Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021 01
Ran by Jean-Christophe (administrator) on DESKTOP-3SDP51R (Acer Aspire one 1-131) (26-01-2021 17:38:09)
Running from C:\Users\Administrator.DESKTOP-3SDP51R\Desktop
Loaded Profiles: Jean-Christophe
Platform: Windows 10 Pro Version 1703 15063.608 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Druide Informatique Inc. -> Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 10\Application\Bin64\AgentAntidote.exe
(Druide Informatique Inc. -> Druide informatique inc.) C:\Program Files (x86)\Druide\Connectix 10\Application\Bin64\AgentConnectix.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AgentConnectix64] => C:\Program Files (x86)\Druide\Connectix 10\Application\Bin64\AgentConnectix.exe [2872936 2019-04-30] (Druide Informatique Inc. -> Druide informatique inc.)
HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:autoplay;backup;easeofaccess-closedcaptioning;easeofaccess-highcontrast;easeofaccess-keyboard;easeofaccess-magnifier;easeofaccess-mouse;easeofaccess-narrator;easeofaccess-otheroptions;gaming-broa (the data entry has 112 more characters).
HKU\S-1-5-21-2756927612-10717093-2089134081-500\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> )
HKU\S-1-5-21-2756927612-10717093-2089134081-500\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Print\Monitors\IppMon: C:\Windows\system32\IPPMon.dll [225792 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{9650FDBC-053A-4715-AD14-FC2DC65E8330}] -> C:\Windows\system32\hvsigpext.dll [2017-03-19] (Microsoft Windows -> )
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\Users\Administrator\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Administrator.DESKTOP-3SDP51R\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01A7246C-FDD2-48C2-A873-AA2D9B77465A} - System32\Tasks\Microsoft\Windows\Maintenance\WinSAT => {A9A33436-678B-4C9C-A211-7CC38785E79D}
Task: {0331F43B-FCE9-4EDE-9FCE-DC0DC0214C07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {065067E4-27B2-4646-BA30-33C0EE0CD316} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-30] (Google Inc -> Google Inc.)
Task: {2F0BC1EA-793A-4C13-B19F-267A7DFF6702} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-30] (Google Inc -> Google Inc.)
Task: {520F86EC-C5DB-41FF-82B3-E663FE0F008D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {67B9A00B-839C-4225-A8BD-B2B010442C83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {841E4420-306A-4ED2-890A-BE95B09DDD64} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E2369CB-F097-42B6-9E27-A0B73090A61E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe
Task: {9D61B7D6-60A3-4B6C-A43F-FC0F6FBA9E86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDBF0E3C-0F4C-4CE5-BBD3-66E48273F6E4} - System32\Tasks\bklVvgvXgAlRDIC => rundll32 "C:\Users\Jean-Christophe\AppData\Local\Temp\FIRAWjfGQJGclXpaI\ZPqjSGRTXDNAqErs\EfVfNtp.dll",#1 /adp RVDL5YVDL0TVDL9DWDL1XUDL8MVDL9XUDL5NWDL4MVDL7UWDL9TVDL0HWDL8RWDL1CXDL2WWDL9 /site_id 751 <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\bklVvgvXgAlRDIC.job => C:\Users\Jean-Christophe\AppData\Local\Temp\FIRAWjfGQJGclXpaI\ZPqjSGRTXDNAqErs\EfVfNtp.dll <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e931c2a2-5021-4483-94b7-8a7fe4bbf2b9}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF DefaultProfile: 9g1hj5cw.default
FF ProfilePath: C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\9g1hj5cw.default [2020-05-03]
FF Extension: (Antidote) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\9g1hj5cw.default\Extensions\antidote_uni10_firefox@druide.com.xpi [2019-04-16] [UpdateUrl:hxxps://www.druide.com/telecharger/texteurs/Mozilla/commun/maj_antidote_mozilla.php?id=%ITEM_ID%&version=%ITEM_VERSION%&appid=%APP_ID%&appversion=%APP_VERSION%&appos=%APP_OS%&appabi=%APP_ABI%&applocale=%APP_LOCALE%;&itemstatus=%ITEM_STATUS%]
FF Extension: (Avira Password Manager) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\9g1hj5cw.default\Extensions\passwordmanager@avira.com [2020-03-06]
FF ProfilePath: C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\q29m2e1l.default-release-1605439988070 [2021-01-26]
FF Notifications: Mozilla\Firefox\Profiles\q29m2e1l.default-release-1605439988070 -> hxxps://www.cnetfrance.fr
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default [2020-11-09]
CHR Extension: (Slides) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-02]
CHR Extension: (Docs) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-02]
CHR Extension: (Google Drive) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-02]
CHR Extension: (Avira Password Manager) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-11-07]
CHR Extension: (Antidote) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\cchfigjcpjmclmmphipdkeocklpnjecm [2020-11-07]
CHR Extension: (Sheets) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-02]
CHR Extension: (Google Docs hors connexion) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-17]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-02]
CHR Extension: (Gmail) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-03]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-19]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [cchfigjcpjmclmmphipdkeocklpnjecm]
CHR HKU\S-1-5-21-2756927612-10717093-2089134081-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [cchfigjcpjmclmmphipdkeocklpnjecm]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-09-14] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [141472 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslb2e6bc37; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B430EB6A-A930-45E9-A102-D9628E82067D}\MpKslDrv.sys [91376 2021-01-25] (Microsoft Windows -> Microsoft Corporation)
S3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2020-02-24] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
U4 dcpsvc; no ImagePath
U2 DiagTrack; no ImagePath
S3 kdnic; \SystemRoot\System32\drivers\kdnic.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-26 17:38 - 2021-01-26 17:39 - 000013783 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\FRST.txt
2021-01-26 17:37 - 2021-01-26 17:38 - 000000000 ____D C:\FRST
2021-01-26 17:36 - 2021-01-26 17:37 - 002297344 _____ (Farbar) C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\FRST64.exe
2021-01-25 20:04 - 2021-01-25 20:04 - 000257921 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\ZHPDiag.txt
2021-01-25 19:55 - 2021-01-25 19:55 - 000001542 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\malwarebytes.txt
2021-01-25 19:36 - 2021-01-25 19:36 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-25 19:35 - 2021-01-25 19:35 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-01-25 19:35 - 2021-01-25 19:35 - 000141472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-25 19:34 - 2021-01-25 19:34 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\mbam
2021-01-25 19:33 - 2021-01-25 19:33 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-25 19:33 - 2021-01-25 19:33 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-25 19:33 - 2021-01-25 19:33 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-25 19:33 - 2021-01-25 19:33 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-25 19:33 - 2021-01-25 19:33 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-25 19:33 - 2021-01-25 19:33 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-25 19:33 - 2021-01-25 19:33 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-25 19:22 - 2021-01-25 19:22 - 000002088 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\AdwCleaner[S03].txt
2021-01-25 19:17 - 2021-01-25 19:17 - 000004913 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\ZHPCleaner (S).txt
2021-01-25 13:03 - 2021-01-25 20:04 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\ZHP
2021-01-25 13:03 - 2021-01-25 19:56 - 000000889 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\ZHPSuite.lnk
2021-01-25 13:03 - 2021-01-25 19:00 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\ZHP
2021-01-19 17:08 - 2021-01-25 19:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-26 17:36 - 2019-01-30 18:26 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-26 17:35 - 2019-06-03 18:52 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\LocalLow\Mozilla
2021-01-26 17:31 - 2020-03-06 09:49 - 000000000 ____D C:\Program Files\CCleaner
2021-01-26 17:31 - 2019-06-03 19:43 - 000000000 ___RD C:\Users\Administrator.DESKTOP-3SDP51R\Google Drive
2021-01-25 21:38 - 2018-04-28 17:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-25 19:33 - 2020-11-19 10:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-25 19:33 - 2017-03-18 22:03 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-25 19:28 - 2018-04-28 17:38 - 001483710 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-25 19:24 - 2018-04-30 18:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-25 19:24 - 2018-04-28 17:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-25 19:24 - 2017-03-18 12:40 - 000032768 _____ C:\Windows\system32\config\BBI
2021-01-25 19:19 - 2019-06-01 11:40 - 000000000 ___HD C:\Windows\rss
2021-01-21 17:19 - 2018-04-30 18:49 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-18 17:12 - 2020-03-06 09:49 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-01-04 13:43 - 2020-04-20 16:06 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\994d67d60f02
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
==================== End of FRST.txt ========================
Ran by Jean-Christophe (administrator) on DESKTOP-3SDP51R (Acer Aspire one 1-131) (26-01-2021 17:38:09)
Running from C:\Users\Administrator.DESKTOP-3SDP51R\Desktop
Loaded Profiles: Jean-Christophe
Platform: Windows 10 Pro Version 1703 15063.608 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Druide Informatique Inc. -> Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 10\Application\Bin64\AgentAntidote.exe
(Druide Informatique Inc. -> Druide informatique inc.) C:\Program Files (x86)\Druide\Connectix 10\Application\Bin64\AgentConnectix.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AgentConnectix64] => C:\Program Files (x86)\Druide\Connectix 10\Application\Bin64\AgentConnectix.exe [2872936 2019-04-30] (Druide Informatique Inc. -> Druide informatique inc.)
HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:autoplay;backup;easeofaccess-closedcaptioning;easeofaccess-highcontrast;easeofaccess-keyboard;easeofaccess-magnifier;easeofaccess-mouse;easeofaccess-narrator;easeofaccess-otheroptions;gaming-broa (the data entry has 112 more characters).
HKU\S-1-5-21-2756927612-10717093-2089134081-500\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> )
HKU\S-1-5-21-2756927612-10717093-2089134081-500\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Print\Monitors\IppMon: C:\Windows\system32\IPPMon.dll [225792 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{9650FDBC-053A-4715-AD14-FC2DC65E8330}] -> C:\Windows\system32\hvsigpext.dll [2017-03-19] (Microsoft Windows -> )
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\Users\Administrator\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Administrator.DESKTOP-3SDP51R\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01A7246C-FDD2-48C2-A873-AA2D9B77465A} - System32\Tasks\Microsoft\Windows\Maintenance\WinSAT => {A9A33436-678B-4C9C-A211-7CC38785E79D}
Task: {0331F43B-FCE9-4EDE-9FCE-DC0DC0214C07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {065067E4-27B2-4646-BA30-33C0EE0CD316} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-30] (Google Inc -> Google Inc.)
Task: {2F0BC1EA-793A-4C13-B19F-267A7DFF6702} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-30] (Google Inc -> Google Inc.)
Task: {520F86EC-C5DB-41FF-82B3-E663FE0F008D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {67B9A00B-839C-4225-A8BD-B2B010442C83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {841E4420-306A-4ED2-890A-BE95B09DDD64} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E2369CB-F097-42B6-9E27-A0B73090A61E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe
Task: {9D61B7D6-60A3-4B6C-A43F-FC0F6FBA9E86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDBF0E3C-0F4C-4CE5-BBD3-66E48273F6E4} - System32\Tasks\bklVvgvXgAlRDIC => rundll32 "C:\Users\Jean-Christophe\AppData\Local\Temp\FIRAWjfGQJGclXpaI\ZPqjSGRTXDNAqErs\EfVfNtp.dll",#1 /adp RVDL5YVDL0TVDL9DWDL1XUDL8MVDL9XUDL5NWDL4MVDL7UWDL9TVDL0HWDL8RWDL1CXDL2WWDL9 /site_id 751 <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\bklVvgvXgAlRDIC.job => C:\Users\Jean-Christophe\AppData\Local\Temp\FIRAWjfGQJGclXpaI\ZPqjSGRTXDNAqErs\EfVfNtp.dll <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e931c2a2-5021-4483-94b7-8a7fe4bbf2b9}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF DefaultProfile: 9g1hj5cw.default
FF ProfilePath: C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\9g1hj5cw.default [2020-05-03]
FF Extension: (Antidote) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\9g1hj5cw.default\Extensions\antidote_uni10_firefox@druide.com.xpi [2019-04-16] [UpdateUrl:hxxps://www.druide.com/telecharger/texteurs/Mozilla/commun/maj_antidote_mozilla.php?id=%ITEM_ID%&version=%ITEM_VERSION%&appid=%APP_ID%&appversion=%APP_VERSION%&appos=%APP_OS%&appabi=%APP_ABI%&applocale=%APP_LOCALE%;&itemstatus=%ITEM_STATUS%]
FF Extension: (Avira Password Manager) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\9g1hj5cw.default\Extensions\passwordmanager@avira.com [2020-03-06]
FF ProfilePath: C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\q29m2e1l.default-release-1605439988070 [2021-01-26]
FF Notifications: Mozilla\Firefox\Profiles\q29m2e1l.default-release-1605439988070 -> hxxps://www.cnetfrance.fr
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default [2020-11-09]
CHR Extension: (Slides) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-02]
CHR Extension: (Docs) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-02]
CHR Extension: (Google Drive) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-02]
CHR Extension: (Avira Password Manager) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-11-07]
CHR Extension: (Antidote) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\cchfigjcpjmclmmphipdkeocklpnjecm [2020-11-07]
CHR Extension: (Sheets) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-02]
CHR Extension: (Google Docs hors connexion) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-17]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-02]
CHR Extension: (Gmail) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-03]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-19]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [cchfigjcpjmclmmphipdkeocklpnjecm]
CHR HKU\S-1-5-21-2756927612-10717093-2089134081-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [cchfigjcpjmclmmphipdkeocklpnjecm]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-09-14] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-01-25] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [141472 2021-01-25] (Malwarebytes Inc -> Malwarebytes)
R3 MpKslb2e6bc37; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B430EB6A-A930-45E9-A102-D9628E82067D}\MpKslDrv.sys [91376 2021-01-25] (Microsoft Windows -> Microsoft Corporation)
S3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2020-02-24] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
U4 dcpsvc; no ImagePath
U2 DiagTrack; no ImagePath
S3 kdnic; \SystemRoot\System32\drivers\kdnic.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-26 17:38 - 2021-01-26 17:39 - 000013783 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\FRST.txt
2021-01-26 17:37 - 2021-01-26 17:38 - 000000000 ____D C:\FRST
2021-01-26 17:36 - 2021-01-26 17:37 - 002297344 _____ (Farbar) C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\FRST64.exe
2021-01-25 20:04 - 2021-01-25 20:04 - 000257921 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\ZHPDiag.txt
2021-01-25 19:55 - 2021-01-25 19:55 - 000001542 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\malwarebytes.txt
2021-01-25 19:36 - 2021-01-25 19:36 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-25 19:35 - 2021-01-25 19:35 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-01-25 19:35 - 2021-01-25 19:35 - 000141472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-25 19:34 - 2021-01-25 19:34 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\mbam
2021-01-25 19:33 - 2021-01-25 19:33 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-25 19:33 - 2021-01-25 19:33 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-25 19:33 - 2021-01-25 19:33 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-25 19:33 - 2021-01-25 19:33 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-25 19:33 - 2021-01-25 19:33 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-25 19:33 - 2021-01-25 19:33 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-25 19:33 - 2021-01-25 19:33 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-25 19:22 - 2021-01-25 19:22 - 000002088 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\AdwCleaner[S03].txt
2021-01-25 19:17 - 2021-01-25 19:17 - 000004913 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\ZHPCleaner (S).txt
2021-01-25 13:03 - 2021-01-25 20:04 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\ZHP
2021-01-25 13:03 - 2021-01-25 19:56 - 000000889 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\ZHPSuite.lnk
2021-01-25 13:03 - 2021-01-25 19:00 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\ZHP
2021-01-19 17:08 - 2021-01-25 19:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-26 17:36 - 2019-01-30 18:26 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-26 17:35 - 2019-06-03 18:52 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\LocalLow\Mozilla
2021-01-26 17:31 - 2020-03-06 09:49 - 000000000 ____D C:\Program Files\CCleaner
2021-01-26 17:31 - 2019-06-03 19:43 - 000000000 ___RD C:\Users\Administrator.DESKTOP-3SDP51R\Google Drive
2021-01-25 21:38 - 2018-04-28 17:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-25 19:33 - 2020-11-19 10:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-25 19:33 - 2017-03-18 22:03 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-25 19:28 - 2018-04-28 17:38 - 001483710 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-25 19:24 - 2018-04-30 18:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-25 19:24 - 2018-04-28 17:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-25 19:24 - 2017-03-18 12:40 - 000032768 _____ C:\Windows\system32\config\BBI
2021-01-25 19:19 - 2019-06-01 11:40 - 000000000 ___HD C:\Windows\rss
2021-01-21 17:19 - 2018-04-30 18:49 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-18 17:12 - 2020-03-06 09:49 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-01-04 13:43 - 2020-04-20 16:06 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\994d67d60f02
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
==================== End of FRST.txt ========================