Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 25-08-2023 Exécuté par bedek (administrateur) sur DESKTOP-QP9JPF4 (Dell Inc. XPS 8500) (27-08-2023 13:21:38) Exécuté depuis D:\Users\bedek\Desktop\FRST64.exe Profils chargés: bedek Plate-forme: Microsoft Windows 10 Famille Version 22H2 19045.3324 (X64) Langue: Français (France) Navigateur par défaut: FF Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2> (C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe ->) (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe <7> (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe (C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe (C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (C:\Windows\runSW.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe (explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe <2> (explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (explorer.exe ->) (Mega Limited -> Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <4> (explorer.exe ->) (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\Vpn.exe <5> (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe (Heidi Computers Ltd -> The Eraser Project) C:\Program Files\Eraser\Eraser.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\bedek\AppData\Local\Microsoft\OneDrive\23.153.0724.0003\Microsoft.SharePoint.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (services.exe ->) (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (services.exe ->) (ArcSoft, Inc. -> ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe (services.exe ->) (GuinpinSoft inc) [Fichier non signé] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.2.0_x64.exe (services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Photodex Corporation -> ) C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe (services.exe ->) (Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\VpnSvc.exe (services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Realtek Semiconductor Corp. -> ) C:\Windows\runSW.exe (services.exe ->) (voidtools -> ) C:\Program Files (x86)\Everything\Everything.exe <3> (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1068560 2019-08-18] (Heidi Computers Ltd -> The Eraser Project) HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3992208 2014-10-03] (Stardock Corporation -> Stardock Corporation) HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1667208 2020-11-24] (Logitech Inc -> Logitech, Inc.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-21] (Logitech Inc -> Logitech, Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [Fichier non signé] HKLM-x32\...\Run: [XPE] => C:\Program Files (x86)\XPE Windows 10 DPI Fix\XPEWindows10_DPI.exe [28672 2015-08-21] (XPExplorer.com - 2015) [Fichier non signé] HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1710880 2019-01-26] (voidtools -> ) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-26] (Adobe Inc. -> Adobe Inc.) HKU\S-1-5-21-915969086-1333566815-1066330387-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\bedek\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-915969086-1333566815-1066330387-1001\...\Run: [MicrosoftEdgeAutoLaunch_53B5C0E94C8AB9E07EB8DCDF45C66283] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4107728 2023-08-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-915969086-1333566815-1066330387-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] True HKU\S-1-5-21-915969086-1333566815-1066330387-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ENTERT~1.SCR [1687552 2004-01-04] () [Fichier non signé] HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\system32\cpwmon64.dll [89008 2016-01-22] (Acro Software Inc. -> ) HKLM\...\Print\Monitors\PDF-XChange5-ABBYY-FR15: C:\Windows\system32\pxc50pmaf15.dll [57328 2018-12-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.111\Installer\chrmstp.exe [2023-08-25] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{09B25A4E-0D4F-4F1C-8823-4D1883624626}] -> C:\Program Files (x86)\ABBYY FineReader 15\ScreenshotReader.exe [2020-06-15] (ABBYY Production LLC -> ABBYY Production LLC.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA VPN.lnk [2023-07-27] ShortcutTarget: HMA VPN.lnk -> C:\Program Files\Privax\HMA VPN\Vpn.exe (Privax Limited -> Privax Limited) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk [2020-09-10] ShortcutTarget: HP Button Manager.lnk -> C:\Program Files (x86)\HP Button Manager\BM.exe (Hewlett-Packard Company -> ) Startup: C:\Users\bedek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2020-10-31] ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\bedek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-08-05] ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited) ==================== Tâches planifiées (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {02CE61B9-57F3-4703-BD10-586E87FB255F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.) Task: {0D130C25-2661-4DED-8AFC-2D7E1A5E336E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {BF647C1B-F79A-4B60-A32D-55BE8620CE82} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {725DED6E-C263-4AA9-B321-90C9FC09AAB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-04] (Google LLC -> Google LLC) Task: {AB95C05E-3B0F-47D5-876E-05064B7CE415} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-04] (Google LLC -> Google LLC) Task: {53018614-8D49-4832-905D-947D51A9AF54} - System32\Tasks\HMA VPN Update => C:\Program Files\Privax\HMA VPN\VpnUpdate.exe [1369992 2023-07-27] (Privax Limited -> Privax Limited) Task: {4061E76F-E23A-425F-9709-C6299C76DBD0} - System32\Tasks\IcarusPrivaxVpnUpgrade => C:\Program Files\Privax\HMA VPN\setup\privax_vpn_online_setup.exe -> /silent /ShowVpnGui=0 /RestartUpdaterTaskName=IcarusPrivaxVpnUpgrade /RestartUpdaterAppExe="C:\Program Files\Privax\HMA VPN\setup\privax_vpn_online_setup.exe" Task: {8494F64F-9A14-40C0-AB01-6B947F3A20FB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-07-06] () [Fichier non signé] Task: {DCC65680-7A64-4078-9DFA-3A6C1664DBF4} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-915969086-1333566815-1066330387-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [1776304 2023-08-23] (Mega Limited -> ) Task: {17A6B558-15CA-48C4-9657-7C0952EAB176} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-23] (Microsoft Corporation -> Microsoft Corporation) Task: {AAE24948-9604-4334-BC5D-CAA895486578} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656848 2023-08-23] (Microsoft Corporation -> Microsoft Corporation) Task: {476923EA-16F6-4402-95AD-32F1F15DBA42} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-23] (Microsoft Corporation -> Microsoft Corporation) Task: {F7A81C0A-7648-4A0C-A3E6-1F4880A70B74} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-23] (Microsoft Corporation -> Microsoft Corporation) Task: {45837E39-A575-4247-8870-72F7A5A68778} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-23] (Microsoft Corporation -> Microsoft Corporation) Task: {6BC86D2E-2E0F-468A-B20D-E87249D64458} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {0A84E8D8-E954-4532-B0AD-7620FB2BC061} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc Task: {0A84E8D8-E954-4532-B0AD-7620FB2BC061} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun Task: {0A84E8D8-E954-4532-B0AD-7620FB2BC061} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData Task: {63AB2460-483A-4C26-84A3-6F474BEBC0C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A8C624B6-D613-439F-8F64-0407250CC3F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D5F909EB-E88E-4695-B360-F130BFCF5BC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1D8BF942-AFBF-4878-999B-38F41FE3378A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7A177D77-92C2-4335-82B3-60279E7B0024} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [687008 2023-08-23] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {B4DC4F4A-9D63-49E6-A683-7CC1F64AB4B5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-23] (Mozilla Corporation -> Mozilla Foundation) Task: {99EB03DC-3EEA-425A-8805-E1831BA80C81} - System32\Tasks\Privax\HMA VPN Bug Report => C:\Program Files\Privax\HMA VPN\AvBugReport.exe [4759432 2023-07-27] (Privax Limited -> Privax Limited) -> --filter "*.dmp;*.mdmp;icarus.log" --send "dumps|report" --silent --product 78 --programpath "C:\Program Files\Privax\HMA VPN" --configpath "C:\ProgramData\Privax\HMA VPN" --path "C:\ProgramData\Privax\HMA VPN\log" --path "C:\ProgramData\Privax\Icarus\Logs" --logpath "C:\ProgramData\Privax\HMA VPN\l (l'élément de données a 47 caractères en plus). Task: {9A50155A-C991-42D0-A1B0-407280FBD8DB} - System32\Tasks\Privax\HMA VPN Update => C:\Program Files\Common Files\Privax\Icarus\privax-vpn\icarus.exe [7095688 2023-07-18] (Privax Limited -> Privax Limited) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\..\Interfaces\{03b78802-2349-4e6b-ab89-81071c83f03d}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1af915a2-ac3d-4d8f-9bf3-0b80f5ff8d09}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{a57acf03-29bb-4001-8b2b-bc7c34666620}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{df16ff73-a6ab-442f-9d99-147d0e72503b}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] Edge Profile: C:\Users\bedek\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-27] Edge Extension: (Edge relevant text changes) - C:\Users\bedek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-23] FireFox: ======== FF DefaultProfile: i56jfzeq.default FF ProfilePath: C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default [2023-07-27] FF Homepage: Mozilla\Firefox\Profiles\i56jfzeq.default -> www.google.fr FF Extension: (Easy Screenshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2020-03-06] FF Extension: (FoxyTab) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\foxytab@eros.man.xpi [2020-03-06] FF Extension: (Disable WebRTC) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2020-04-19] FF Extension: (Page Captures d'écran Web - Fireshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2020-06-27] FF Extension: (Voir image) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2020-04-24] FF Extension: (Video DownloadHelper) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-30] FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\i56jfzeq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-07-23] FF ProfilePath: C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818 [2023-08-27] FF Homepage: Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818 -> google.com FF Extension: (Easy Screenshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\easyscreenshot@mozillaonline.com.xpi [2023-01-03] FF Extension: (Disable WebRTC) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2021-09-21] FF Extension: (uBlock Origin) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\uBlock0@raymondhill.net.xpi [2023-07-26] FF Extension: (Page Captures d'écran Web - Fireshot) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2023-06-22] FF Extension: (Voir image) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{287dcf75-bec6-4eec-b4f6-71948a2eea29}.xpi [2023-08-23] FF Extension: (EPUBReader) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2023-01-25] FF Extension: (IIIF Download) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{9c16ac2c-a272-4136-9493-277c55d7f39c}.xpi [2021-09-21] FF Extension: (Video DownloadHelper) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-26] FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\bedek\AppData\Roaming\Mozilla\Firefox\Profiles\5r9dtyub.default-release-1632066696818\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-21] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2021-01-25] [non signé] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> ) FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-10-11] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-10-11] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-19] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-26] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-10] (Adobe Inc. -> ) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2022-01-22] () [Fichier non signé] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-26] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR Profile: C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default [2023-07-27] CHR Extension: (Google Docs Offline) - C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-25] CHR Extension: (Pas de nom) - C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllpomlmiljchdbigeahkpflkonfjiob [2023-07-03] CHR Extension: (Pas de nom) - C:\Users\bedek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-03] ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-10] (Adobe Inc. -> Adobe) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-26] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated) R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.2.0_x64.exe [9728 2022-01-19] (GuinpinSoft inc) [Fichier non signé] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11878368 2023-08-23] (Microsoft Corporation -> Microsoft Corporation) R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1710880 2019-01-26] (voidtools -> ) R2 HmaProVpn; C:\Program Files\Privax\HMA VPN\VpnSvc.exe [10781064 2023-07-27] (Privax Limited -> Privax Limited) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9283096 2023-08-25] (Malwarebytes Inc. -> Malwarebytes) R2 RunSwUSB; C:\Windows\runSW.exe [59232 2018-05-02] (Realtek Semiconductor Corp. -> ) R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2022-01-22] (Photodex Corporation -> ) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [145984 2012-01-18] (ArcSoft, Inc. -> ArcSoft, Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe [3104488 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe [133576 2023-08-23] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> ) R3 ANVSOFT_WaveExtensible; C:\Windows\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> ) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 ArcSoftKsUFilter; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-03] (ArcSoft, Inc. -> ArcSoft, Inc.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2021-09-16] (Microsoft Corporation) [Fichier non signé] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [154112 2021-10-13] (Microsoft Corporation) [Fichier non signé] S3 ddmdrv; C:\Windows\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Fichier non signé] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [Fichier non signé] S3 hmatap; C:\Windows\System32\drivers\hmatap.sys [36456 2018-09-05] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222672 2023-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKsl06c70f8a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF0B31C4-2D34-4263-A478-5792E71F37AB}\MpKslDrv.sys [222464 2023-08-27] (Microsoft Windows -> Microsoft Corporation) R3 pvxVpnRdr; C:\Windows\System32\drivers\pvxVpnRdr.sys [76504 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Privax Limited) R3 pvxWintun; C:\Windows\System32\drivers\pvxWintun.sys [48016 2022-12-02] (Privax Limited -> Privax Limited) S3 pvxWireGuard; C:\Windows\System32\drivers\pvxWireguard.sys [500440 2022-12-02] (Privax Limited -> WireGuard LLC) R1 RsProxy; C:\Windows\system32\drivers\RsProxy.sys [15976 2020-09-10] (Realtek Semiconductor Corp -> ) R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc.) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55704 2023-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572656 2023-08-23] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [104688 2023-08-23] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-08-27 13:20 - 2023-08-27 13:21 - 000000000 ____D C:\FRST 2023-08-26 10:51 - 2023-08-26 10:55 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Access 2023-08-25 09:09 - 2023-08-25 11:39 - 000000000 ____D C:\Users\bedek\AppData\Roaming\balena-etcher 2023-08-23 14:51 - 2023-08-27 09:06 - 106430464 _____ C:\Windows\system32\config\SOFTWARE 2023-08-23 14:45 - 2023-08-23 14:51 - 000000000 ____D C:\Windows\Microsoft Antimalware 2023-08-23 10:49 - 2023-08-24 09:37 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2023-08-23 08:38 - 2023-08-23 08:38 - 000000000 ___HD C:\$WinREAgent 2023-08-23 08:02 - 2023-08-23 10:34 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-07-30 08:17 - 2023-07-30 08:17 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 2023-07-27 08:00 - 2023-07-27 08:00 - 000001972 _____ C:\Users\Public\Desktop\HMA VPN.lnk 2023-07-17 17:58 - 2023-07-17 17:58 - 000000000 ____D C:\Users\bedek\AppData\Roaming\MPC-HC 2023-06-22 14:41 - 2023-06-22 14:57 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Deezloader Remix ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-08-27 13:19 - 2022-02-10 15:32 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-08-27 13:16 - 2020-08-04 18:53 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Everything 2023-08-27 13:16 - 2020-08-04 18:05 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-08-27 12:55 - 2021-12-16 00:39 - 000000000 ____D C:\Windows\SystemTemp 2023-08-27 12:55 - 2020-08-04 20:35 - 000000000 ____D C:\Program Files (x86)\Google 2023-08-27 12:51 - 2020-08-05 08:08 - 000000000 ____D C:\Users\bedek\AppData\Roaming\ZHP 2023-08-27 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-08-27 11:03 - 2020-08-04 19:42 - 000000000 ____D C:\Users\bedek\AppData\LocalLow\Mozilla 2023-08-27 10:44 - 2021-05-27 17:53 - 003343008 _____ (Nicolas Coolman) C:\Users\bedek\ZHPCleaner.exe 2023-08-27 10:44 - 2020-08-04 19:49 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Word 2023-08-27 10:44 - 2020-08-04 18:14 - 000000000 ____D C:\Users\bedek 2023-08-27 09:12 - 2020-08-04 18:10 - 001681370 _____ C:\Windows\system32\PerfStringBackup.INI 2023-08-27 09:12 - 2019-12-07 16:49 - 000755174 _____ C:\Windows\system32\perfh00C.dat 2023-08-27 09:12 - 2019-12-07 16:49 - 000141980 _____ C:\Windows\system32\perfc00C.dat 2023-08-27 09:12 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF 2023-08-27 09:07 - 2022-10-27 16:31 - 000003946 _____ C:\Windows\system32\Tasks\HMA VPN Update 2023-08-27 09:07 - 2020-08-04 22:14 - 000000000 ____D C:\ProgramData\Privax 2023-08-27 09:07 - 2020-08-04 19:36 - 000000000 ____D C:\ProgramData\NVIDIA 2023-08-27 09:07 - 2020-08-04 18:05 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-27 09:07 - 2020-08-04 18:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-08-27 09:06 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI 2023-08-27 08:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-27 08:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness 2023-08-26 23:06 - 2020-08-05 09:08 - 000000000 ____D C:\Users\bedek\AppData\Roaming\vlc 2023-08-26 19:53 - 2020-08-27 01:04 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-08-26 19:53 - 2020-08-27 01:04 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-08-26 09:09 - 2021-02-20 13:28 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-08-26 09:09 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp 2023-08-25 13:04 - 2020-08-04 19:49 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Office 2023-08-25 11:32 - 2020-08-06 01:03 - 000000028 _____ C:\Windows\OutLog.txt 2023-08-25 08:59 - 2020-08-04 20:35 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-08-24 09:37 - 2020-08-04 19:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-08-24 00:00 - 2023-02-10 00:40 - 000000000 ____D C:\Users\bedek\AppData\Roaming\calibre 2023-08-23 23:15 - 2023-02-10 00:40 - 000001053 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2023-08-23 23:15 - 2023-02-10 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2023-08-23 23:15 - 2023-02-10 00:39 - 000000000 ____D C:\Program Files\Calibre2 2023-08-23 22:51 - 2021-04-20 00:41 - 000001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-08-23 19:47 - 2023-03-22 23:23 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2023-08-23 19:46 - 2021-05-22 08:14 - 000545970 _____ C:\Windows\ntbtlog.txt 2023-08-23 16:19 - 2020-08-16 12:37 - 000000000 ____D C:\Program Files\Recuva 2023-08-23 14:04 - 2021-05-22 08:14 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2023-08-23 10:45 - 2020-08-04 18:05 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-08-23 10:35 - 2020-08-04 18:05 - 005172712 _____ C:\Windows\system32\FNTCACHE.DAT 2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources 2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup 2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr 2023-08-23 10:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat 2023-08-23 08:44 - 2020-08-04 18:09 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-08-23 08:37 - 2020-08-04 18:30 - 000000000 ____D C:\Windows\system32\MRT 2023-08-23 08:34 - 2020-08-04 18:30 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-08-23 08:33 - 2022-01-21 11:42 - 000000000 ____D C:\Program Files\dotnet 2023-08-23 08:33 - 2020-08-04 21:54 - 000000000 ____D C:\ProgramData\Package Cache 2023-08-23 08:04 - 2020-08-04 19:42 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-08-23 08:01 - 2022-10-13 19:24 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2023-08-23 08:01 - 2022-10-13 19:24 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2023-08-23 08:01 - 2020-11-27 12:48 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2023-08-23 07:58 - 2020-08-04 19:39 - 000000000 ____D C:\Program Files\Microsoft Office 2023-08-23 07:53 - 2022-08-18 15:51 - 000002417 _____ C:\Users\bedek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-08-23 07:53 - 2021-12-13 18:09 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-915969086-1333566815-1066330387-1001 2023-08-23 07:53 - 2020-08-04 18:19 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-915969086-1333566815-1066330387-1001 2023-08-23 07:52 - 2020-08-04 22:53 - 000000000 ____D C:\ProgramData\MEGAsync 2023-08-23 07:50 - 2020-12-04 20:21 - 000003884 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2023-08-23 07:50 - 2020-12-04 20:21 - 000003760 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2023-07-31 13:10 - 2021-01-05 23:52 - 000000000 ____D C:\Program Files (x86)\Everything 2023-07-30 17:07 - 2020-08-04 19:51 - 000000000 ____D C:\Users\bedek\AppData\Roaming\Microsoft\Excel 2023-07-30 08:17 - 2021-03-06 01:25 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0 2023-07-28 13:17 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF 2023-07-28 08:24 - 2020-08-04 18:31 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Fichiers à la racine de certains dossiers ======== 2021-05-27 17:53 - 2023-08-27 10:44 - 003343008 _____ (Nicolas Coolman) C:\Users\bedek\ZHPCleaner.exe 2023-06-07 23:54 - 2022-10-18 09:24 - 007176968 _____ () C:\Program Files\_DSC6361.JPG 2021-02-07 01:29 - 2021-02-07 01:29 - 000000112 _____ () C:\Users\bedek\AppData\Roaming\Préfs JP2K CS6 2020-11-24 20:10 - 2020-11-24 20:10 - 000000000 _____ () C:\Users\bedek\AppData\Local\oobelibMkey.log ==================== SigCheckExt ========================= 2020-08-06 01:01 - 2015-09-21 00:30 - 003557000 _____ C:\Windows\system32\BootMan.exe 2020-08-06 01:01 - 2014-11-18 14:46 - 000017504 _____ C:\Windows\system32\EuEpmGdi.dll 2021-04-20 01:00 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll 2020-08-06 01:01 - 2014-11-18 14:38 - 000101984 _____ C:\Windows\system32\setupempdrvx64.exe 2021-04-20 01:00 - 2017-07-30 12:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll 2021-04-20 01:00 - 2019-12-28 11:00 - 000784384 _____ C:\Windows\system32\xvidcore.dll 2021-04-20 01:00 - 2019-12-28 11:00 - 000310784 _____ C:\Windows\system32\xvidvfw.dll 2020-08-21 10:57 - 2016-09-29 09:44 - 001298584 _____ C:\Windows\ddmmain.exe 2020-08-06 01:01 - 2015-09-21 00:19 - 002658952 _____ C:\Windows\SysWOW64\BootMan.exe 2020-08-06 01:01 - 2014-11-18 14:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll 2021-04-20 01:00 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll 2020-09-10 18:42 - 2005-05-28 06:58 - 000393216 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLUP60.dll 2020-09-10 18:42 - 2005-05-27 14:58 - 000249856 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLURT.dll 2020-09-10 18:42 - 2003-03-18 22:14 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2020-09-10 18:42 - 2003-02-21 04:42 - 000348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2022-01-21 11:09 - 2012-03-23 19:59 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2020-09-10 18:42 - 1995-07-31 13:44 - 000212480 _____ (Eastman Kodak) C:\Windows\SysWOW64\PCDLIB32.DLL 2020-08-06 01:01 - 2014-11-18 14:38 - 000088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe 2021-04-20 01:00 - 2017-07-30 12:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll 2021-04-20 01:00 - 2019-12-28 11:00 - 000681984 _____ C:\Windows\SysWOW64\xvidcore.dll 2021-04-20 01:00 - 2019-12-28 11:00 - 000284160 _____ C:\Windows\SysWOW64\xvidvfw.dll 2021-05-27 17:53 - 2023-08-27 10:44 - 003343008 _____ (Nicolas Coolman) C:\Users\bedek\ZHPCleaner.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de démarrage du microprogramme ------------------------------------------- identificateur {fwbootmgr} displayorder {bootmgr} {5faa8920-44a8-11ee-b764-806e6f6e6963} {3251514a-d674-11ea-8bc8-a600eed70c0c} {32515147-d674-11ea-8bc8-a600eed70c0c} {43025186-43f7-11ee-b762-806e6f6e6963} timeout 0 Gestionnaire de démarrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {3251514b-d674-11ea-8bc8-a600eed70c0c} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Application logicielle (101fffff) -------------------------------- identificateur {32515147-d674-11ea-8bc8-a600eed70c0c} description KingstonDataTraveler 2.0PMAP Application logicielle (101fffff) -------------------------------- identificateur {3251514a-d674-11ea-8bc8-a600eed70c0c} description KINGSTON SA400S37480G Application logicielle (101fffff) -------------------------------- identificateur {43025186-43f7-11ee-b762-806e6f6e6963} description P2: PLDS DVDRW/BDROM DH-12E3SH Application logicielle (101fffff) -------------------------------- identificateur {5faa8920-44a8-11ee-b764-806e6f6e6963} device unknown description UEFI: KingstonDataTraveler 2.0PMAP Chargeur de démarrage Windows ----------------------------- identificateur {current} device partition=C: path \Windows\system32\winload.efi description Windows 10 locale fr-FR inherit {bootloadersettings} recoverysequence {3251514d-d674-11ea-8bc8-a600eed70c0c} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {3251514b-d674-11ea-8bc8-a600eed70c0c} nx OptIn bootmenupolicy Standard Chargeur de démarrage Windows ----------------------------- identificateur {3251514d-d674-11ea-8bc8-a600eed70c0c} device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{3251514e-d674-11ea-8bc8-a600eed70c0c} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-fr inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{3251514e-d674-11ea-8bc8-a600eed70c0c} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Reprendre à partir de la mise en veille prolongée ------------------------------------------------- identificateur {3251514b-d674-11ea-8bc8-a600eed70c0c} device partition=C: path \Windows\system32\winresume.efi description Windows Resume Application locale fr-FR inherit {resumeloadersettings} recoverysequence {3251514d-d674-11ea-8bc8-a600eed70c0c} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Testeur de mémoire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\memtest.efi description Diagnostics mémoire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes Paramètres EMS -------------- identificateur {emssettings} bootems No Paramètres du débogueur ----------------------- identificateur {dbgsettings} debugtype Local Erreurs de mémoire RAM ---------------------- identificateur {badmemory} Paramètres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Paramètres du chargeur de démarrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Paramètres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Paramètres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de périphérique ----------------------- identificateur {3251514e-d674-11ea-8bc8-a600eed70c0c} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume4 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Fin de FRST.txt ========================