Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021
Exécuté par Admin (administrateur) sur DESKTOP-3AJ2T2N (Acer NC-F5-573-37KH) (04-01-2022 17:04:11)
Exécuté depuis C:\Users\Admin\Desktop
Profils chargés: Admin
Plate-forme: Microsoft Windows 10 Famille Version 21H1 19043.1415 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391120 2019-11-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-11-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe [1790704 2019-12-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) [Fichier non signé]
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\MountPoints2: {020fea54-e92b-11ea-b1f0-74dfbf7dfeb2} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\MountPoints2: {4a02d1ad-114e-11ea-b1d7-806e6f6e6963} - "F:\Autorun.exe"
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe [1790704 2019-12-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) [Fichier non signé]
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\MountPoints2: {020fea54-e92b-11ea-b1f0-74dfbf7dfeb2} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\MountPoints2: {4a02d1ad-114e-11ea-b1d7-806e6f6e6963} - "F:\Autorun.exe"
HKLM\...\Windows x64\Print Processors\Canon MG7500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC7.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG7500 series: C:\WINDOWS\system32\CNMLMC7.DLL [406016 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [375296 2014-03-17] (CANON INC.) [Fichier non signé]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-27] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {00C517A9-A664-4D3A-9682-CDF8523F3DB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-27] (Google LLC -> Google LLC)
Task: {0E7E7CDC-1896-48A8-AEDD-926D8C2EBEBB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {2BCDD601-813E-43FE-802D-6214EBFB573E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DC76FC5-E36B-4A48-8A20-3778D6F9F59B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {37227BD1-2489-4CF2-BDAD-FC9047D7F46C} - System32\Tasks\CCleanerSkipUAC - Admin => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3ABE7EE5-043D-4E52-8F76-D4F8065E54B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {473053D3-E8F8-4F02-8D71-62BB5AAD3BA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4D9B3DA2-4E66-4298-97FC-B178DEAEDBDA} - System32\Tasks\Driver Booster SkipUAC (Admin) => D:\Programme\IObitDriverBooster\App\DriverBooster\DriverBooster.exe /skipuac (Pas de fichier)
Task: {7FA74535-678D-433D-ACDE-A6C9783C2DA9} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {8272EBA7-B3B8-4AB1-8F12-895C5FF1BDFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {868F93D8-7666-42E9-BA25-8E0B3F40538F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1615336 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {87C73372-ED11-4EAD-A403-D4A9CCE2AA10} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {902B0F0E-567D-4685-AC98-716638C26CD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A2B83773-89DA-4026-B7C3-90F2666B38EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-27] (Google LLC -> Google LLC)
Task: {A43761AF-2BA0-48DF-BF14-7579A70FCABA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {B02CD279-9ACF-45FB-939C-7D9F05994D3B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform)
Task: {B2E0AD50-8019-4B94-9EC2-21B7143AD1E1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA6572B3-7CEF-49D2-93E8-F2B2D7937FE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCCF4465-C87A-4EBD-8347-EF7DC6739D2E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E085E717-A2A6-4CA9-86F3-3C4EDE541746} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {E4DB2704-FF2B-46BE-B998-D1D43BD8C8B9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d025d5e1-f262-417f-b84a-c5345b54b669}: [DhcpNameServer] 192.168.1.1
Edge:
=======
DownloadDir: C:\Users\Admin\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2043018391-611827920-1664459823-1002 -> hxxps://www.google.fr/
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-04]
Edge HomePage: Default -> hxxps://www.google.fr/
Edge StartupUrls: Default -> "hxxps://www.google.fr/"
FireFox:
========
FF DefaultProfile: fbwbaeix.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fbwbaeix.default [2020-03-06]
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fbwbaeix.default\Extensions\sp@avast.com.xpi [2019-12-02]
FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fbwbaeix.default\Extensions\wrc@avast.com.xpi [2019-12-02]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release [2022-01-04]
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\sp@avast.com.xpi [2021-10-28]
FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\wrc@avast.com.xpi [2020-04-21] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (Widilo Cashback) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\{37d71f0b-917d-485a-ad55-7fd43df7cb57}.xpi [2021-12-24]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-27]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2022-01-03]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-29]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-12-02] (Malwarebytes Inc -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-03-14] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2022-01-03] (Malwarebytes Inc -> Malwarebytes)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-24] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Trois mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2022-01-04 17:03 - 2022-01-04 17:03 - 000000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2022-01-04 16:51 - 2022-01-04 16:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\ZHPSuite.exe
2022-01-03 22:19 - 2022-01-03 22:19 - 000006399 _____ C:\Users\Admin\Desktop\ZHPCleaner (R).txt
2022-01-03 22:02 - 2022-01-03 22:02 - 000000748 _____ C:\Users\Admin\Downloads\Téléchargements - Raccourci.lnk
2021-12-29 21:37 - 2022-01-03 21:45 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-29 19:15 - 2021-12-29 19:15 - 000001779 _____ C:\Users\Admin\Desktop\AdwCleaner[C02].txt
2021-12-29 19:09 - 2021-12-29 19:09 - 008540344 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_8.3.1(1).exe
2021-12-29 19:06 - 2022-01-03 22:16 - 000006168 _____ C:\Users\Admin\Desktop\ZHPCleaner (S).txt
2021-12-29 18:54 - 2022-01-03 22:01 - 000000875 _____ C:\Users\Admin\Desktop\ZHPCleaner.lnk
2021-12-29 18:52 - 2021-12-29 18:52 - 003291800 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPCleaner.exe
2021-12-27 22:06 - 2021-12-27 22:06 - 000002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-27 22:06 - 2021-12-27 22:06 - 000002276 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-27 22:06 - 2021-12-27 22:06 - 000000000 ____D C:\Program Files\Google
2021-12-27 22:00 - 2022-01-04 17:05 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-27 22:00 - 2021-12-27 22:06 - 000000000 ____D C:\Users\Admin\AppData\Local\Google
2021-12-27 22:00 - 2021-12-27 22:00 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-27 22:00 - 2021-12-27 22:00 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-27 21:59 - 2021-12-27 21:59 - 001341272 _____ (Google LLC) C:\Users\Admin\Downloads\ChromeSetup.exe
2021-12-26 22:09 - 2021-12-26 22:10 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2021-12-26 22:09 - 2021-12-26 22:09 - 000001828 _____ C:\Users\Admin\Desktop\CrystalDiskInfo.lnk
2021-12-26 22:09 - 2021-12-26 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2021-12-26 22:08 - 2021-12-26 22:08 - 004707136 _____ (Crystal Dew World ) C:\Users\Admin\Downloads\CrystalDiskInfo8_11_2.exe
2021-12-26 22:01 - 2021-12-26 22:01 - 000000000 ____D C:\Users\Admin\Downloads\Wub
2021-12-26 21:59 - 2021-12-26 21:59 - 001004640 _____ C:\Users\Admin\Downloads\Wub.zip
2021-12-24 23:04 - 2021-12-24 23:04 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-24 21:48 - 2021-12-24 21:48 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-24 21:48 - 2021-12-24 21:48 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-24 21:45 - 2021-12-24 21:45 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-24 21:45 - 2021-12-24 21:45 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-24 20:48 - 2021-12-24 20:48 - 000000000 ___HD C:\$WinREAgent
2021-12-24 19:50 - 2021-12-24 19:50 - 000031520 _____ C:\Users\Admin\Desktop\Shortcut.txt
2021-12-24 19:41 - 2021-12-24 19:50 - 000038383 _____ C:\Users\Admin\Desktop\Addition.txt
2021-12-24 19:25 - 2022-01-04 17:05 - 000017786 _____ C:\Users\Admin\Desktop\FRST.txt
2021-12-24 19:24 - 2022-01-04 17:05 - 000000000 ____D C:\FRST
2021-12-24 19:23 - 2022-01-04 17:03 - 002311168 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2021-12-24 19:04 - 2022-01-04 16:59 - 000248479 _____ C:\Users\Admin\Desktop\ZHPDiag.txt
2021-12-24 18:52 - 2022-01-04 16:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\ZHP
2021-12-24 18:52 - 2022-01-04 16:51 - 000000724 _____ C:\Users\Admin\Desktop\ZHPSuite.lnk
2021-12-24 18:52 - 2021-12-29 18:54 - 000000000 ____D C:\Users\Admin\AppData\Local\ZHP
2021-12-24 18:50 - 2021-12-24 18:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPSuite.exe
2021-12-23 21:16 - 2021-12-23 21:16 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2043018391-611827920-1664459823-1002
2021-12-23 19:18 - 2021-12-23 22:05 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-23 18:33 - 2021-12-23 18:33 - 008540344 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_8.3.1.exe
2021-12-23 17:52 - 2021-12-23 17:52 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-27 20:20 - 2021-12-23 21:16 - 000002417 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-27 15:55 - 2021-11-27 15:55 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-27 15:55 - 2021-11-27 15:55 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-10-20 13:18 - 2021-10-20 13:18 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-20 13:16 - 2021-10-20 13:16 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-20 13:16 - 2021-10-20 13:16 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-20 13:15 - 2021-10-20 13:15 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-09 21:06 - 2021-12-23 21:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
==================== Trois mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2022-01-04 17:04 - 2019-12-02 11:16 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2022-01-04 16:51 - 2020-11-10 22:17 - 000000000 ____D C:\Users\Admin
2022-01-04 16:48 - 2019-12-02 12:15 - 000000000 ____D C:\Program Files\CCleaner
2022-01-03 21:51 - 2020-11-10 22:26 - 001770910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-03 21:51 - 2019-12-07 15:49 - 000793016 _____ C:\WINDOWS\system32\perfh00C.dat
2022-01-03 21:51 - 2019-12-07 15:49 - 000150146 _____ C:\WINDOWS\system32\perfc00C.dat
2022-01-03 21:51 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-03 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-03 21:43 - 2020-11-10 22:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-03 21:43 - 2020-11-10 22:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-03 21:43 - 2020-11-10 22:10 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-29 21:37 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-12-29 10:45 - 2019-11-27 20:45 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2021-12-29 10:43 - 2019-11-27 20:35 - 000000000 ____D C:\Intel
2021-12-26 22:13 - 2019-11-27 20:28 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2021-12-26 22:06 - 2019-12-02 11:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-12-26 22:04 - 2019-12-12 11:04 - 000000000 ____D C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2021-12-26 22:04 - 2019-12-12 11:03 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2021-12-26 22:02 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-12-25 21:23 - 2020-11-10 22:44 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-12-24 23:09 - 2020-11-10 22:10 - 000438080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-24 23:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-24 23:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-24 23:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-24 23:03 - 2019-12-12 10:49 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2021-12-24 22:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-24 20:43 - 2019-09-18 16:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-24 20:35 - 2019-09-18 16:32 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-24 20:07 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-24 20:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-24 19:39 - 2019-12-12 11:57 - 000000000 ____D C:\Program Files\Microsoft Office
2021-12-24 15:38 - 2019-09-18 16:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-12-23 22:02 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-12-23 21:54 - 2019-12-02 11:16 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-12-23 21:16 - 2020-11-10 22:44 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2043018391-611827920-1664459823-1002
2021-12-23 19:38 - 2020-07-12 20:14 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-23 19:38 - 2020-07-12 20:14 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-23 18:47 - 2019-12-02 11:41 - 000000000 ____D C:\ProgramData\AVAST Software
2021-12-23 18:46 - 2021-06-13 18:22 - 000000000 ____D C:\Users\Admin\AppData\Local\Avast Software
2021-12-23 18:37 - 2019-12-02 13:22 - 000000000 ____D C:\AdwCleaner
2021-12-23 18:32 - 2019-09-18 16:24 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-12-23 18:26 - 2020-11-30 09:45 - 000003540 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b7a81059d7cc
2021-12-23 18:26 - 2020-11-10 22:44 - 000003634 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== Fichiers à la racine de certains dossiers ========
2022-01-04 16:51 - 2022-01-04 16:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\ZHPSuite.exe
==================== SigCheckExt =========================
2020-01-13 22:02 - 2014-03-17 19:15 - 000375296 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2020-01-13 22:02 - 2014-03-17 19:15 - 000039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2020-01-13 22:02 - 2014-03-17 19:15 - 000380928 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2022-01-04 16:51 - 2022-01-04 16:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\ZHPSuite.exe
2021-12-24 19:23 - 2022-01-04 17:03 - 002311168 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2021-12-29 18:52 - 2021-12-29 18:52 - 003291800 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPCleaner.exe
2021-12-24 18:50 - 2021-12-24 18:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPSuite.exe
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== BCD ================================
Gestionnaire de d‚marrage du microprogramme
-------------------------------------------
identificateur {fwbootmgr}
displayorder {bootmgr}
{38a580ec-1146-11ea-b5a6-e1dcf4021cb6}
{38a580ed-1146-11ea-b5a6-e1dcf4021cb6}
{38a580ee-1146-11ea-b5a6-e1dcf4021cb6}
timeout 0
Gestionnaire de d‚marrage Windows
---------------------------------
identificateur {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale fr-FR
inherit {globalsettings}
default {current}
resumeobject {12786c3c-2399-11eb-801b-bc5bc03668b0}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Application logicielle (101fffff)
--------------------------------
identificateur {38a580ec-1146-11ea-b5a6-e1dcf4021cb6}
description EFI USB Device
Application logicielle (101fffff)
--------------------------------
identificateur {38a580ed-1146-11ea-b5a6-e1dcf4021cb6}
description EFI DVD/CDROM
Application logicielle (101fffff)
--------------------------------
identificateur {38a580ee-1146-11ea-b5a6-e1dcf4021cb6}
description EFI Network
Chargeur de d‚marrage Windows
-----------------------------
identificateur {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale fr-FR
inherit {bootloadersettings}
recoverysequence {12786c3e-2399-11eb-801b-bc5bc03668b0}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {12786c3c-2399-11eb-801b-bc5bc03668b0}
nx OptIn
bootmenupolicy Standard
Chargeur de d‚marrage Windows
-----------------------------
identificateur {12786c3e-2399-11eb-801b-bc5bc03668b0}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{12786c3f-2399-11eb-801b-bc5bc03668b0}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale fr-FR
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{12786c3f-2399-11eb-801b-bc5bc03668b0}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Reprendre … partir de la mise en veille prolong‚e
-------------------------------------------------
identificateur {12786c3c-2399-11eb-801b-bc5bc03668b0}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale fr-FR
inherit {resumeloadersettings}
recoverysequence {12786c3e-2399-11eb-801b-bc5bc03668b0}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Testeur de m‚moire Windows
--------------------------
identificateur {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Diagnostics m‚moire Windows
locale fr-FR
inherit {globalsettings}
badmemoryaccess Yes
ParamŠtres EMS
--------------
identificateur {emssettings}
bootems No
ParamŠtres du d‚bogueur
-----------------------
identificateur {dbgsettings}
debugtype Local
Erreurs de m‚moire RAM
----------------------
identificateur {badmemory}
ParamŠtres globaux
------------------
identificateur {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
ParamŠtres du chargeur de d‚marrage
-----------------------------------
identificateur {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
ParamŠtres de l'hyperviseur
-------------------
identificateur {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
ParamŠtres du chargeur de reprise
---------------------------------
identificateur {resumeloadersettings}
inherit {globalsettings}
Options de p‚riph‚rique
-----------------------
identificateur {12786c3f-2399-11eb-801b-bc5bc03668b0}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== Fin de FRST.txt ========================
Exécuté par Admin (administrateur) sur DESKTOP-3AJ2T2N (Acer NC-F5-573-37KH) (04-01-2022 17:04:11)
Exécuté depuis C:\Users\Admin\Desktop
Profils chargés: Admin
Plate-forme: Microsoft Windows 10 Famille Version 21H1 19043.1415 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391120 2019-11-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-11-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe [1790704 2019-12-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) [Fichier non signé]
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\MountPoints2: {020fea54-e92b-11ea-b1f0-74dfbf7dfeb2} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\MountPoints2: {4a02d1ad-114e-11ea-b1d7-806e6f6e6963} - "F:\Autorun.exe"
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe [1790704 2019-12-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) [Fichier non signé]
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\MountPoints2: {020fea54-e92b-11ea-b1f0-74dfbf7dfeb2} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\MountPoints2: {4a02d1ad-114e-11ea-b1d7-806e6f6e6963} - "F:\Autorun.exe"
HKLM\...\Windows x64\Print Processors\Canon MG7500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC7.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG7500 series: C:\WINDOWS\system32\CNMLMC7.DLL [406016 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [375296 2014-03-17] (CANON INC.) [Fichier non signé]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-27] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {00C517A9-A664-4D3A-9682-CDF8523F3DB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-27] (Google LLC -> Google LLC)
Task: {0E7E7CDC-1896-48A8-AEDD-926D8C2EBEBB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {2BCDD601-813E-43FE-802D-6214EBFB573E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DC76FC5-E36B-4A48-8A20-3778D6F9F59B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {37227BD1-2489-4CF2-BDAD-FC9047D7F46C} - System32\Tasks\CCleanerSkipUAC - Admin => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3ABE7EE5-043D-4E52-8F76-D4F8065E54B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {473053D3-E8F8-4F02-8D71-62BB5AAD3BA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4D9B3DA2-4E66-4298-97FC-B178DEAEDBDA} - System32\Tasks\Driver Booster SkipUAC (Admin) => D:\Programme\IObitDriverBooster\App\DriverBooster\DriverBooster.exe /skipuac (Pas de fichier)
Task: {7FA74535-678D-433D-ACDE-A6C9783C2DA9} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {8272EBA7-B3B8-4AB1-8F12-895C5FF1BDFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {868F93D8-7666-42E9-BA25-8E0B3F40538F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1615336 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {87C73372-ED11-4EAD-A403-D4A9CCE2AA10} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {902B0F0E-567D-4685-AC98-716638C26CD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A2B83773-89DA-4026-B7C3-90F2666B38EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-27] (Google LLC -> Google LLC)
Task: {A43761AF-2BA0-48DF-BF14-7579A70FCABA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {B02CD279-9ACF-45FB-939C-7D9F05994D3B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform)
Task: {B2E0AD50-8019-4B94-9EC2-21B7143AD1E1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {BA6572B3-7CEF-49D2-93E8-F2B2D7937FE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCCF4465-C87A-4EBD-8347-EF7DC6739D2E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E085E717-A2A6-4CA9-86F3-3C4EDE541746} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {E4DB2704-FF2B-46BE-B998-D1D43BD8C8B9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d025d5e1-f262-417f-b84a-c5345b54b669}: [DhcpNameServer] 192.168.1.1
Edge:
=======
DownloadDir: C:\Users\Admin\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2043018391-611827920-1664459823-1002 -> hxxps://www.google.fr/
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-04]
Edge HomePage: Default -> hxxps://www.google.fr/
Edge StartupUrls: Default -> "hxxps://www.google.fr/"
FireFox:
========
FF DefaultProfile: fbwbaeix.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fbwbaeix.default [2020-03-06]
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fbwbaeix.default\Extensions\sp@avast.com.xpi [2019-12-02]
FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fbwbaeix.default\Extensions\wrc@avast.com.xpi [2019-12-02]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release [2022-01-04]
FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\sp@avast.com.xpi [2021-10-28]
FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\wrc@avast.com.xpi [2020-04-21] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (Widilo Cashback) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\{37d71f0b-917d-485a-ad55-7fd43df7cb57}.xpi [2021-12-24]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-27]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2022-01-03]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-29]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-12-02] (Malwarebytes Inc -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-03-14] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2022-01-03] (Malwarebytes Inc -> Malwarebytes)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-24] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Trois mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2022-01-04 17:03 - 2022-01-04 17:03 - 000000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2022-01-04 16:51 - 2022-01-04 16:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\ZHPSuite.exe
2022-01-03 22:19 - 2022-01-03 22:19 - 000006399 _____ C:\Users\Admin\Desktop\ZHPCleaner (R).txt
2022-01-03 22:02 - 2022-01-03 22:02 - 000000748 _____ C:\Users\Admin\Downloads\Téléchargements - Raccourci.lnk
2021-12-29 21:37 - 2022-01-03 21:45 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-29 19:15 - 2021-12-29 19:15 - 000001779 _____ C:\Users\Admin\Desktop\AdwCleaner[C02].txt
2021-12-29 19:09 - 2021-12-29 19:09 - 008540344 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_8.3.1(1).exe
2021-12-29 19:06 - 2022-01-03 22:16 - 000006168 _____ C:\Users\Admin\Desktop\ZHPCleaner (S).txt
2021-12-29 18:54 - 2022-01-03 22:01 - 000000875 _____ C:\Users\Admin\Desktop\ZHPCleaner.lnk
2021-12-29 18:52 - 2021-12-29 18:52 - 003291800 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPCleaner.exe
2021-12-27 22:06 - 2021-12-27 22:06 - 000002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-27 22:06 - 2021-12-27 22:06 - 000002276 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-27 22:06 - 2021-12-27 22:06 - 000000000 ____D C:\Program Files\Google
2021-12-27 22:00 - 2022-01-04 17:05 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-27 22:00 - 2021-12-27 22:06 - 000000000 ____D C:\Users\Admin\AppData\Local\Google
2021-12-27 22:00 - 2021-12-27 22:00 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-12-27 22:00 - 2021-12-27 22:00 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-12-27 21:59 - 2021-12-27 21:59 - 001341272 _____ (Google LLC) C:\Users\Admin\Downloads\ChromeSetup.exe
2021-12-26 22:09 - 2021-12-26 22:10 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2021-12-26 22:09 - 2021-12-26 22:09 - 000001828 _____ C:\Users\Admin\Desktop\CrystalDiskInfo.lnk
2021-12-26 22:09 - 2021-12-26 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2021-12-26 22:08 - 2021-12-26 22:08 - 004707136 _____ (Crystal Dew World ) C:\Users\Admin\Downloads\CrystalDiskInfo8_11_2.exe
2021-12-26 22:01 - 2021-12-26 22:01 - 000000000 ____D C:\Users\Admin\Downloads\Wub
2021-12-26 21:59 - 2021-12-26 21:59 - 001004640 _____ C:\Users\Admin\Downloads\Wub.zip
2021-12-24 23:04 - 2021-12-24 23:04 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-24 21:48 - 2021-12-24 21:48 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-24 21:48 - 2021-12-24 21:48 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-24 21:45 - 2021-12-24 21:45 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-24 21:45 - 2021-12-24 21:45 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-24 20:48 - 2021-12-24 20:48 - 000000000 ___HD C:\$WinREAgent
2021-12-24 19:50 - 2021-12-24 19:50 - 000031520 _____ C:\Users\Admin\Desktop\Shortcut.txt
2021-12-24 19:41 - 2021-12-24 19:50 - 000038383 _____ C:\Users\Admin\Desktop\Addition.txt
2021-12-24 19:25 - 2022-01-04 17:05 - 000017786 _____ C:\Users\Admin\Desktop\FRST.txt
2021-12-24 19:24 - 2022-01-04 17:05 - 000000000 ____D C:\FRST
2021-12-24 19:23 - 2022-01-04 17:03 - 002311168 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2021-12-24 19:04 - 2022-01-04 16:59 - 000248479 _____ C:\Users\Admin\Desktop\ZHPDiag.txt
2021-12-24 18:52 - 2022-01-04 16:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\ZHP
2021-12-24 18:52 - 2022-01-04 16:51 - 000000724 _____ C:\Users\Admin\Desktop\ZHPSuite.lnk
2021-12-24 18:52 - 2021-12-29 18:54 - 000000000 ____D C:\Users\Admin\AppData\Local\ZHP
2021-12-24 18:50 - 2021-12-24 18:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPSuite.exe
2021-12-23 21:16 - 2021-12-23 21:16 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2043018391-611827920-1664459823-1002
2021-12-23 19:18 - 2021-12-23 22:05 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-23 18:33 - 2021-12-23 18:33 - 008540344 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_8.3.1.exe
2021-12-23 17:52 - 2021-12-23 17:52 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-27 20:20 - 2021-12-23 21:16 - 000002417 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-27 15:55 - 2021-11-27 15:55 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-27 15:55 - 2021-11-27 15:55 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-10-20 13:18 - 2021-10-20 13:18 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-20 13:16 - 2021-10-20 13:16 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-20 13:16 - 2021-10-20 13:16 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-20 13:15 - 2021-10-20 13:15 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-09 21:06 - 2021-12-23 21:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
==================== Trois mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2022-01-04 17:04 - 2019-12-02 11:16 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2022-01-04 16:51 - 2020-11-10 22:17 - 000000000 ____D C:\Users\Admin
2022-01-04 16:48 - 2019-12-02 12:15 - 000000000 ____D C:\Program Files\CCleaner
2022-01-03 21:51 - 2020-11-10 22:26 - 001770910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-03 21:51 - 2019-12-07 15:49 - 000793016 _____ C:\WINDOWS\system32\perfh00C.dat
2022-01-03 21:51 - 2019-12-07 15:49 - 000150146 _____ C:\WINDOWS\system32\perfc00C.dat
2022-01-03 21:51 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-03 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-03 21:43 - 2020-11-10 22:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-03 21:43 - 2020-11-10 22:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-03 21:43 - 2020-11-10 22:10 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-29 21:37 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-12-29 10:45 - 2019-11-27 20:45 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2021-12-29 10:43 - 2019-11-27 20:35 - 000000000 ____D C:\Intel
2021-12-26 22:13 - 2019-11-27 20:28 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2021-12-26 22:06 - 2019-12-02 11:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-12-26 22:04 - 2019-12-12 11:04 - 000000000 ____D C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2021-12-26 22:04 - 2019-12-12 11:03 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2021-12-26 22:02 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-12-25 21:23 - 2020-11-10 22:44 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-12-24 23:09 - 2020-11-10 22:10 - 000438080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-24 23:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-24 23:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-24 23:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-24 23:03 - 2019-12-12 10:49 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2021-12-24 22:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-24 20:43 - 2019-09-18 16:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-24 20:35 - 2019-09-18 16:32 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-24 20:07 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-24 20:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-24 19:39 - 2019-12-12 11:57 - 000000000 ____D C:\Program Files\Microsoft Office
2021-12-24 15:38 - 2019-09-18 16:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-12-23 22:02 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-12-23 21:54 - 2019-12-02 11:16 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-12-23 21:16 - 2020-11-10 22:44 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2043018391-611827920-1664459823-1002
2021-12-23 19:38 - 2020-07-12 20:14 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-23 19:38 - 2020-07-12 20:14 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-23 18:47 - 2019-12-02 11:41 - 000000000 ____D C:\ProgramData\AVAST Software
2021-12-23 18:46 - 2021-06-13 18:22 - 000000000 ____D C:\Users\Admin\AppData\Local\Avast Software
2021-12-23 18:37 - 2019-12-02 13:22 - 000000000 ____D C:\AdwCleaner
2021-12-23 18:32 - 2019-09-18 16:24 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-12-23 18:26 - 2020-11-30 09:45 - 000003540 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b7a81059d7cc
2021-12-23 18:26 - 2020-11-10 22:44 - 000003634 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== Fichiers à la racine de certains dossiers ========
2022-01-04 16:51 - 2022-01-04 16:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\ZHPSuite.exe
==================== SigCheckExt =========================
2020-01-13 22:02 - 2014-03-17 19:15 - 000375296 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2020-01-13 22:02 - 2014-03-17 19:15 - 000039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2020-01-13 22:02 - 2014-03-17 19:15 - 000380928 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2022-01-04 16:51 - 2022-01-04 16:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\ZHPSuite.exe
2021-12-24 19:23 - 2022-01-04 17:03 - 002311168 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2021-12-29 18:52 - 2021-12-29 18:52 - 003291800 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPCleaner.exe
2021-12-24 18:50 - 2021-12-24 18:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPSuite.exe
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== BCD ================================
Gestionnaire de d‚marrage du microprogramme
-------------------------------------------
identificateur {fwbootmgr}
displayorder {bootmgr}
{38a580ec-1146-11ea-b5a6-e1dcf4021cb6}
{38a580ed-1146-11ea-b5a6-e1dcf4021cb6}
{38a580ee-1146-11ea-b5a6-e1dcf4021cb6}
timeout 0
Gestionnaire de d‚marrage Windows
---------------------------------
identificateur {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale fr-FR
inherit {globalsettings}
default {current}
resumeobject {12786c3c-2399-11eb-801b-bc5bc03668b0}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Application logicielle (101fffff)
--------------------------------
identificateur {38a580ec-1146-11ea-b5a6-e1dcf4021cb6}
description EFI USB Device
Application logicielle (101fffff)
--------------------------------
identificateur {38a580ed-1146-11ea-b5a6-e1dcf4021cb6}
description EFI DVD/CDROM
Application logicielle (101fffff)
--------------------------------
identificateur {38a580ee-1146-11ea-b5a6-e1dcf4021cb6}
description EFI Network
Chargeur de d‚marrage Windows
-----------------------------
identificateur {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale fr-FR
inherit {bootloadersettings}
recoverysequence {12786c3e-2399-11eb-801b-bc5bc03668b0}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {12786c3c-2399-11eb-801b-bc5bc03668b0}
nx OptIn
bootmenupolicy Standard
Chargeur de d‚marrage Windows
-----------------------------
identificateur {12786c3e-2399-11eb-801b-bc5bc03668b0}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{12786c3f-2399-11eb-801b-bc5bc03668b0}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale fr-FR
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{12786c3f-2399-11eb-801b-bc5bc03668b0}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Reprendre … partir de la mise en veille prolong‚e
-------------------------------------------------
identificateur {12786c3c-2399-11eb-801b-bc5bc03668b0}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale fr-FR
inherit {resumeloadersettings}
recoverysequence {12786c3e-2399-11eb-801b-bc5bc03668b0}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Testeur de m‚moire Windows
--------------------------
identificateur {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Diagnostics m‚moire Windows
locale fr-FR
inherit {globalsettings}
badmemoryaccess Yes
ParamŠtres EMS
--------------
identificateur {emssettings}
bootems No
ParamŠtres du d‚bogueur
-----------------------
identificateur {dbgsettings}
debugtype Local
Erreurs de m‚moire RAM
----------------------
identificateur {badmemory}
ParamŠtres globaux
------------------
identificateur {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
ParamŠtres du chargeur de d‚marrage
-----------------------------------
identificateur {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
ParamŠtres de l'hyperviseur
-------------------
identificateur {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
ParamŠtres du chargeur de reprise
---------------------------------
identificateur {resumeloadersettings}
inherit {globalsettings}
Options de p‚riph‚rique
-----------------------
identificateur {12786c3f-2399-11eb-801b-bc5bc03668b0}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== Fin de FRST.txt ========================