 - 2020-01-27 19:54 - 000000000 ____D C:\Users\barbosa35\AppData\Roaming\ZHP 2021-01-01 09:54 - 2017-01-05 15:29 - 000000000 ____D C:\Users\barbosa35\AppData\LocalLow\Mozilla 2021-01-01 09:05 - 2017-05-10 13:09 - 000000000 ___RD C:\Users\barbosa35\Desktop\Captvty 2021-01-01 09:03 - 2018-09-01 20:52 - 000000000 ____D C:\Program Files\CCleaner 2021-01-01 08:40 - 2020-01-30 09:55 - 000000000 ____D C:\ProgramData\LU 2021-01-01 08:38 - 2018-09-01 19:51 - 000001283 _____ C:\Users\barbosa35\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk 2021-01-01 08:33 - 2018-09-01 20:06 - 000000000 ____D C:\ProgramData\AVAST Software 2021-01-01 08:32 - 2015-06-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo 2021-01-01 08:30 - 2018-09-01 20:26 - 000000000 ____D C:\Users\barbosa35\AppData\Local\AVAST Software 2021-01-01 08:29 - 2017-01-05 15:13 - 000000000 __SHD C:\Users\barbosa35\IntelGraphicsProfiles 2021-01-01 08:28 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-01-01 08:27 - 2019-07-07 08:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-01-01 08:27 - 2015-06-16 07:49 - 000037376 _____ C:\WINDOWS\system32\VfService.trf 2021-01-01 06:49 - 2018-09-21 19:09 - 000000000 ____D C:\Users\barbosa35\AppData\Local\CrashDumps 2020-12-31 16:53 - 2020-02-10 10:19 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2020-12-31 08:50 - 2020-02-09 12:34 - 000000000 ____D C:\ProgramData\purevpn 2020-12-30 18:37 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2020-12-29 11:50 - 2020-01-27 16:57 - 000004168 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2020-12-27 19:09 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2020-12-27 11:40 - 2014-12-10 02:53 - 000000000 ____D C:\Users\Administrator 2020-12-22 16:49 - 2020-09-23 19:52 - 000001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-12-22 16:49 - 2019-07-17 22:12 - 000001975 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-12-22 16:49 - 2019-07-17 22:12 - 000001975 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-12-22 16:47 - 2019-07-17 22:12 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-12-19 00:37 - 2020-07-04 08:03 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2020-12-19 00:37 - 2020-07-04 08:03 - 000002217 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2020-12-19 00:37 - 2020-07-04 08:03 - 000002217 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2020-12-17 05:01 - 2020-05-12 12:52 - 000000000 ____D C:\Users\barbosa35\AppData\Local\ElevatedDiagnostics 2020-12-16 19:21 - 2020-05-12 11:35 - 000522480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000851256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000469472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000332880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000326064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000247888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000208672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000108928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000097360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000084496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000042424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2020-12-16 19:21 - 2020-01-27 16:56 - 000036792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2020-12-15 08:21 - 2018-09-02 08:54 - 000000000 ____D C:\Users\barbosa35\AppData\Local\Betfair Poker 2020-12-13 03:47 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache 2020-12-12 11:51 - 2019-06-05 09:28 - 000002090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-12-10 09:49 - 2013-08-22 16:36 - 000000000 ___RD C:\WINDOWS\ToastData 2020-12-09 10:42 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-12-02 21:49 - 2020-01-16 17:05 - 000000000 ____D C:\Users\barbosa35\AppData\Local\Molotov 2020-12-02 12:27 - 2018-09-04 18:00 - 000002227 _____ C:\Users\barbosa35\Desktop\Molotov.lnk 2020-12-02 12:27 - 2018-09-04 18:00 - 000000000 ____D C:\Users\barbosa35\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Molotov ==================== Fichiers à la racine de certains dossiers ======== 2019-06-10 10:33 - 2019-06-10 10:33 - 000007601 _____ () C:\Users\barbosa35\AppData\Local\Resmon.ResmonCfg 2018-10-14 07:12 - 2020-08-22 06:52 - 000000284 _____ () C:\Users\barbosa35\AppData\Local\temp.bat ==================== SigCheckExt ========================= 2015-06-16 07:03 - 2013-08-01 04:33 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll 2013-07-01 18:44 - 2013-07-01 18:44 - 000001536 _____ C:\WINDOWS\SysWOW64\IusEventLog.dll 2015-06-16 07:57 - 2015-06-16 07:57 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll 2015-06-16 07:57 - 2015-06-16 07:57 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll 2021-01-01 10:13 - 2021-01-01 10:13 - 002286592 _____ (Farbar) C:\Users\barbosa35\Desktop\FRST64 (1).exe 2020-01-16 18:20 - 2020-01-16 18:20 - 001447178 _____ (Igor Pavlov) C:\Users\barbosa35\Downloads\7z1900-x64.exe 2018-03-20 15:10 - 2018-03-20 15:11 - 043974656 _____ C:\Users\barbosa35\Downloads\BetfairRapid.1.2.0.152.14-1-2013.exe 2020-10-21 08:54 - 2020-10-21 08:55 - 011034887 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.10-autoextract (1).exe 2020-10-21 08:53 - 2020-10-21 08:53 - 011034887 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.10-autoextract.exe 2020-11-07 08:24 - 2020-11-07 08:25 - 011032672 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.10.1-autoextract.exe 2020-12-14 16:09 - 2020-12-14 16:09 - 011034498 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.11-autoextract.exe 2020-12-24 08:04 - 2020-12-24 08:04 - 011035920 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.11.1-autoextract (1).exe 2020-12-23 08:00 - 2020-12-23 08:00 - 011035920 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.11.1-autoextract.exe 2020-02-29 15:04 - 2020-02-29 15:04 - 011032667 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.8.1-autoextract.exe 2020-05-16 17:06 - 2020-05-16 17:07 - 011030625 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.8.2-autoextract.exe 2020-06-01 06:24 - 2020-06-01 06:24 - 011035123 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.9-autoextract.exe 2020-08-25 20:10 - 2020-08-25 20:10 - 011036161 _____ (Oleg N. Scherbakov) C:\Users\barbosa35\Downloads\captvty-2.8.9.1-autoextract.exe 2021-01-01 10:10 - 2021-01-01 10:10 - 002286592 _____ (Farbar) C:\Users\barbosa35\Downloads\FRST64.exe 2017-02-22 11:06 - 2017-02-22 11:07 - 002001544 _____ C:\Users\barbosa35\Downloads\pc-decrapifier-3.0.1.exe 2019-12-24 14:40 - 2019-12-24 14:40 - 002716418 _____ ( ) C:\Users\barbosa35\Downloads\SecurityKISSsetup.exe 2017-01-30 07:41 - 2003-01-19 14:36 - 000054272 _____ ( ) C:\Users\barbosa35\Downloads\setup.exe 2018-01-28 16:00 - 2018-01-28 16:00 - 000014336 _____ (Igor Pavlov) C:\Users\barbosa35\Downloads\Uninstall.exe 2021-01-01 10:03 - 2021-01-01 10:03 - 003479936 _____ (Nicolas Coolman) C:\Users\barbosa35\Downloads\ZHPSuite (1).exe 2021-01-01 10:01 - 2021-01-01 10:01 - 003479936 _____ (Nicolas Coolman) C:\Users\barbosa35\Downloads\ZHPSuite.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de d�marrage du microprogramme ------------------------------------------- identificateur {fwbootmgr} displayorder {bootmgr} {9b78c890-a0db-11ea-837f-806e6f6e6963} {484fe519-143d-11e5-a7ed-b79da0c8c10a} {9b78c88e-a0db-11ea-837f-806e6f6e6963} {9b78c88f-a0db-11ea-837f-806e6f6e6963} timeout 0 Gestionnaire de d�marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {aa2b0f42-28c5-11e8-b7bb-bfae48f62816} displayorder {current} toolsdisplayorder {memdiag} timeout 0 Application logicielle (101fffff) -------------------------------- identificateur {484fe519-143d-11e5-a7ed-b79da0c8c10a} device partition=\Device\HarddiskVolume3 path \EFI\Microsoft\Boot\LrsBootMgr.efi description Lenovo Recovery System Application logicielle (101fffff) -------------------------------- identificateur {484fe51a-143d-11e5-a7ed-b79da0c8c10a} description EFI Network 0 for IPv4 (68-F7-28-E7-3A-02) Application logicielle (101fffff) -------------------------------- identificateur {484fe51b-143d-11e5-a7ed-b79da0c8c10a} description EFI USB Device Application logicielle (101fffff) -------------------------------- identificateur {484fe51c-143d-11e5-a7ed-b79da0c8c10a} description EFI DVD/CDROM Application logicielle (101fffff) -------------------------------- identificateur {484fe51d-143d-11e5-a7ed-b79da0c8c10a} description EFI Network Application logicielle (101fffff) -------------------------------- identificateur {484fe51e-143d-11e5-a7ed-b79da0c8c10a} description EFI Network 0 for IPv6 (68-F7-28-E7-3A-02) Application logicielle (101fffff) -------------------------------- identificateur {484fe51f-143d-11e5-a7ed-b79da0c8c10a} description EFI Network 0 for IPv4 (68-F7-28-E7-3A-02) Application logicielle (101fffff) -------------------------------- identificateur {484fe521-143d-11e5-a7ed-b79da0c8c10a} description EFI USB Device Application logicielle (101fffff) -------------------------------- identificateur {484fe522-143d-11e5-a7ed-b79da0c8c10a} description EFI DVD/CDROM Application logicielle (101fffff) -------------------------------- identificateur {484fe523-143d-11e5-a7ed-b79da0c8c10a} description EFI Network Application logicielle (101fffff) -------------------------------- identificateur {484fe524-143d-11e5-a7ed-b79da0c8c10a} description EFI Network 0 for IPv6 (68-F7-28-E7-3A-02) Application logicielle (101fffff) -------------------------------- identificateur {484fe525-143d-11e5-a7ed-b79da0c8c10a} description EFI Network 0 for IPv4 (68-F7-28-E7-3A-02) Application logicielle (101fffff) -------------------------------- identificateur {9b3ed4b9-143b-11e5-a7ed-806e6f6e6963} description EFI USB Device Application logicielle (101fffff) -------------------------------- identificateur {9b3ed4ba-143b-11e5-a7ed-806e6f6e6963} description EFI DVD/CDROM Application logicielle (101fffff) -------------------------------- identificateur {9b3ed4bb-143b-11e5-a7ed-806e6f6e6963} description EFI Network Application logicielle (101fffff) -------------------------------- identificateur {9b3ed4bd-143b-11e5-a7ed-806e6f6e6963} description EFI Network 0 for IPv6 (68-F7-28-E7-3A-02) Application logicielle (101fffff) -------------------------------- identificateur {9b78c88e-a0db-11ea-837f-806e6f6e6963} description EFI USB Device Application logicielle (101fffff) -------------------------------- identificateur {9b78c88f-a0db-11ea-837f-806e6f6e6963} description EFI DVD/CDROM Application logicielle (101fffff) -------------------------------- identificateur {9b78c890-a0db-11ea-837f-806e6f6e6963} description EFI Network Application logicielle (101fffff) -------------------------------- identificateur {9b78c891-a0db-11ea-837f-806e6f6e6963} description EFI Network 0 for IPv4 (68-F7-28-E7-3A-02) Application logicielle (101fffff) -------------------------------- identificateur {9b78c892-a0db-11ea-837f-806e6f6e6963} description EFI Network 0 for IPv6 (68-F7-28-E7-3A-02) Chargeur de d�marrage Windows ----------------------------- identificateur {484fe517-143d-11e5-a7ed-b79da0c8c10a} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{484fe518-143d-11e5-a7ed-b79da0c8c10a} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-fr inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{484fe518-143d-11e5-a7ed-b79da0c8c10a} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Chargeur de d�marrage Windows ----------------------------- identificateur {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 8.1 locale fr-FR inherit {bootloadersettings} recoverysequence {484fe517-143d-11e5-a7ed-b79da0c8c10a} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {aa2b0f42-28c5-11e8-b7bb-bfae48f62816} nx OptIn bootmenupolicy Standard detecthal Yes Reprendre � partir de la mise en veille prolong�e ------------------------------------------------- identificateur {aa2b0f42-28c5-11e8-b7bb-bfae48f62816} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale fr-FR inherit {resumeloadersettings} recoverysequence {484fe517-143d-11e5-a7ed-b79da0c8c10a} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Testeur de m�moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Diagnostics m�moire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes Param�tres EMS -------------- identificateur {emssettings} bootems No Param�tres du d�bogueur ----------------------- identificateur {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Erreurs de m�moire RAM ---------------------- identificateur {badmemory} Param�tres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Param�tres du chargeur de d�marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Param�tres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Param�tres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p�riph�rique ----------------------- identificateur {484fe518-143d-11e5-a7ed-b79da0c8c10a} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi Options Ramdisk du programme d'installation ------------------------------------------- identificateur {ramdiskoptions} description Ramdisk options ramdisksdidevice boot ramdisksdipath \boot\boot.sdi LastRegBack: 2020-12-22 17:45 ==================== Fin de FRST.txt ========================