Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2021 Exécuté par Utilisateur (administrateur) sur DESK-ELB0001 (Dell Inc. OptiPlex 790) (14-06-2021 11:22:23) Exécuté depuis E:\malware Profils chargés: Utilisateur Platform: Windows 10 Pro Version 2004 19041.1052 (X64) Langue: Français (France) Navigateur par défaut: FF Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) () [Fichier non signé] C:\Program Files\MacroCreator\MacroCreator.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apache Software Foundation) [Fichier non signé] C:\wamp64\bin\apache\apache2.4.41\bin\httpd.exe <2> (Apple Computer, Inc.) [Fichier non signé] C:\Program Files (x86)\Bonjour\mDNSResponder.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Fichier non signé] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe (MariaDB Corporation Ab -> ) C:\wamp64\bin\mariadb\mariadb10.4.10\bin\mysqld.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <3> (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3> (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8> (Nicolas Coolman -> Nicolas Coolman) [Fichier non signé] E:\malware\ZHPSuite.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Private) [Fichier non signé] C:\wamp64\wampmanager.exe (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\Vpn.exe <3> (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\VpnSvc.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RTHDVCPL] => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s HKLM\...\Run: [RtHDVBg] => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Fichier non signé] HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2895805209-499281333-174160971-1001\...\Run: [Chromium] => "c:\users\utilisateur\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session HKU\S-1-5-21-2895805209-499281333-174160971-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34612864 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2895805209-499281333-174160971-1001\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\EagleGet.exe [2550784 2020-05-18] (Beijing Pu Technology Limited -> EagleGet.com) HKU\S-1-5-21-2895805209-499281333-174160971-1001\...\Run: [MailStylerWarmup] => C:\Program Files (x86)\Delivery Tech Corp\MailStyler 2\MailStyler.exe [7710536 2021-02-08] (DELIVERY TECH CORP -> Delivery Tech Corp.) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc) HKLM\...\Print\Monitors\EPSON SX535WD Series 64MonitorBE: C:\WINDOWS\system32\E_YLMHTE.DLL [120320 2011-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [Fichier non signé] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-05-26] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA VPN.lnk [2021-06-11] ShortcutTarget: HMA VPN.lnk -> C:\Program Files\Privax\HMA VPN\Vpn.exe (Privax Limited -> Privax Limited) BootExecute: autocheck autochk * icarus_rvrt.exe HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {077C5BB7-19BB-4BA7-B4B2-3D3938F57C29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1633D856-CEF8-4724-9D7B-16F8E288CBDD} - System32\Tasks\Privax\HMA VPN Bug Report => C:\Program Files\Privax\HMA VPN\AvBugReport.exe [4868088 2021-06-11] (Privax Limited -> Privax Limited) -> --filter "*.dmp;*.mdmp;icarus.log" --send "dumps|report" --silent --product 78 --programpath "C:\Program Files\Privax\HMA VPN" --configpath "C:\ProgramData\Privax\HMA VPN" --path "C:\ProgramData\Privax\HMA VPN\log" --path "C:\ProgramData\Privax\Icarus\Logs" --guid 085aaffe-c9bf-4645-83d0-bdfd72b6ba73 Task: {1C30E736-15F4-4AA0-9A20-E16B960762DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-20] (Google Inc -> Google LLC) Task: {1D7C6AFF-54EA-4DEC-9F45-A26243BF8061} - System32\Tasks\Firefox Default Browser Agent 16FC53550C4E3F8C => C:\Users\Utilisateur\AppData\Roaming\whdiasv.exe <==== ATTENTION Task: {3DBB58D7-D14D-4C62-86E4-9B414B397ABB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6270706C-14DA-4460-A33D-30CCB5AE06AE} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe [1010800 2021-05-07] (Microleaves LTD -> AW Manager) <==== ATTENTION Task: {6ED5B456-685A-42A6-B15E-77666EA3F5C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {77462E8E-836D-46F6-9B38-EECE2153CA3F} - System32\Tasks\HMA VPN Update => C:\Program Files\Privax\HMA VPN\VpnUpdate.exe [1285624 2021-06-11] (Privax Limited -> Privax Limited) Task: {7E1447AA-9EE9-4B74-9327-24C8DCEAB9A5} - System32\Tasks\Privax\HMA VPN Update => C:\Program Files\Common Files\Privax\Icarus\privax-vpn\icarus.exe [5902912 2021-06-07] (Privax Limited -> Privax Limited) Task: {7FE1F93D-B6DB-43B2-9CF2-631C8CB80BFD} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe <==== ATTENTION Task: {83EF6CC8-C7B7-479B-9D6E-06993FB62C49} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe Task: {9EDE7C02-46F3-462B-BC5A-8E5973CD1D7B} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe Task: {A11F5861-C9F1-4A81-8685-C95C7C1B17A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-20] (Google Inc -> Google LLC) Task: {AC60D4B7-069B-4A31-9EBF-4012C7F688BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28985472 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {C4B0A8C4-CC51-4C1B-9A06-8ABF33A15A31} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe Task: {CB1E5187-1386-4DDC-AD82-94B1AE1FFE1B} - System32\Tasks\Microsoft\Windows\DiskFootprint\Vsvlkrjsbob => C:\WINDOWS\SysWOW64\rundll32 C:\Users\Utilisateur\AppData\Local\EnableClients\CodstQudlxty\polutws_IntuiDPS.dll,iass_syqmeTRTN Task: {CE00C60D-E600-4AE8-934F-24C7A4F62951} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-01] (Mozilla Corporation -> Mozilla Foundation) Task: {CFAA63E6-4716-420B-AFEB-86AF0E936433} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {D771586B-5DC6-48E9-BAA4-FC3D09555C98} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-07] (Piriform Software Ltd -> Piriform) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{079cb52d-5576-4404-adb8-293911806c3c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{84802e38-b6d4-467f-9a12-b3fe778255dd}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{a2f41085-35f1-4e96-96b4-bad2855d6d75}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b7f45a4a-d145-4089-8477-c3adba1f257a}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{c928506e-5b40-4bdf-92a8-0453790ff260}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{d084307c-5c2b-4aa8-9f54-8890471c7a18}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f419f04c-7aa4-4422-8b98-e8dba8c6a35f}: [DhcpNameServer] 192.168.1.1 Edge: ======= DownloadDir: C:\Users\Utilisateur\Downloads Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] Edge DefaultProfile: Default Edge Profile: C:\Users\Utilisateur\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-14] FireFox: ======== FF DefaultProfile: nkdqx4a0.default FF DefaultProfile: h1oaxo7d.default FF ProfilePath: C:\Users\Utilisateur\AppData\Roaming\OutWit\outwit-hub\Profiles\pr9qhv9e.dev-edition-default [2021-01-28] FF Extension: (OutWit Kernel) - C:\Users\Utilisateur\AppData\Roaming\OutWit\outwit-hub\Profiles\pr9qhv9e.dev-edition-default\Extensions\kernel@outwit.com [2020-06-25] [] [non signé] FF ProfilePath: C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\nkdqx4a0.default [2021-06-11] FF ProfilePath: C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\wqy9t3nn.default-release-1622453038473 [2021-06-14] FF Homepage: Mozilla\Firefox\Profiles\wqy9t3nn.default-release-1622453038473 -> hxxps://www.google.com/ FF ProfilePath: C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default [2021-03-17] FF Extension: (Czech (CZ) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-cs@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-de@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (English (US) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Español (España) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Finnish Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-fi@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Français Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-fr@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Galego (España) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-gl@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-he@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Magyar (HU) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-hu@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Italiano (IT) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-it@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Japanese Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-ja@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Korean (KR) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-ko@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-nl@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Polski Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-pl@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Russian (RU) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-ru@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Slovenski jezik Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-sl@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (српски (sr) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-sr@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Svenska (SE) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Utilisateur\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\h1oaxo7d.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2021-03-10] [] [non signé] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2020-01-08] [] [non signé] FF HKLM-x32\...\Firefox\Extensions: [eagleget_ffext@eagleget.com] - C:\Program Files (x86)\EagleGet\addon\eagleget_ffext@eagleget.com.xpi FF Extension: (EagleGet Free Downloader) - C:\Program Files (x86)\EagleGet\addon\eagleget_ffext@eagleget.com.xpi [2018-07-31] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-2895805209-499281333-174160971-1001: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2017-12-03] (Beijing Jiupu Technology Co., Ltd. -> EagleGet) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-06-11] CHR Profile: C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-11] CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2020-06-13] CHR HKU\S-1-5-21-2895805209-499281333-174160971-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx [2020-06-13] CHR HKU\S-1-5-21-2895805209-499281333-174160971-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2020-06-13] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23] CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx [2020-06-13] CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2020-06-13] Brave: ======= BRA Extension: (Brave Local Data Files Updater) - C:\Users\Utilisateur\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2020-01-05] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Utilisateur\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2020-01-08] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Utilisateur\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-01-05] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Utilisateur\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2020-01-05] ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Fichier non signé] S2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [340480 2020-05-18] (Beijing Pu Technology Limited -> ) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2020-01-03] (Macrovision Europe Ltd.) [Fichier non signé] R2 HmaProVpn; C:\Program Files\Privax\HMA VPN\VpnSvc.exe [8616440 2021-06-11] (Privax Limited -> Privax Limited) R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2020\RpcAgentSrv.exe [136712 2019-11-25] (SiSoftware SPC -> SiSoftware) [Fichier non signé] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12758528 2019-12-16] (TeamViewer GmbH -> TeamViewer Germany GmbH) R3 wampapache64; c:\wamp64\bin\apache\apache2.4.41\bin\httpd.exe [29696 2019-08-09] (Apache Software Foundation) [Fichier non signé] R3 wampmariadb64; c:\wamp64\bin\mariadb\mariadb10.4.10\bin\mysqld.exe [15837608 2019-11-07] (MariaDB Corporation Ab -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2020-10-30] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL) S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-30] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (pas de ServiceDLL) S2 luminati_net_updater_win_eagleget_com; "C:/Program Files (x86)/EagleGet/net_updater32.exe" --updater win_eagleget.com [X] S2 pubgame-updater; C:\WINDOWS\PublicGaming\appsetup.exe [X] <==== ATTENTION ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> ) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé] S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) R3 eagleGet; C:\WINDOWS\System32\Drivers\eagleGet.sys [86520 2019-08-03] (Beijing Pu Technology Limited -> eagleGet) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Fichier non signé] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Fichier non signé] R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2018-06-22] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [9860088 2019-07-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2020\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware Ltd -> SiSoftware) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation) S3 Winmon; \??\C:\WINDOWS\System32\drivers\Winmon.sys [X] S3 WinmonFS; \??\C:\WINDOWS\System32\drivers\WinmonFS.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2021-06-14 11:24 - 2021-06-14 11:24 - 000400023 _____ C:\Users\Utilisateur\Desktop\ZHPDiag.txt 2021-06-14 09:14 - 2021-06-14 09:14 - 000003946 _____ C:\WINDOWS\system32\Tasks\HMA VPN Update 2021-06-14 00:09 - 2021-06-14 00:09 - 000012095 _____ C:\Users\Utilisateur\Desktop\ZHPCleaner (R).html 2021-06-14 00:06 - 2021-06-14 00:06 - 000011873 _____ C:\Users\Utilisateur\Desktop\ZHPCleaner (S).html 2021-06-13 15:55 - 2021-06-13 15:55 - 000492374 _____ C:\Users\Utilisateur\Desktop\ZHPDiag.html 2021-06-13 14:57 - 2021-06-13 14:57 - 000000913 _____ C:\Users\Utilisateur\Desktop\ZHPDiag.lnk 2021-06-12 23:20 - 2021-06-13 13:02 - 000000000 ____D C:\ProgramData\AVG 2021-06-12 22:56 - 2021-06-12 22:56 - 000003282 _____ C:\WINDOWS\system32\Tasks\csrss 2021-06-12 19:21 - 2021-06-12 19:20 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-06-12 19:20 - 2021-06-12 19:22 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-06-12 18:39 - 2021-06-12 18:39 - 000000725 _____ C:\Users\Utilisateur\Desktop\malware - Raccourci.lnk 2021-06-12 18:38 - 2021-06-12 18:38 - 000036096 _____ C:\WINDOWS\system32\Drivers\trzDBD5.tmp 2021-06-12 16:17 - 2021-06-12 16:17 - 000000000 ____D C:\AdwCleaner 2021-06-12 15:50 - 2021-06-12 15:50 - 000000913 _____ C:\Users\Utilisateur\Desktop\ZHPSuite.lnk 2021-06-12 15:34 - 2021-06-14 11:22 - 000000000 ____D C:\FRST 2021-06-12 15:31 - 2021-06-12 15:31 - 000000000 ____D C:\WINDOWS\ERUNT 2021-06-12 15:22 - 2021-06-12 19:19 - 002300416 _____ (Farbar) C:\Users\Utilisateur\Downloads\FRSTEnglish.exe 2021-06-12 14:42 - 2021-06-12 14:42 - 000000000 ____D C:\Users\Utilisateur\Documents\TotalAV 2021-06-12 14:41 - 2021-06-12 14:41 - 000000000 ____D C:\Users\Utilisateur\AppData\Local\GUI 2021-06-11 23:25 - 2021-06-11 23:25 - 000001091 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2021-06-11 23:25 - 2021-06-11 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2021-06-11 23:25 - 2021-06-11 23:25 - 000000000 ____D C:\Program Files\VS Revo Group 2021-06-11 19:45 - 2021-06-11 19:45 - 000000000 ____D C:\Program Files\Malwarebytes 2021-06-11 17:25 - 2021-06-13 17:50 - 000000000 ___HD C:\ProgramData\Bpfcmdw 2021-06-11 16:13 - 2021-06-11 16:13 - 000003770 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 16FC53550C4E3F8C 2021-06-11 15:56 - 2021-06-11 15:56 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\NirSoft 2021-06-11 15:50 - 2021-06-11 15:50 - 001564823 _____ C:\ProgramData\5562 2021-06-11 15:50 - 2021-06-11 15:50 - 000105945 _____ C:\ProgramData\73246.73246 2021-06-11 15:50 - 2021-06-11 15:50 - 000000000 ____D C:\ProgramData\55 2021-06-11 15:47 - 2021-06-11 15:58 - 000000014 _____ C:\ProgramData\kaosdma.txt 2021-06-11 15:47 - 2021-06-11 15:47 - 000003932 _____ C:\WINDOWS\system32\Tasks\AdvancedUpdater 2021-06-11 15:47 - 2021-06-11 15:47 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\nailedp 2021-06-11 15:47 - 2021-06-11 15:47 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\Gomari 2021-06-11 15:47 - 2021-06-11 15:47 - 000000000 ____D C:\Users\Utilisateur\AppData\Local\Yandex 2021-06-11 15:47 - 2021-06-11 15:47 - 000000000 ____D C:\ProgramData\ZNMRN0LGOA9B676FAKV77T4XS 2021-06-11 15:47 - 2021-06-11 15:47 - 000000000 ____D C:\ProgramData\BQ8NV36909QK55M8FDQQJEXC0 2021-06-11 15:47 - 2021-06-11 15:47 - 000000000 ____D C:\Program Files (x86)\AW Manager 2021-06-11 15:46 - 2021-06-11 18:39 - 000000000 ____D C:\WINDOWS\PublicGaming 2021-06-11 15:46 - 2021-06-11 17:28 - 000000000 ___HD C:\Users\Utilisateur\AppData\Roaming\WinHost 2021-06-11 15:46 - 2021-06-11 15:46 - 001564823 _____ C:\ProgramData\5055 2021-06-11 15:46 - 2021-06-11 15:46 - 000104915 _____ C:\ProgramData\81593.81593 2021-06-11 15:46 - 2021-06-11 15:46 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\Browzar 2021-06-11 15:46 - 2021-06-11 15:46 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\AW Manager 2021-06-11 15:46 - 2021-06-11 15:46 - 000000000 ____D C:\ProgramData\50 2021-06-11 11:54 - 2021-06-11 11:54 - 000000128 _____ C:\Users\Utilisateur\Desktop\exemple 2 cassandra.url 2021-06-11 11:40 - 2021-06-11 11:41 - 000000169 _____ C:\Users\Utilisateur\Desktop\exemple cassandra.url 2021-06-10 23:11 - 2021-06-10 23:11 - 000401544 _____ (ICodeCompiler) C:\Users\Public\run.exe 2021-06-09 17:07 - 2021-06-09 17:07 - 000056422 _____ C:\Program9.html 2021-06-09 16:38 - 2021-06-09 16:38 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-06-09 16:38 - 2021-06-09 16:38 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-06-09 16:38 - 2021-06-09 16:38 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-06-09 16:38 - 2021-06-09 16:38 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-06-09 16:38 - 2021-06-09 16:38 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-06-09 16:38 - 2021-06-09 16:38 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-06-09 16:38 - 2021-06-09 16:38 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-06-09 16:38 - 2021-06-09 16:38 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-06-09 16:38 - 2021-06-09 16:38 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-06-09 16:38 - 2021-06-09 16:38 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-06-09 16:38 - 2021-06-09 16:38 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-06-09 16:38 - 2021-06-09 16:38 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-06-09 16:38 - 2021-06-09 16:38 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-06-09 16:38 - 2021-06-09 16:38 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-06-09 16:38 - 2021-06-09 16:38 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-06-09 16:38 - 2021-06-09 16:38 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-06-09 16:38 - 2021-06-09 16:38 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-06-09 16:38 - 2021-06-09 16:38 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-06-09 09:22 - 2021-06-09 09:22 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-06-08 15:55 - 2021-06-08 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contact 2021-06-08 15:55 - 2021-06-08 15:55 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\Robert Zamberlan 2021-06-08 15:55 - 2021-06-08 15:55 - 000000000 ____D C:\Users\Utilisateur\AppData\Local\WDSetup 2021-06-08 14:05 - 2021-06-08 14:04 - 000157831 _____ C:\Users\Utilisateur\Documents\epargnelauraDGVO0621078.pdf 2021-06-05 20:39 - 2021-06-05 20:40 - 639250721 _____ C:\Users\Utilisateur\Documents\basetotaleemail.sql 2021-06-01 22:32 - 2021-06-01 22:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-06-01 18:30 - 2021-06-02 08:06 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-06-01 18:24 - 2021-06-01 18:24 - 011802145 _____ C:\Users\Utilisateur\Downloads\lienfr3_10318_windows64.zip 2021-06-01 09:39 - 2021-06-01 09:39 - 011799484 _____ C:\Users\Utilisateur\Downloads\lienlilo_10318_windows64(1).zip 2021-06-01 09:38 - 2021-06-01 09:38 - 011799484 _____ C:\Users\Utilisateur\Downloads\lienlilo_10318_windows64.zip 2021-05-31 15:57 - 2021-05-31 15:57 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2895805209-499281333-174160971-1001 2021-05-31 15:57 - 2021-05-31 15:57 - 000002461 _____ C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-05-19 12:19 - 2021-05-19 12:20 - 000005529 _____ C:\Users\Utilisateur\Documents\recu.csv 2021-05-17 23:09 - 2021-05-17 23:09 - 000935830 _____ C:\Users\Utilisateur\Downloads\agendaculturel.xlsx 2021-05-13 16:47 - 2021-05-13 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlySpeed SQL Query 2021-05-13 16:47 - 2021-05-13 16:47 - 000000000 ____D C:\Program Files (x86)\ActiveDBSoft 2021-05-13 14:19 - 2021-05-13 14:19 - 000000000 ____D C:\Program Files (x86)\MSECache 2021-05-13 14:17 - 2021-05-13 14:17 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\Neos Eureka S.r.l 2021-05-13 14:17 - 2021-05-13 14:17 - 000000000 ____D C:\Users\Utilisateur\AppData\Local\ActiveDBSoft 2021-05-13 00:32 - 2021-05-13 00:32 - 000056688 _____ C:\Program8.html 2021-05-13 00:30 - 2021-05-13 00:35 - 000000000 ____D C:\Users\Utilisateur\AppData\Local\Notepad 2021-05-12 23:28 - 2021-05-12 23:46 - 000397312 _____ C:\Users\Utilisateur\Documents\chahge12052021bis.mdb 2021-05-12 23:27 - 2021-05-12 23:27 - 000009334 _____ C:\Users\Utilisateur\AppData\Roaming\Microsoft Access 97-2003.EML 2021-05-12 21:13 - 2021-05-12 21:13 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-05-12 21:13 - 2021-05-12 21:13 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-05-12 21:13 - 2021-05-12 21:13 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-05-12 21:13 - 2021-05-12 21:13 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-05-12 21:13 - 2021-05-12 21:13 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll 2021-05-12 21:13 - 2021-05-12 21:13 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll 2021-05-12 21:13 - 2021-05-12 21:13 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-05-12 21:13 - 2021-05-12 21:13 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-05-12 11:57 - 2021-05-12 12:15 - 000389120 _____ C:\Users\Utilisateur\Documents\chahge12052021.mdb 2021-05-12 11:53 - 2021-05-12 11:53 - 001513800 _____ C:\Users\Utilisateur\Documents\change.pdf 2021-05-11 10:11 - 2021-05-11 11:44 - 000696320 _____ C:\Users\Utilisateur\Documents\changemai2021.mdb 2021-04-30 20:00 - 2021-04-30 20:00 - 000000137 _____ C:\Users\Utilisateur\Desktop\tv.url 2021-04-30 18:11 - 2021-06-11 15:46 - 000000000 ____D C:\Program Files (x86)\Sky Email Verifier 2021-04-30 18:11 - 2021-04-30 18:11 - 000001216 _____ C:\Users\Utilisateur\Desktop\Sky Email Verifier.lnk 2021-04-30 18:11 - 2021-04-30 18:11 - 000000000 ____D C:\Users\Utilisateur\Documents\Sky Email Verifier 2021-04-30 18:11 - 2021-04-30 18:11 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Email Verifier 2021-04-27 07:52 - 2021-04-27 07:57 - 000000000 ____D C:\CUBRID 2021-04-25 18:31 - 2021-04-25 18:34 - 381155201 _____ C:\Users\Utilisateur\Documents\basetotaleemail.txt 2021-04-19 22:50 - 2021-04-19 22:50 - 000000595 _____ C:\Users\Utilisateur\Desktop\base2021.accdb - Raccourci.lnk 2021-04-19 17:32 - 2021-04-20 10:18 - 000006679 _____ C:\Users\Utilisateur\Documents\requetemailbis.txt 2021-04-19 16:32 - 2021-04-24 23:32 - 092673862 _____ C:\Users\Utilisateur\Documents\requetemailmailing.txt 2021-04-19 16:20 - 2021-04-24 23:31 - 002214294 _____ C:\Users\Utilisateur\Documents\requetemail.txt 2021-04-16 15:27 - 2021-04-20 13:29 - 000450560 _____ C:\Users\Utilisateur\Documents\changeavril16.mdb 2021-04-16 14:50 - 2021-04-16 14:50 - 000168790 _____ C:\Users\Utilisateur\Downloads\collissimo_1618326377_1758_5928994d16.pdf 2021-04-14 23:50 - 2021-04-14 23:50 - 000056932 _____ C:\Program7.html 2021-04-14 21:21 - 2021-04-14 21:21 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-04-11 13:10 - 2021-04-11 15:30 - 000819200 _____ C:\Users\Utilisateur\Documents\changeavril.mdb 2021-04-11 12:32 - 2021-04-11 12:33 - 000079202 _____ C:\Users\Utilisateur\Documents\npai.csv 2021-04-07 17:37 - 2021-05-11 10:12 - 000729088 _____ C:\Users\Utilisateur\Documents\change07042021.mdb 2021-04-06 08:41 - 2021-04-06 08:41 - 000124780 _____ C:\Users\Utilisateur\Desktop\courrier JPD 04 21070.pdf 2021-04-06 08:37 - 2021-04-06 08:37 - 000054892 _____ C:\Users\Utilisateur\Desktop\courrier situation JPD .pdf 2021-04-02 14:30 - 2021-04-02 14:30 - 000344511 _____ C:\Users\Utilisateur\Downloads\Blacklist.csv 2021-03-30 14:52 - 2021-04-07 17:34 - 000729088 _____ C:\Users\Utilisateur\Documents\change30032021.mdb 2021-03-29 22:57 - 2021-03-31 11:20 - 000001050 _____ C:\Users\Utilisateur\Desktop\totalturbo.xlsx - Raccourci.lnk 2021-03-29 19:21 - 2021-03-29 19:21 - 000001359 _____ C:\Users\Utilisateur\Desktop\VSO Downloader 5.lnk 2021-03-29 19:19 - 2021-03-29 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2021-03-29 19:19 - 2021-03-29 19:19 - 000000000 ____D C:\Program Files\WinPcap 2021-03-29 15:13 - 2021-03-29 15:13 - 000002070 _____ C:\Users\Public\Desktop\SendBlaster 4.lnk 2021-03-29 15:13 - 2021-03-29 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SendBlaster 4 2021-03-29 15:13 - 2021-03-29 15:13 - 000000000 ____D C:\Program Files (x86)\SendBlaster4 2021-03-29 09:26 - 2021-03-30 14:53 - 000532480 _____ C:\Users\Utilisateur\Documents\change28032021.mdb 2021-03-28 14:09 - 2021-05-12 12:27 - 005218304 _____ C:\Users\Utilisateur\Documents\changetravail.mdb 2021-03-28 13:34 - 2021-05-11 10:12 - 000593920 _____ C:\Users\Utilisateur\Documents\change.mdb 2021-03-28 13:31 - 2021-03-28 13:31 - 000008830 _____ C:\Users\Utilisateur\Documents\change.xlsx 2021-03-28 13:30 - 2021-03-28 13:30 - 000017592 _____ C:\Users\Utilisateur\Documents\change28032021.TXT 2021-03-28 13:30 - 2021-03-28 13:30 - 000009352 _____ C:\Users\Utilisateur\AppData\Roaming\Valeurs séparées par une tabulation (Windows).EML 2021-03-28 00:48 - 2021-03-28 00:48 - 000160256 _____ C:\Users\Utilisateur\Documents\change.xls 2021-03-28 00:48 - 2021-03-28 00:48 - 000009322 _____ C:\Users\Utilisateur\AppData\Roaming\Microsoft Excel 97-2003.EML 2021-03-28 00:37 - 2021-03-28 00:37 - 000102003 _____ C:\Users\Utilisateur\Documents\355.csv 2021-03-27 19:11 - 2021-03-27 19:11 - 000011528 _____ C:\Users\Utilisateur\Documents\essaiinterne.csv 2021-03-27 19:10 - 2021-03-28 00:39 - 000114542 _____ C:\Users\Utilisateur\Documents\essai.csv 2021-03-27 18:53 - 2021-03-27 18:53 - 000000744 _____ C:\Users\Utilisateur\Documents\E-Mail ID Farmer Report Brief -27-mars-21 05.52.40 .txt 2021-03-27 18:52 - 2021-03-27 18:53 - 000347633 _____ C:\Users\Utilisateur\Documents\E-Mail ID Farmer Report Full -27-mars-21 05.52.40 .txt 2021-03-27 18:51 - 2021-03-27 18:51 - 000000654 _____ C:\Users\Utilisateur\Documents\E-Mail ID Farmer Report Brief -27-mars-21 05.49.59 .txt 2021-03-27 18:49 - 2021-03-27 18:51 - 000431388 _____ C:\Users\Utilisateur\Documents\E-Mail ID Farmer Report Full -27-mars-21 05.49.59 .txt 2021-03-27 18:00 - 2021-03-27 19:07 - 000019948 _____ C:\Users\Utilisateur\Documents\change.txt 2021-03-27 17:40 - 2021-03-27 17:40 - 000002655 _____ C:\Users\Public\Desktop\E-Mail ID Farmer.lnk 2021-03-27 17:40 - 2021-03-27 17:40 - 000000000 ____D C:\Users\Utilisateur\AppData\Local\KNR-iDigital 2021-03-27 17:40 - 2021-03-27 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E-Mail ID Farmer 2021-03-27 17:40 - 2021-03-27 17:40 - 000000000 ____D C:\Program Files (x86)\E-Mail ID Farmer 2021-03-24 16:31 - 2021-03-24 16:41 - 000000000 ____D C:\Users\Utilisateur\validateuremailokaveccoock_16212_windows64 2021-03-24 16:05 - 2021-03-24 16:05 - 000000000 ____D C:\Users\Utilisateur\validateuremailok_16212_windows64 2021-03-24 15:40 - 2021-03-24 15:41 - 000000000 ____D C:\Users\Utilisateur\validateuremailokcsv_16212_windows64 2021-03-23 18:34 - 2021-03-23 18:35 - 000000118 _____ C:\Users\Utilisateur\Desktop\mailtesterantispam.url 2021-03-20 19:43 - 2021-03-20 19:43 - 000000113 _____ C:\Users\Utilisateur\Desktop\validateuryaml.url 2021-03-20 15:02 - 2021-03-20 15:03 - 000000123 _____ C:\Users\Utilisateur\Desktop\validateuremail.url 2021-03-18 18:13 - 2021-03-18 18:13 - 003135478 _____ C:\Users\Utilisateur\Documents\Copie de annuaire-mairie (2).xlsx 2021-03-17 19:05 - 2021-03-17 19:05 - 000000000 ____D C:\Users\Utilisateur\Documents\SendBlaster4 2021-03-17 14:15 - 2021-03-17 14:15 - 000000792 _____ C:\Users\Utilisateur\Desktop\totalsendblaster.xlsx - Raccourci.lnk 2021-03-17 11:22 - 2021-03-17 11:22 - 000000606 _____ C:\Users\Utilisateur\Desktop\sendblaster.accd.lnk ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2021-06-14 11:25 - 2020-01-05 12:51 - 000000000 ____D C:\Users\Utilisateur\AppData\Local\CrashDumps 2021-06-14 11:24 - 2020-02-21 10:40 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\ZHP 2021-06-14 11:14 - 2020-01-03 18:26 - 000000000 ____D C:\outlook 2021-06-14 10:59 - 2019-08-20 09:15 - 000000000 ____D C:\ProgramData\Mozilla 2021-06-14 10:58 - 2019-08-20 09:37 - 000000000 ____D C:\Users\Utilisateur\AppData\LocalLow\Mozilla 2021-06-14 09:23 - 2020-01-06 00:47 - 000000000 ____D C:\Program Files\CCleaner 2021-06-14 09:22 - 2020-11-01 13:26 - 001791548 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-14 09:22 - 2019-12-07 16:50 - 000794556 _____ C:\WINDOWS\system32\perfh00C.dat 2021-06-14 09:22 - 2019-12-07 16:50 - 000150844 _____ C:\WINDOWS\system32\perfc00C.dat 2021-06-14 09:22 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-06-14 09:19 - 2020-11-25 01:30 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\MacroCreator 2021-06-14 09:16 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-06-14 09:14 - 2020-11-01 13:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-14 09:14 - 2020-11-01 13:18 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-14 09:14 - 2020-01-26 14:19 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-06-14 09:14 - 2020-01-06 23:52 - 000000000 ____D C:\ProgramData\Privax 2021-06-14 09:14 - 2019-12-07 11:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2021-06-13 23:33 - 2020-11-01 13:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-13 14:57 - 2020-02-21 10:40 - 000000000 ____D C:\Users\Utilisateur\AppData\Local\ZHP 2021-06-13 09:14 - 2020-06-26 12:26 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-06-13 09:14 - 2020-06-26 12:26 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-06-13 09:14 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-06-13 09:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-06-12 23:43 - 2020-01-06 10:14 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2021-06-12 23:42 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-06-12 10:14 - 2019-08-19 09:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-06-11 15:48 - 2020-01-04 00:36 - 000000000 ____D C:\Program Files (x86)\WebDataExtractorPro 2021-06-11 15:47 - 2020-06-13 14:38 - 000000000 ____D C:\Program Files (x86)\EagleGet 2021-06-11 15:47 - 2019-12-07 16:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-06-11 15:46 - 2020-01-05 12:29 - 000000000 ____D C:\Program Files (x86)\BraveSoftware 2021-06-11 15:46 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT 2021-06-10 23:02 - 2020-01-05 12:08 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\FileZilla 2021-06-09 23:37 - 2020-01-03 10:10 - 000000000 ____D C:\Users\Utilisateur\AppData\Local\D3DSCache 2021-06-09 17:09 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-06-09 17:06 - 2020-11-01 13:18 - 002630672 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-06-09 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-06-09 16:41 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-06-09 16:32 - 2019-08-20 09:31 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-06-09 16:28 - 2019-08-20 09:31 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-06-07 18:01 - 2020-10-05 22:07 - 000081688 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe 2021-06-05 18:34 - 2019-09-11 11:58 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\vlc 2021-06-04 15:53 - 2020-11-05 13:58 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\Octoparse8 2021-06-02 08:06 - 2020-01-06 09:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-06-01 22:32 - 2020-02-21 10:48 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-05-31 15:57 - 2019-08-20 09:12 - 000000000 ___RD C:\Users\Utilisateur\OneDrive 2021-05-31 11:24 - 2020-02-11 19:11 - 000000000 ____D C:\Users\Utilisateur\Desktop\Anciennes données de Firefox 2021-05-28 22:53 - 2020-04-24 15:10 - 000000140 _____ C:\Users\Utilisateur\Desktop\cassandra.url 2021-05-26 11:11 - 2020-01-04 10:48 - 000000059 _____ C:\Users\Utilisateur\AppData\Roaming\.clst 2021-05-26 11:11 - 2020-01-04 10:47 - 000000122 ____H C:\Users\Utilisateur\AppData\Roaming\net.api.cp 2021-05-25 17:40 - 2020-01-05 12:32 - 000000000 ____D C:\Users\Utilisateur\Documents\VSO Downloader 2021-05-24 20:08 - 2020-01-19 13:05 - 000000681 _____ C:\Users\Utilisateur\Desktop\base2019.accdb - Raccourci.lnk 2021-05-20 12:01 - 2020-10-30 22:42 - 000000000 ____D C:\Users\Utilisateur 2021-05-17 19:19 - 2020-11-12 00:47 - 000000000 ____D C:\Users\Utilisateur\AppData\Roaming\RDDZ_Scraper ==================== Fichiers à la racine de certains dossiers ======== 2021-06-10 23:11 - 2021-06-10 23:11 - 000401544 _____ (ICodeCompiler) C:\Users\Public\run.exe 2020-03-02 01:14 - 2020-03-02 01:14 - 003333504 _____ (Nicolas Coolman) C:\Users\Utilisateur\ZHPCleaner.exe 2021-03-08 15:42 - 2021-03-08 15:42 - 000000000 _____ () C:\Program Files (x86)\Gammadyne 2020-01-04 10:48 - 2021-05-26 11:11 - 000000059 _____ () C:\Users\Utilisateur\AppData\Roaming\.clst 2020-01-04 10:43 - 2021-05-04 10:32 - 000000214 ____H () C:\Users\Utilisateur\AppData\Roaming\.cpref2 2021-05-12 23:27 - 2021-05-12 23:27 - 000009334 _____ () C:\Users\Utilisateur\AppData\Roaming\Microsoft Access 97-2003.EML 2021-03-28 00:48 - 2021-03-28 00:48 - 000009322 _____ () C:\Users\Utilisateur\AppData\Roaming\Microsoft Excel 97-2003.EML 2020-01-04 10:47 - 2021-05-26 11:11 - 000000122 ____H () C:\Users\Utilisateur\AppData\Roaming\net.api.cp 2020-01-20 00:31 - 2020-01-20 00:49 - 017895424 _____ () C:\Users\Utilisateur\AppData\Roaming\Sandra.mdb 2021-03-28 13:30 - 2021-03-28 13:30 - 000009352 _____ () C:\Users\Utilisateur\AppData\Roaming\Valeurs séparées par une tabulation (Windows).EML 2020-05-20 16:19 - 2020-05-20 16:19 - 000000099 _____ () C:\Users\Utilisateur\AppData\Local\fusioncache.dat 2020-01-06 22:09 - 2020-01-06 22:09 - 000000000 _____ () C:\Users\Utilisateur\AppData\Local\oobelibMkey.log ==================== SigCheckExt ========================= 2020-01-08 17:15 - 2015-09-21 01:30 - 003557000 _____ C:\WINDOWS\system32\BootMan.exe 2015-07-22 01:42 - 2015-07-22 01:42 - 000103424 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll 2020-01-04 15:54 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll 2020-01-04 15:54 - 2012-11-12 21:41 - 000535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll 2020-01-04 15:54 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll 2020-01-04 15:54 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll 2020-01-04 15:54 - 2012-11-12 21:41 - 000535552 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll 2020-01-04 15:54 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll 2020-01-08 17:15 - 2014-11-18 15:46 - 000017504 _____ C:\WINDOWS\system32\EuEpmGdi.dll 2020-01-08 09:53 - 2013-10-08 10:55 - 001988096 _____ C:\WINDOWS\system32\libmysql_e.dll 2020-01-08 17:15 - 2014-11-18 15:38 - 000101984 _____ C:\WINDOWS\system32\setupempdrvx64.exe 2020-02-17 13:53 - 2016-09-29 10:44 - 001298584 _____ C:\WINDOWS\ddmmain.exe 2020-01-16 00:01 - 2020-01-16 00:01 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\Setup1.exe 2020-01-16 00:01 - 2020-01-16 00:01 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE 2015-03-17 02:34 - 2015-03-17 02:34 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll 2020-01-08 17:15 - 2015-09-21 01:19 - 002658952 _____ C:\WINDOWS\SysWOW64\BootMan.exe 2018-08-25 13:36 - 2018-08-25 13:36 - 009501184 _____ (Chilkat Software, Inc.) C:\WINDOWS\SysWOW64\ChilkatAx-9.5.0-win32.dll 2006-02-28 13:41 - 2006-02-28 13:41 - 000061440 _____ (Apple Computer, Inc.) C:\WINDOWS\SysWOW64\dns-sd.exe 2006-02-28 13:41 - 2006-02-28 13:41 - 000053248 _____ (Apple Computer, Inc.) C:\WINDOWS\SysWOW64\dnssd.dll 2020-01-08 17:15 - 2014-11-18 15:46 - 000021088 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll 2009-01-28 03:00 - 2009-01-28 03:00 - 000086016 _____ (Exontrol Inc.) C:\WINDOWS\SysWOW64\ExTransparent.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JETCOMP.exe 2020-01-03 20:56 - 2015-08-03 11:06 - 001816064 _____ C:\WINDOWS\SysWOW64\libmysql_e.dll 2009-12-18 18:04 - 2009-12-18 18:04 - 000677888 _____ (AfterLogic Corporation) C:\WINDOWS\SysWOW64\MailBee.dll 2015-03-17 02:34 - 2015-03-17 02:34 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll 2015-03-17 02:34 - 2015-03-17 02:34 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHS.DLL 2015-03-17 02:34 - 2015-03-17 02:34 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHT.DLL 2015-03-17 02:34 - 2015-03-17 02:34 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71DEU.DLL 2015-03-17 02:34 - 2015-03-17 02:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ENU.DLL 2015-03-17 02:34 - 2015-03-17 02:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ESP.DLL 2015-03-17 02:34 - 2015-03-17 02:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71FRA.DLL 2015-03-17 02:34 - 2015-03-17 02:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ITA.DLL 2015-03-17 02:34 - 2015-03-17 02:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71JPN.DLL 2015-03-17 02:34 - 2015-03-17 02:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71KOR.DLL 2015-03-17 02:34 - 2015-03-17 02:34 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71u.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexch35.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000252688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl35.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 001050896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet35.dll 2000-04-26 13:35 - 2000-04-26 13:35 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint35.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 001238288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjt4jlt.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter35.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000168720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus35.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspdox35.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x35.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl35.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000044304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrpfs35.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000166672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext35.dll 2015-03-17 02:34 - 2015-03-17 02:34 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll 2015-03-17 02:34 - 2015-03-17 02:34 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll 2000-04-26 13:34 - 2000-04-26 13:34 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbse35.dll 2004-11-18 10:16 - 2004-11-18 10:16 - 000069632 _____ () C:\WINDOWS\SysWOW64\nktwab.dll 2014-05-21 10:36 - 2014-05-21 10:36 - 000265797 _____ (Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\SysWOW64\pdvcodec.dll 2014-04-18 06:31 - 2014-04-18 06:31 - 000053299 _____ C:\WINDOWS\SysWOW64\pthreadVC.dll 2020-01-08 17:15 - 2014-11-18 15:38 - 000088160 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe 2020-02-21 01:01 - 2011-12-14 21:21 - 000086016 _____ C:\WINDOWS\SysWOW64\SYNSOPOS.exe 2007-03-21 21:54 - 2007-03-21 21:54 - 000077312 _____ (Twain Working Group) C:\WINDOWS\SysWOW64\TWAIN_32.DLL 2007-03-21 21:54 - 2007-03-21 21:54 - 000048560 _____ (Twain Working Group) C:\WINDOWS\SysWOW64\TWUNK_16.EXE 2007-03-21 21:54 - 2007-03-21 21:54 - 000069632 _____ (Twain Working Group) C:\WINDOWS\SysWOW64\TWUNK_32.EXE 1998-06-18 00:00 - 1998-06-18 00:00 - 000089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL 2020-01-03 15:06 - 2006-04-26 22:05 - 000119568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB6FR.DLL 2000-07-15 01:00 - 2000-07-15 01:00 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB6STKIT.DLL 2000-04-26 13:34 - 2000-04-26 13:34 - 000368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL 2003-10-19 14:51 - 2003-10-19 14:51 - 000299008 _____ (Aivosto Oy) C:\WINDOWS\SysWOW64\vbwFunctionsVB6.dll 2010-03-14 02:09 - 2010-03-14 02:09 - 000028672 _____ (eDisplay srl) C:\WINDOWS\SysWOW64\WabWrapper.dll 2020-01-03 15:06 - 2007-02-21 02:59 - 000053248 _____ C:\WINDOWS\SysWOW64\ZLib.dll 2020-01-03 15:06 - 2005-05-08 17:56 - 000055808 _____ C:\WINDOWS\SysWOW64\zlib1.dll 2019-09-11 11:59 - 2011-01-03 15:50 - 000008192 _____ C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll 2021-06-10 23:11 - 2021-06-10 23:11 - 000401544 _____ (ICodeCompiler) C:\Users\Public\run.exe 2020-03-02 01:14 - 2020-03-02 01:14 - 003333504 _____ (Nicolas Coolman) C:\Users\Utilisateur\ZHPCleaner.exe 2021-06-12 15:22 - 2021-06-12 19:19 - 002300416 _____ (Farbar) C:\Users\Utilisateur\Downloads\FRSTEnglish.exe 2020-01-04 15:51 - 2005-09-24 03:28 - 001638400 _____ (Microsoft Corporation) C:\Users\Utilisateur\Downloads\gdiplus.dll 2020-11-25 01:26 - 2020-11-25 01:26 - 019034776 _____ (Rodolfo U. Batista ) C:\Users\Utilisateur\Downloads\MacroCreator-setup2357.exe 2020-01-04 16:36 - 2020-01-04 16:36 - 025763945 _____ (The qBittorrent project) C:\Users\Utilisateur\Downloads\qbittorrent_4.2.1_x64_setup.exe 2020-01-03 17:08 - 2020-01-03 17:08 - 006519144 _____ (Igor Pavlov) C:\Users\Utilisateur\Downloads\wde.exe 2020-02-22 00:39 - 2020-02-22 00:39 - 008321966 _____ (Igor Pavlov) C:\Users\Utilisateur\Downloads\wdepro.exe 2021-02-07 21:17 - 2021-02-07 21:17 - 003342472 _____ (Nicolas Coolman) C:\Users\Utilisateur\Downloads\ZHPCleaner.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de d‚marrage du microprogramme ------------------------------------------- identificateur {fwbootmgr} displayorder {f68812c3-1bfd-11ea-b557-806e6f6e6963} {16482549-016f-11ea-b54a-806e6f6e6963} {4a37c68b-c257-11e9-8aa9-e122dece355d} {f68812c2-1bfd-11ea-b557-806e6f6e6963} {71a838b9-05fa-11ea-b54e-806e6f6e6963} {e62e0d09-3219-11ea-b574-200db035e249} {bootmgr} {1648254d-016f-11ea-b54a-806e6f6e6963} timeout 1 Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {4a37c696-c257-11e9-8aa9-e122dece355d} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Application logicielle (101fffff) -------------------------------- identificateur {16482549-016f-11ea-b54a-806e6f6e6963} description Onboard NIC Application logicielle (101fffff) -------------------------------- identificateur {1648254d-016f-11ea-b54a-806e6f6e6963} device partition=\Device\HarddiskVolume2 path \EFI\Boot\BOOTX64.EFI description azm Application logicielle (101fffff) -------------------------------- identificateur {4a37c68b-c257-11e9-8aa9-e122dece355d} description P0: PNY CS900 240GB SSD Application logicielle (101fffff) -------------------------------- identificateur {71a838b9-05fa-11ea-b54e-806e6f6e6963} description CD/DVD/CD-RW Drive Application logicielle (101fffff) -------------------------------- identificateur {e62e0d09-3219-11ea-b574-200db035e249} description P1: PNY CS900 960GB SSD Application logicielle (101fffff) -------------------------------- identificateur {f68812c2-1bfd-11ea-b557-806e6f6e6963} description Diskette Drive Application logicielle (101fffff) -------------------------------- identificateur {f68812c3-1bfd-11ea-b557-806e6f6e6963} device partition=\Device\HarddiskVolume2 path \EFI\Boot\BOOTX64.EFI description USB Storage Device Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 10 locale fr-FR inherit {bootloadersettings} recoverysequence {4a37c699-c257-11e9-8aa9-e122dece355d} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {4a37c696-c257-11e9-8aa9-e122dece355d} nx OptIn bootmenupolicy Standard Chargeur de d‚marrage Windows ----------------------------- identificateur {4a37c699-c257-11e9-8aa9-e122dece355d} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4a37c69a-c257-11e9-8aa9-e122dece355d} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-FR inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{4a37c69a-c257-11e9-8aa9-e122dece355d} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {4a37c696-c257-11e9-8aa9-e122dece355d} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale fr-FR inherit {resumeloadersettings} recoverysequence {4a37c699-c257-11e9-8aa9-e122dece355d} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Diagnostics m‚moire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes ParamŠtres EMS -------------- identificateur {emssettings} bootems No ParamŠtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Local Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} ParamŠtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ParamŠtres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p‚riph‚rique ----------------------- identificateur {4a37c69a-c257-11e9-8aa9-e122dece355d} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Fin de FRST.txt ========================