Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2021 Exécuté par Cédric Bourson (administrateur) sur CÉDRIC (Acer Aspire M3900) (12-07-2021 14:55:55) Exécuté depuis C:\Users\Cédric Bourson\Desktop Profils chargés: Cédric Bourson Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France) Navigateur par défaut: Chrome Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Acer Incorporated -> Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (CyberLink -> ) [Fichier non signé] C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (D-LINK CORPORATION -> D-Link Corporation.) C:\Program Files (x86)\D-Link\ShareCenterSync\daemon.exe (Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Google LLC -> Google LLC) C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\Application\chrome.exe <16> (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\64DriverLoad.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388936 2018-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [333784 2021-03-31] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG) HKU\S-1-5-21-1413137251-2671438739-3149395470-1001\...\Run: [Dropbox Update] => C:\Users\Cédric Bourson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.) HKU\S-1-5-21-1413137251-2671438739-3149395470-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-1413137251-2671438739-3149395470-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1413137251-2671438739-3149395470-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC -> PeerBlock, LLC) HKU\S-1-5-21-1413137251-2671438739-3149395470-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-1413137251-2671438739-3149395470-1001\...\Run: [Google Update] => C:\Users\Cédric Bourson\AppData\Local\Google\Update\1.3.36.82\GoogleUpdateCore.exe [217432 2021-04-23] (Google LLC -> Google LLC) HKU\S-1-5-21-1413137251-2671438739-3149395470-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKLM\...\Windows x64\Print Processors\Canon MG5200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAE.DLL [28672 2010-08-25] (CANON INC.) [Fichier non signé] HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5200 series: C:\Windows\system32\CNMLMAE.DLL [361472 2010-08-25] (CANON INC.) [Fichier non signé] HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [327680 2010-02-05] (CANON INC.) [Fichier non signé] HKLM\...\Print\Monitors\EPSON XP-302 303 305 306 Series 64MonitorBE: C:\Windows\system32\E_ILMIKE.DLL [120320 2011-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [Fichier non signé] HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [96768 2012-07-29] (pdfforge GbR) [Fichier non signé] HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-05-28] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2021-05-20] (Splashtop Inc. -> Splashtop Inc.) Startup: C:\Users\Cédric Bourson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2021-07-09] ShortcutTarget: Dropbox.lnk -> C:\Users\Cédric Bourson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {037037F0-FBE5-4B0D-91BE-2BE743B6288C} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe 0 <==== ATTENTION Task: {0B18B820-2889-43B4-B1B4-FDA7297D7FAA} - \SoftwareUpdateTaskMachineCore -> Pas de fichier <==== ATTENTION Task: {15EF47AF-614F-480F-AC1A-45277094EDA6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform) Task: {179E1C70-3210-45C6-8174-CCE90E704BC3} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC -> DivX, LLC) Task: {1A3BE8A1-673C-4821-A0A2-686AA478E501} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1542080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {1DC73498-5A98-450A-B130-B2E663740ACB} - System32\Tasks\{67D11E53-C868-4B33-A8CF-8F8C7846C13D} => C:\Users\Cédric Bourson\Downloads\Megapolis_Hack_Tool_Android_iOS_2013_\Megapolis Hack Tool Android&iOS (2013)\Megapolis Hack Tool Android&iOS (2013).exe Task: {2A788F66-EB97-46AA-AFC0-C77B6B6FE5A4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001UA => C:\Users\Cédric Bourson\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2019-04-09] (Google Inc -> Google Inc.) Task: {3E6AD19F-8EBD-4FA9-BA8C-917E1CC4ABFA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [655296 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4C06B450-3BAC-4E44-A99F-CA80895AABC7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {50814663-1731-44EF-961D-01B073A9A0D4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001Core => C:\Users\Cédric Bourson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.) Task: {57989F3C-8285-4FD0-81E2-1F78A2612826} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {5BB75762-64CA-4509-8522-851A47455A86} - System32\Tasks\{CA8C2204-E544-465A-B0D9-F231BA39BB0F} => C:\Windows\system32\pcalua.exe -a "C:\Users\Cédric Bourson\Downloads\WBFSManager3.0\setup.exe" -d "C:\Users\Cédric Bourson\Downloads\WBFSManager3.0" Task: {67E4830F-6D12-45C4-964C-DEE574D5E8DB} - System32\Tasks\{F710E6EE-BBBC-44C5-BAFC-A81B2AA8AA78} => C:\Users\Cédric Bourson\Downloads\Megapolis_Hack_Tool_Android_iOS_2013_\Megapolis Hack Tool Android&iOS (2013)\Megapolis Hack Tool Android&iOS (2013).exe Task: {6F2774E0-52F1-409C-B983-8376A081F31D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {741D9E54-C6E2-4697-AE94-39238B0DF36F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [960448 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {82B0CE47-BF03-4254-B887-AE7FB388F184} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001UA => C:\Users\Cédric Bourson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.) Task: {8E56D4FE-E00B-495B-83B6-68C8B65DF321} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.) Task: {94524285-0167-4724-BC7F-2FD2C5696895} - System32\Tasks\Opera scheduled Autoupdate 1587829689 => C:\Users\Cédric Bourson\AppData\Local\Programs\Opera\launcher.exe Task: {98E668B0-0CD1-4E8B-BC30-2D4EE0D8EF76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001UA1d6a2e06702da93 => C:\Users\Cédric Bourson\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2019-04-09] (Google Inc -> Google Inc.) Task: {9A3D68F7-A9DD-4831-813A-84E7FE26DB30} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {9EA88ABD-14FB-4755-A6C7-BBF02EC97074} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {9FB93631-7BEC-4E1B-B0FE-087816E0DAE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {A1FB1D46-260A-4661-8DD9-791FA7CDBFAF} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe Task: {A6E808BD-0AB9-491D-9E90-A6070AFA3464} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft) Task: {A8D2FF1E-33AB-4E65-AA16-603EE0C75334} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe Task: {AF474C1C-8CE6-41C9-AE19-5FAABF79712D} - System32\Tasks\{1DFBA70E-48CB-4F33-B1BA-553DD0F6C275} => C:\Windows\system32\pcalua.exe -a C:\Windows\UnGins.exe -c "C:\Program Files (x86)\ZIP PASSWORD FINDER\install.log" Task: {B6026A80-B914-4593-B23F-7EAD5EA86FD5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {BA50DA8D-84D0-4568-B6F6-83D2EC328F8B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd) Task: {BEA1D9FE-129F-4849-8DEE-378CE4D8CAAF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [655296 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DF1621E9-9436-45E4-A3C1-E8D9F934C422} - System32\Tasks\Opera scheduled assistant Autoupdate 1587829691 => C:\Users\Cédric Bourson\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Cédric Bourson\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {E0E13F92-FA86-453D-92EF-AC7E5D10B5B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001Core => C:\Users\Cédric Bourson\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2019-04-09] (Google Inc -> Google Inc.) Task: {EEDE2583-A2E8-48EA-8396-DA10E0D19F0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.) Task: {F492BE57-12DF-4F07-90C9-E088F48FF592} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001Core1d6a2e066da632e => C:\Users\Cédric Bourson\AppData\Local\Google\Update\GoogleUpdate.exe [156968 2019-04-09] (Google Inc -> Google Inc.) Task: {F6A19CB8-04A8-4B5E-8D86-E72A911441F3} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F7C74F5C-3EE6-4C89-9462-A019D8AFAA74} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-05] (Mozilla Corporation -> Mozilla Foundation) Task: {F97E3A5A-0B6B-439A-80ED-5E64DCB69F95} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {F9CD5A49-7D9F-4756-9D60-E83A8EAC855A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {FF98E211-F5C3-42EB-8CD3-07B821B74CA8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001Core.job => C:\Users\Cédric Bourson\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001UA.job => C:\Users\Cédric Bourson\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Hosts: Fichier hosts non détecté dans le dossier par défaut Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4659F947-8262-4700-A560-83CD36AF1192}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{4659F947-8262-4700-A560-83CD36AF1192}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9AAAF885-9247-4FFE-8926-799272F602F8}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Cédric Bourson\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-13] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Cédric Bourson\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-24] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: ymz6gkbj.default FF ProfilePath: C:\Users\Cédric Bourson\AppData\Roaming\TomTom\HOME\Profiles\tphz3aap.default [2016-06-26] FF Extension: (Emulator) - C:\Users\Cédric Bourson\AppData\Roaming\TomTom\HOME\Profiles\tphz3aap.default\Extensions\Navcore.9.465.1074274@tomtom.com [2014-03-20] [] [non signé] FF Extension: (Pas de nom) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [non trouvé(e)] FF ProfilePath: C:\Users\Cédric Bourson\AppData\Roaming\Mozilla\Firefox\Profiles\ymz6gkbj.default [2021-07-11] FF ProfilePath: C:\Users\Cédric Bourson\AppData\Roaming\Mozilla\Firefox\Profiles\g30yh1he.default-release-1618695089200 [2021-07-11] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Cédric Bourson\AppData\Roaming\Mozilla\Firefox\Profiles\g30yh1he.default-release-1618695089200\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-06-03] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-07-25] [] [non signé] FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @dlink.com/DNS320LSurvCen -> C:\Program Files (x86)\\SurveillanceStation\DNS320LNP\npDNS320LMySurveillance.dll [2015-10-08] (D-LINK CORPORATION) [Fichier non signé] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Pas de fichier] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Fichier non signé] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Fichier non signé] FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1413137251-2671438739-3149395470-1001: www.mydlink.com/Uplayer -> C:\Users\Cédric Bourson\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-LINK CORPORATION -> D-Link Corporation) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default [2021-07-12] CHR Notifications: Default -> hxxps://www.youtube.com CHR HomePage: Default -> hxxp://www.google.comm/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Extension: (Slides) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-16] CHR Extension: (Free Download Manager) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2021-02-19] CHR Extension: (Docs) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-16] CHR Extension: (Google Drive) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-16] CHR Extension: (YouTube) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-16] CHR Extension: (Tampermonkey) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-06-26] CHR Extension: (Sheets) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-16] CHR Extension: (Google Docs hors connexion) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-11] CHR Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-07-09] CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2020-04-26] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-11] CHR Extension: (mydlink services plugin) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2015-12-04] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-27] CHR Extension: (Reverso - Traduction, dictionnaire) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhiacboedfinnofagfgoaanfedhmfab [2020-07-14] CHR Extension: (Social Profile view notification) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pegkceflonohbcefcbflfpficfkmpeod [2019-10-27] CHR Extension: (Gmail) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-16] CHR Extension: (Chrome Media Router) - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-26] CHR Profile: C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-11] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] StartMenuInternet: Google Chrome.M4HUIGADSP7KHVJMKE365POXHU - C:\Users\Cédric Bourson\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-07-03] (Mixbyte Inc -> Freemake) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-04] (Malwarebytes Inc -> Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation) R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] (CyberLink -> ) [Fichier non signé] R2 ShareCenterSync; C:\Program Files (x86)\D-Link\ShareCenterSync\daemon.exe [1400464 2015-07-21] (D-LINK CORPORATION -> D-Link Corporation.) R2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-07-09] (Wondershare Technology Co.,Ltd -> Wondershare) ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (APOWERSOFT LIMITED -> Wondershare) S2 ASPI32; pas de ImagePath S3 CrystalSysInfo; pas de ImagePath S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36944 2014-03-04] (IObit Information Technology -> IObit) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-06-26] (Malwarebytes Inc -> Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 MpKslcf34a70c; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A523CDB4-AC38-4BE6-BF6A-F7A4CB093839}\MpKslDrv.sys [47336 2021-07-11] (Microsoft Windows -> Microsoft Corporation) S3 MWAC; C:\Windows\system32\drivers\ [0 0000-00-00] () <==== ATTENTION (zéro octet Fichier/Dossier) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 rt61x64; C:\Windows\System32\DRIVERS\netr6164.sys [438784 2009-06-02] (Ralink Technology, Corp.) [Fichier non signé] S3 SliceDisk5; pas de ImagePath U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> ) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation -> Microsoft Corporation) U3 aswbdisk; pas de ImagePath ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2021-07-12 14:55 - 2021-07-12 14:58 - 000034096 _____ C:\Users\Cédric Bourson\Desktop\FRST.txt 2021-07-12 14:55 - 2021-07-12 14:57 - 000000000 ____D C:\FRST 2021-07-12 14:54 - 2021-07-12 14:54 - 002301440 _____ (Farbar) C:\Users\Cédric Bourson\Desktop\FRST64.exe 2021-07-12 14:16 - 2021-07-12 14:15 - 000451432 _____ C:\Users\Cédric Bourson\Desktop\ZHPDiag.txt 2021-07-12 13:57 - 2021-07-12 14:15 - 000000135 _____ C:\Users\Cédric 2021-07-12 13:56 - 2021-07-12 14:15 - 000000000 ____D C:\Users\Cédric Bourson\AppData\Roaming\ZHP 2021-07-12 13:54 - 2021-07-12 13:54 - 003473048 _____ (Nicolas Coolman) C:\Users\Cédric Bourson\Desktop\ZHPSuite.exe 2021-07-11 22:48 - 2021-07-11 22:50 - 000000000 _RSHD C:\ProgramData\Key-Base 2021-07-11 22:48 - 2021-07-11 22:48 - 000000000 ____D C:\ProgramData\{5101C8F6-CF9C-1B15-9FAA-AB3FE573DD97} 2021-07-11 22:47 - 2021-07-11 22:48 - 000002784 _____ C:\RakhniDecryptor.1.27.0.0_11.07.2021_22.47.04_log.txt 2021-07-11 21:41 - 2021-07-11 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2021-07-11 21:40 - 2021-07-11 21:40 - 000002056 _____ C:\RakhniDecryptor.1.27.0.0_11.07.2021_21.40.23_log.txt 2021-07-11 21:38 - 2021-07-11 21:39 - 000000000 ____D C:\Users\Cédric Bourson\Downloads\RakhniDecryptor 2021-07-11 21:38 - 2021-07-11 21:38 - 005594791 _____ C:\Users\Cédric Bourson\Downloads\RakhniDecryptor.zip 2021-07-11 21:35 - 2021-07-11 21:36 - 004969032 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\Cédric Bourson\Downloads\StellarDataRecoveryProfessionalWindows.exe 2021-07-11 20:27 - 2021-07-11 20:27 - 006611408 _____ (EnigmaSoft Limited) C:\Users\Cédric Bourson\Downloads\SpyHunter-Installer.exe 2021-07-11 20:22 - 2021-07-12 13:41 - 000000000 ____D C:\Program Files\WiperSoft 2021-07-11 20:22 - 2021-07-11 20:22 - 000026952 _____ (Wiper Software) C:\Windows\system32\wiperrm.exe 2021-07-11 20:22 - 2021-07-11 20:22 - 000000774 _____ C:\Users\Cédric Bourson\Desktop\WiperSoft.lnk 2021-07-11 20:22 - 2021-07-11 20:22 - 000000000 ____D C:\Users\Cédric Bourson\AppData\Roaming\WiperSoft 2021-07-11 20:22 - 2021-07-11 20:22 - 000000000 ____D C:\Users\Cédric Bourson\AppData\Roaming\Microsoft\Windows\Start Menu\WiperSoft 2021-07-11 20:21 - 2021-07-11 20:21 - 002527040 _____ (Wiper Software, UAB) C:\Users\Cédric Bourson\Downloads\WiperSoft-installer.exe 2021-07-11 20:07 - 2021-07-11 20:07 - 000000000 ____D C:\Users\Cédric Bourson\Downloads\RansomwareFileDecryptor 1.0.1668 MUI 2021-07-11 20:06 - 2021-07-11 20:07 - 011957376 _____ C:\Users\Cédric Bourson\Downloads\RansomwareFileDecryptor 1.0.1668 MUI.zip 2021-07-09 12:05 - 2021-07-09 12:05 - 000000000 ____D C:\Users\Cédric Bourson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-06-26 07:53 - 2021-06-26 07:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2021-06-26 07:53 - 2021-06-26 07:53 - 000000000 ____D C:\Program Files\iPod 2021-06-26 07:52 - 2021-06-26 07:53 - 000000000 ____D C:\Program Files\iTunes 2021-06-26 04:39 - 2021-06-26 04:39 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-06-01 19:53 - 2021-06-01 19:50 - 000224128 _____ C:\Users\Cédric Bourson\Documents\Devis MR BOURSON.pdf 2021-04-17 23:31 - 2021-04-17 23:31 - 000000000 ____D C:\Users\Cédric Bourson\Desktop\Anciennes données de Firefox ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2021-07-12 14:56 - 2016-10-15 07:57 - 000000000 ____D C:\Users\Cédric Bourson\AppData\Local\CrashDumps 2021-07-12 14:32 - 2015-06-20 17:29 - 000001232 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001UA.job 2021-07-12 14:18 - 2017-11-19 01:13 - 000000000 ____D C:\Program Files\CCleaner 2021-07-12 14:04 - 2007-10-10 14:46 - 000000000 ____D C:\ProgramData\NVIDIA 2021-07-12 14:02 - 2009-07-14 06:45 - 000022256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2021-07-12 14:02 - 2009-07-14 06:45 - 000022256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2021-07-12 13:56 - 2019-01-19 06:38 - 000000000 ____D C:\Users\Cédric Bourson\AppData\Local\ZHP 2021-07-12 13:44 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-07-12 13:43 - 2017-07-17 15:53 - 000000000 ____D C:\ProgramData\ShareCenter 2021-07-12 13:36 - 2015-03-20 16:57 - 000112384 _____ C:\Users\Cédric Bourson\AppData\Local\GDIPFONTCACHEV1.DAT 2021-07-12 13:36 - 2015-03-20 16:56 - 000426576 _____ C:\Windows\system32\FNTCACHE.DAT 2021-07-11 22:11 - 2011-04-09 12:07 - 000001046 _____ C:\Users\Cédric Bourson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2021-07-11 21:41 - 2011-04-30 21:42 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2021-07-11 19:54 - 2020-07-08 15:33 - 000002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-07-11 19:54 - 2020-07-08 15:33 - 000002150 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-07-09 22:48 - 2012-09-15 19:53 - 000000000 ____D C:\Users\Cédric Bourson\AppData\Roaming\OneSwarm 2021-07-09 12:05 - 2014-02-13 13:30 - 000000000 ____D C:\Users\Cédric Bourson\AppData\Roaming\Dropbox 2021-07-04 20:45 - 2013-08-06 22:41 - 000000000 ____D C:\Users\Cédric Bourson\Documents\Utorrent 2021-07-04 19:29 - 2020-08-23 21:23 - 000001964 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-07-04 19:29 - 2019-08-01 19:01 - 000001952 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-07-04 15:08 - 2020-07-08 15:32 - 000003534 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-07-04 15:08 - 2020-07-08 15:32 - 000003406 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-06-26 20:39 - 2019-10-04 16:17 - 003427840 ___SH C:\Users\Cédric Bourson\Downloads\Thumbs.db 2021-06-26 07:53 - 2018-04-07 15:24 - 000001751 _____ C:\Users\Public\Desktop\iTunes.lnk 2021-06-25 23:37 - 2015-06-20 17:29 - 000001180 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001Core.job 2021-06-25 23:27 - 2015-06-20 17:29 - 000004220 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001UA 2021-06-25 23:27 - 2015-06-20 17:29 - 000003824 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-1413137251-2671438739-3149395470-1001Core 2021-06-16 18:20 - 2013-08-15 11:21 - 000000000 ____D C:\Windows\system32\MRT 2021-06-16 18:12 - 2011-04-09 14:42 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-06-16 17:57 - 2009-07-14 07:13 - 001677594 _____ C:\Windows\system32\PerfStringBackup.INI 2021-06-16 17:57 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf 2021-06-16 17:57 - 2007-10-11 00:31 - 000750454 _____ C:\Windows\system32\perfh00C.dat 2021-06-16 17:57 - 2007-10-11 00:31 - 000151100 _____ C:\Windows\system32\perfc00C.dat 2021-06-16 17:52 - 2019-08-15 23:37 - 000000000 ____D C:\Users\Cédric Bourson\Documents\Singles 2021-06-16 17:48 - 2011-04-17 15:39 - 000000000 ____D C:\Users\Cédric Bourson\AppData\Roaming\vlc 2021-06-16 15:44 - 2017-04-16 21:20 - 000002023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Fichiers à la racine de certains dossiers ======== 2019-09-14 05:38 - 2019-09-14 05:38 - 006922240 _____ () C:\Program Files (x86)\GUT11A.tmp 2016-12-17 02:02 - 2016-12-17 02:02 - 007680000 _____ () C:\Program Files (x86)\GUT7926.tmp 2021-04-10 22:37 - 2021-04-10 22:37 - 000002524 _____ () C:\Users\Cédric Bourson\AppData\Local\recently-used.xbel 2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 _____ () C:\Users\Cédric Bourson\AppData\Local\setup.txt 2014-04-24 16:43 - 2014-04-24 16:43 - 000003725 _____ () C:\Users\Cédric Bourson\AppData\Local\ZHPFixReport.txt 2011-08-27 18:18 - 2011-08-27 18:18 - 000000000 _____ () C:\Users\Cédric Bourson\AppData\Local\{EB640DAF-42AD-4A27-8F2E-994A919FAC0B} ==================== SigCheckExt ========================= 2011-04-09 23:47 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll 2010-03-11 01:57 - 2010-03-11 00:57 - 000248320 _____ (CANON INC.) C:\Windows\system32\CNMIUAE.DLL 2011-04-09 23:48 - 2010-08-25 05:00 - 000361472 _____ (CANON INC.) C:\Windows\system32\CNMLMAE.DLL 2011-04-10 11:17 - 2010-02-05 03:37 - 000327680 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL 2011-04-10 11:17 - 2010-02-05 03:37 - 000037376 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL 2014-01-06 20:06 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll 2014-01-06 20:06 - 2012-11-12 21:41 - 000535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll 2014-01-06 20:06 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll 2014-01-06 20:06 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll 2014-01-06 20:06 - 2012-11-12 21:41 - 000535552 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll 2014-01-06 20:06 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll 2011-04-08 23:00 - 2011-04-08 23:00 - 000464896 _____ (Microsoft Corporation) C:\Windows\system32\ipcoin815.dll 2011-05-18 08:08 - 2011-05-18 08:08 - 000465408 _____ (Microsoft Corporation) C:\Windows\system32\ipcoin82.dll 2011-04-08 23:00 - 2011-04-08 23:00 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\itpcoin815.dll 2011-11-19 23:54 - 2003-03-18 11:20 - 001060864 _____ (Microsoft Corporation) C:\Windows\system32\MFC71.DLL 2011-11-19 23:54 - 2003-03-18 10:14 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.DLL 2011-11-19 23:54 - 2003-02-20 18:42 - 000348160 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.DLL 2011-06-05 06:40 - 2005-03-12 01:07 - 000087040 _____ C:\Windows\system32\pdfcmnnt.dll 2012-10-21 21:29 - 2012-07-29 13:59 - 000096768 _____ (pdfforge GbR) C:\Windows\system32\pdfcmon.dll 2011-12-29 23:42 - 2009-07-17 17:59 - 000303616 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll 2019-09-18 16:15 - 1998-10-07 14:08 - 000327168 _____ (InstallShield Software Corporation) C:\Windows\IsUn040c.exe 2012-06-03 15:33 - 1997-09-28 13:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\ST4UNST.EXE 2011-05-09 02:49 - 2011-05-09 02:53 - 000098304 _____ (Sony DADC Austria AG.) C:\Windows\system32CmdLineExt.dll 2014-05-11 11:56 - 2000-05-16 10:40 - 000083968 _____ C:\Windows\UnGins.exe 2010-06-28 19:39 - 2010-06-28 19:39 - 000089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll 2011-04-09 23:47 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll 2010-02-05 03:37 - 2010-02-05 03:37 - 000340992 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL 2010-08-27 09:32 - 2009-07-08 10:34 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2010-02-19 21:27 - 2010-02-19 21:27 - 000720384 _____ (DivX, Inc.) C:\Windows\SysWOW64\DivX.dll 2010-02-19 21:27 - 2010-02-19 21:27 - 000856064 _____ (DivX, Inc.) C:\Windows\SysWOW64\divx_xx07.dll 2010-02-19 21:27 - 2010-02-19 21:27 - 000847872 _____ (DivX, Inc.) C:\Windows\SysWOW64\divx_xx0a.dll 2010-02-19 21:27 - 2010-02-19 21:27 - 000856064 _____ (DivX, Inc.) C:\Windows\SysWOW64\divx_xx0c.dll 2010-02-19 21:27 - 2010-02-19 21:27 - 000839680 _____ (DivX, Inc.) C:\Windows\SysWOW64\divx_xx11.dll 2010-02-19 21:27 - 2010-02-19 21:27 - 000843776 _____ (DivX, Inc.) C:\Windows\SysWOW64\divx_xx16.dll 2013-09-18 22:08 - 2013-09-18 22:08 - 000094208 _____ (DivX, Inc.) C:\Windows\SysWOW64\dpl100.dll 2011-11-06 00:32 - 2011-06-23 21:24 - 001700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2008-07-04 19:23 - 2008-07-04 19:23 - 001757184 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagX7.dll 2008-07-04 19:23 - 2008-07-04 19:23 - 000258048 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagXR7.dll 2008-07-04 19:23 - 2008-07-04 19:23 - 000802816 _____ (Pegasus Imaging Corp.) C:\Windows\SysWOW64\imagXRA7.dll 2010-06-28 19:39 - 2010-06-28 19:39 - 001060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll 2019-09-18 16:16 - 2008-10-14 09:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71CHS.DLL 2019-09-18 16:16 - 2008-10-14 09:36 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71CHT.DLL 2010-06-28 19:39 - 2010-06-28 19:39 - 001047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll 2000-05-11 13:06 - 2000-05-11 13:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msbind.dll 2012-10-21 21:29 - 1998-07-13 02:08 - 000059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2FR.DLL 2012-10-21 21:29 - 1998-07-13 02:08 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL 2012-10-21 21:29 - 2012-05-05 11:54 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2002-01-05 13:37 - 2002-01-05 13:37 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll 2005-12-09 07:30 - 2005-12-09 07:30 - 000626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll 2011-04-10 18:46 - 2011-06-23 21:24 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2007-10-10 15:01 - 2010-03-29 15:09 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll 2003-04-19 01:29 - 2003-04-19 01:29 - 000082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll 2011-11-19 23:54 - 2008-06-14 23:01 - 000060273 _____ (Open Source Software community project) C:\Windows\SysWOW64\pthreadGC2.dll 2014-04-24 16:24 - 2010-08-30 08:34 - 000536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2016-06-19 04:00 - 2016-04-09 08:54 - 000000664 _____ C:\Windows\SysWOW64\sys32dlkb.dll 2019-09-18 16:16 - 2008-10-14 09:36 - 000167936 _____ (Tidestone Technologies, Inc.) C:\Windows\SysWOW64\TTF16FR.DLL 2006-03-18 00:49 - 2006-03-18 00:49 - 000368640 _____ (Pegasus Imaging Corporation) C:\Windows\SysWOW64\twnlib4.dll 2011-04-30 21:42 - 2011-03-02 12:43 - 000175616 _____ C:\Windows\SysWOW64\unrar.dll 2000-10-02 00:00 - 2000-10-02 00:00 - 000119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vb6fr.dll 2009-10-06 09:16 - 2009-10-06 09:16 - 000819200 _____ C:\Windows\SysWOW64\xvidcore.dll 2014-03-11 18:39 - 2014-05-06 14:12 - 000003062 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-03-11 18:39 - 2014-05-06 14:12 - 000003060 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2021-07-12 14:54 - 2021-07-12 14:54 - 002301440 _____ (Farbar) C:\Users\Cédric Bourson\Desktop\FRST64.exe 2021-07-12 13:54 - 2021-07-12 13:54 - 003473048 _____ (Nicolas Coolman) C:\Users\Cédric Bourson\Desktop\ZHPSuite.exe 2019-09-18 16:10 - 2019-09-18 16:14 - 055199882 _____ (Hager ) C:\Users\Cédric Bourson\Documents\Semiolog_5.1_05.2017.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume2 description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {56efa923-777f-11dc-abaa-eb1ac3547693} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale fr-FR inherit {bootloadersettings} recoverysequence {56efa925-777f-11dc-abaa-eb1ac3547693} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {56efa923-777f-11dc-abaa-eb1ac3547693} nx OptIn Chargeur de d‚marrage Windows ----------------------------- identificateur {56efa925-777f-11dc-abaa-eb1ac3547693} device ramdisk=[C:]\Recovery\56efa925-777f-11dc-abaa-eb1ac3547693\Winre.wim,{56efa926-777f-11dc-abaa-eb1ac3547693} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\56efa925-777f-11dc-abaa-eb1ac3547693\Winre.wim,{56efa926-777f-11dc-abaa-eb1ac3547693} systemroot \windows nx OptIn winpe Yes Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {56efa923-777f-11dc-abaa-eb1ac3547693} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale fr-FR inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume2 path \boot\memtest.exe description Windows Memory Diagnostic locale fr-FR inherit {globalsettings} badmemoryaccess Yes ParamŠtres EMS -------------- identificateur {emssettings} bootems Yes ParamŠtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} ParamŠtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ParamŠtres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p‚riph‚rique ----------------------- identificateur {56efa926-777f-11dc-abaa-eb1ac3547693} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\56efa925-777f-11dc-abaa-eb1ac3547693\boot.sdi LastRegBack: 2021-07-04 19:45 ==================== Fin de FRST.txt ========================