Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 30-06-2022 01
Exécuté par bourdet (administrateur) sur DESKTOP-MUGQ92P (Packard Bell iMedia S2985) (30-06-2022 22:10:05)
Exécuté depuis C:\Users\bourdet\OneDrive\Bureau
Profils chargés: bourdet
Plate-forme: Microsoft Windows 10 Famille Version 21H1 19043.1706 (X64) Langue: Français (France)
Navigateur par défaut: Edge
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Avanquest Software SAS -> Avanquest Software) C:\Users\bourdet\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (CyberLink Corp. -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(services.exe ->) (Dashlane -> Dashlane SAS) C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation) [Fichier non signé] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (Canon Inc. -> CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-756064936-1099489086-4074059558-1001\...\Run: [Chromium] => "c:\users\bourdet\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [828416 2017-01-21] (The Chromium Authors) [Fichier non signé]
HKU\S-1-5-21-756064936-1099489086-4074059558-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36976728 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-756064936-1099489086-4074059558-1001\...\Run: [Avanquest Message] => C:\Users\bourdet\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [601960 2021-08-12] (Avanquest Software SAS -> Avanquest Software)
HKU\S-1-5-21-756064936-1099489086-4074059558-1001\...\Run: [MicrosoftEdgeAutoLaunch_40340EB823EE27C4488135D7A2910737] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MP230 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDB5.DLL [30208 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP230 series: C:\WINDOWS\system32\CNMLMB5.DLL [389120 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.66\Installer\chrmstp.exe [2022-06-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2017-01-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) [Fichier non signé]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {0B628258-5BCD-47E2-A2E1-1A371A525780} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {1503CE7C-145E-42BA-B0B4-9F32DCC9F5B7} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {1C85EC03-9655-4891-8C04-2BB717F62C8F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (Pas de fichier)
Task: {1F122A06-CBE2-41C2-92D6-DC2D6C0F2D46} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.1.7\SymErr.exe /analyze (Pas de fichier)
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\ACC" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\BacKGroundAgent" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleaner Browser Heartbeat Task (Hourly)" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CCleaner Browser Heartbeat Task (Logon)" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\CCleanerSkipUAC - bourdet" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\CCleanerUpdateTaskMachineCore" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\CCleanerUpdateTaskMachineUA" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\FUBTrackingByPLD" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d7b7867bae82c7" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\OneDrive Reporting Task-S-1-5-21-756064936-1099489086-4074059558-1001" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-756064936-1099489086-4074059558-1001" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\Software Update Application" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{5FE12437-7BBF-4C75-BD66-3E035BB7C5EE}" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {232D9FEE-D24A-48E0-AEAA-B126E2E9A176} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4953F4ED-68B9-40D3-953C-BA53E8446E92} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-08-19] (Acer Incorporated -> Acer Incorporated)
Task: {62B4D3FB-51F0-4730-AF7B-3C3E394786F3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {65875B10-FDE3-4EAE-8EB9-F8B392359E68} - System32\Tasks\ACC => C:\Program Files (x86)\Packard Bell\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
Task: {66212BDB-D3C4-420C-9C5C-4B8696670D0B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65824 2017-09-26] (Acer Incorporated -> Acer Incorporated)
Task: {6DB2B5B9-C506-4307-8467-6AA68BE8E1FB} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {705BEB74-DE6E-4E7A-8C0C-BD609B71EF39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {7C6DE2C9-102D-447C-8CE0-0DF7953305F5} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe /nogui (Pas de fichier)
Task: {7CA25339-C579-4988-8909-E26DC400B822} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {7D991D48-AA94-4F36-961A-C2696E2FE688} - \{03EE7218-BE89-BFFB-2816-23E00B5697E1}\UpdTask -> Pas de fichier <==== ATTENTION
Task: {808B53C6-B93C-44EF-B4F1-BA4E41B1F94F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82D0F765-AA3C-4FE1-B77F-19E37E1E0481} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.1.7\SymErr.exe /ui (Pas de fichier)
Task: {A1611421-5B43-4B46-8B25-9D26F3CD8FE4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-06-14] (Piriform Software Ltd -> Piriform)
Task: {A1DE2BE8-681C-4568-B641-D7D68BAFB9EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D848653B-1F08-4B37-B053-98BFC44B0B9B} - System32\Tasks\CCleanerSkipUAC - bourdet => C:\Program Files\CCleaner\CCleaner.exe [31027800 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DBAB8162-584B-4BE4-B3F3-AD60641613CE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (Pas de fichier)
Task: {DDBF25EE-20B1-477D-8D5D-307761061CF5} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.1.7\SymErr.exe /submit (Pas de fichier)
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bff5e714-6bfa-4a87-866a-7ec6bcf9db8e}: [DhcpNameServer] 192.168.151.228
Tcpip\..\Interfaces\{d5d8fd4e-0975-480d-b79f-68e07ed7af9f}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge Profile: C:\Users\bourdet\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-30]
FireFox:
========
FF DefaultProfile: cl94n9ni.default
FF ProfilePath: C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default [2022-06-30]
FF Homepage: Mozilla\Firefox\Profiles\cl94n9ni.default -> hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_inprft_18_29_04¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0C0C0CyC0AtD0Azz0DtD0AtDtBzztAtN0D0Tzu0StBtAzyyEtN1L2XzuyEtFtByCtFtDtFtCtDtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtAtB0AtA0DtA0CtGtBtDzyyDtG0DyD0E0FtGtC0D0DtDtG0Fzz0F0FtCzyyByEzy0A0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1O1PyEtDyB1SzyyEtG1PzytDtDtGyEtC1SzytGzzyC1QyBtGtD1Rzyzzzz1PyByCtDtA1PyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtAtBtByCyDzztDtC%26cr%3D1822612109%26a%3Dwnf_inprft_18_29_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Extension: (Firefox Hotfix) - C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-01-27] []
FF Extension: (Français Language Pack) - C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\Extensions\langpack-fr@firefox.mozilla.org [2017-01-20] []
FF Extension: (Mozilla Partner Defaults) - C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\Extensions\partnerdefaults@mozilla.com [2017-01-20] []
FF SearchPlugin: C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\searchplugins\Search Start Page.xml [2017-01-27]
FF SearchPlugin: C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\searchplugins\Start Search.xml [2017-02-03]
FF SearchPlugin: C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\searchplugins\Web Start Page.xml [2017-03-10]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [Fichier non signé]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [Pas de fichier]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-06-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default [2022-06-29]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.fr/"
CHR Extension: (Slides) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (MapsGalaxy) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\acijnjjfbpbelhlpijjoohhhmdeiemkm [2020-06-13]
CHR Extension: (Docs) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-27]
CHR Extension: (Pro Particuliers - Offres shopping) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdagankaloagjljjdmoiodoeakgndkb [2018-01-31]
CHR Extension: (Sheets) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs hors connexion) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Norton Identity Safe) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-01-27]
CHR Extension: (PDF Viewer & Converter by FromDocToPDF (BETA)) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2020-11-05]
CHR Extension: (Coupert - Codes Promo Automatiques & Cashback) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2020-12-23]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-06-30]
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-06-30]
CHR Extension: (Total WebShield: Chrome Antivirus Protection) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bobjajapamhdnbnimmaddcceeckkoiff [2022-04-25]
CHR Extension: (Adobe Acrobat : outils de modification, de conversion et de signature de PDF) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-29]
CHR Extension: (Google Docs hors connexion) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-29]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-06-29]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-06-30]
CHR Notifications: Profile 2 -> hxxps://bestcaptcharesolver.com; hxxps://www.vente-unique.com
CHR Extension: (Google Docs hors connexion) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-30]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\System Profile [2022-06-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-756064936-1099489086-4074059558-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-756064936-1099489086-4074059558-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [75056 2015-06-25] (Dashlane -> Dashlane SAS)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Fichier non signé]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Fichier non signé]
S3 QASvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [450400 2015-07-17] (Acer Incorporated -> Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-10-08] (CyberLink Corp. -> )
S2 SymSilent; C:\Program Files (x86)\SymSilent\SymSilent.exe [1290176 2015-08-26] (Symantec Corporation -> Symantec Corporation)
S3 UEIPSvc; C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (Acer Incorporated -> acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2022-06-30 22:09 - 2022-06-30 22:10 - 000000000 ____D C:\FRST
2022-06-30 19:18 - 2022-06-30 19:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-06-30 19:14 - 2022-06-30 19:14 - 012693728 _____ (AVAST Software) C:\Users\bourdet\Downloads\avastclear.exe
2022-06-30 18:29 - 2022-06-30 18:29 - 000000000 ___HD C:\$WinREAgent
2022-06-30 18:29 - 2022-06-30 18:29 - 000000000 ____D C:\Users\bourdet\.ms-ad
2022-06-29 22:17 - 2022-06-29 22:17 - 000065944 _____ (Avast Software) C:\WINDOWS\system32\Drivers\aswacf90b20f8f610b8.tmp
2022-06-29 21:01 - 2022-06-29 21:02 - 003487984 _____ (Nicolas Coolman) C:\Users\bourdet\Downloads\ZHPSuite.exe
2022-06-29 16:55 - 2022-06-29 16:55 - 000052353 _____ C:\Users\bourdet\Downloads\bon_transport_XZ361838860JB.pdf
==================== Un mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2022-06-30 22:02 - 2022-02-20 14:26 - 000000000 ____D C:\Users\bourdet\AppData\Roaming\ZHP
2022-06-30 21:59 - 2017-01-27 18:49 - 000000000 ____D C:\Program Files (x86)\Google
2022-06-30 21:52 - 2021-10-02 14:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-06-30 21:52 - 2015-08-26 05:06 - 000000000 ____D C:\ProgramData\AVAST Software
2022-06-30 21:51 - 2021-10-02 14:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-06-30 21:51 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-30 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-06-30 19:35 - 2018-02-11 11:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-30 19:24 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-06-30 19:24 - 2017-12-10 11:42 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-06-30 19:24 - 2017-01-28 19:44 - 000000000 ____D C:\Program Files\CCleaner
2022-06-30 19:23 - 2017-01-20 03:53 - 000000000 ___RD C:\Users\bourdet\OneDrive
2022-06-30 19:22 - 2021-10-02 14:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-06-30 19:22 - 2021-02-15 16:57 - 000008192 ___SH C:\DumpStack.log.tmp
2022-06-30 19:22 - 2017-06-07 15:00 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-06-30 19:22 - 2017-01-20 03:50 - 000000000 __SHD C:\Users\bourdet\IntelGraphicsProfiles
2022-06-30 19:21 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-06-30 19:21 - 2018-07-11 09:03 - 000000000 ____D C:\Users\bourdet\AppData\Local\AVAST Software
2022-06-30 19:21 - 2017-12-07 09:56 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-06-30 19:21 - 2017-01-27 18:49 - 000000000 ____D C:\Users\bourdet\AppData\Roaming\AVAST Software
2022-06-30 19:20 - 2020-02-02 11:10 - 000000000 ____D C:\Users\bourdet\AppData\Local\D3DSCache
2022-06-30 19:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-06-30 19:08 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-06-30 18:36 - 2017-01-28 20:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-30 18:29 - 2021-10-02 13:15 - 000000000 ____D C:\Users\bourdet
2022-06-30 18:29 - 2017-01-28 20:27 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-30 18:28 - 2021-10-02 14:20 - 000004180 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5FE12437-7BBF-4C75-BD66-3E035BB7C5EE}
2022-06-30 18:26 - 2021-12-11 12:40 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-756064936-1099489086-4074059558-1001
2022-06-30 18:26 - 2021-10-02 14:20 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-756064936-1099489086-4074059558-1001
2022-06-30 18:26 - 2021-10-02 13:15 - 000002435 _____ C:\Users\bourdet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-30 18:24 - 2021-10-02 14:20 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-06-30 18:22 - 2017-01-27 09:31 - 000000000 ____D C:\Users\bourdet\AppData\Local\CrashDumps
2022-06-29 21:19 - 2022-02-20 14:26 - 000000000 ____D C:\Users\bourdet\AppData\Local\ZHP
2022-06-29 15:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-06-29 15:36 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-06-29 15:36 - 2018-07-10 22:51 - 000000000 ____D C:\ProgramData\Packages
2022-06-29 15:35 - 2020-06-16 08:53 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-29 15:26 - 2021-10-15 17:05 - 000003596 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7b7867bae82c7
2022-06-29 15:26 - 2021-10-02 14:20 - 000003690 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-29 15:19 - 2017-04-13 09:38 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-06-29 15:11 - 2018-12-09 12:03 - 000000000 ____D C:\Users\bourdet\AppData\Roaming\PhotoScape
2022-06-29 14:53 - 2021-10-02 14:20 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== Fin de FRST.txt ========================
Exécuté par bourdet (administrateur) sur DESKTOP-MUGQ92P (Packard Bell iMedia S2985) (30-06-2022 22:10:05)
Exécuté depuis C:\Users\bourdet\OneDrive\Bureau
Profils chargés: bourdet
Plate-forme: Microsoft Windows 10 Famille Version 21H1 19043.1706 (X64) Langue: Français (France)
Navigateur par défaut: Edge
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Avanquest Software SAS -> Avanquest Software) C:\Users\bourdet\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (CyberLink Corp. -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(services.exe ->) (Dashlane -> Dashlane SAS) C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation) [Fichier non signé] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (Canon Inc. -> CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-756064936-1099489086-4074059558-1001\...\Run: [Chromium] => "c:\users\bourdet\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [828416 2017-01-21] (The Chromium Authors) [Fichier non signé]
HKU\S-1-5-21-756064936-1099489086-4074059558-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36976728 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-756064936-1099489086-4074059558-1001\...\Run: [Avanquest Message] => C:\Users\bourdet\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe [601960 2021-08-12] (Avanquest Software SAS -> Avanquest Software)
HKU\S-1-5-21-756064936-1099489086-4074059558-1001\...\Run: [MicrosoftEdgeAutoLaunch_40340EB823EE27C4488135D7A2910737] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MP230 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDB5.DLL [30208 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP230 series: C:\WINDOWS\system32\CNMLMB5.DLL [389120 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.66\Installer\chrmstp.exe [2022-06-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2017-01-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) [Fichier non signé]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {0B628258-5BCD-47E2-A2E1-1A371A525780} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {1503CE7C-145E-42BA-B0B4-9F32DCC9F5B7} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {1C85EC03-9655-4891-8C04-2BB717F62C8F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (Pas de fichier)
Task: {1F122A06-CBE2-41C2-92D6-DC2D6C0F2D46} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.1.7\SymErr.exe /analyze (Pas de fichier)
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\ACC" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\BacKGroundAgent" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleaner Browser Heartbeat Task (Hourly)" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CCleaner Browser Heartbeat Task (Logon)" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\CCleanerSkipUAC - bourdet" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\CCleanerUpdateTaskMachineCore" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\CCleanerUpdateTaskMachineUA" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\FUBTrackingByPLD" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d7b7867bae82c7" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\OneDrive Reporting Task-S-1-5-21-756064936-1099489086-4074059558-1001" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-756064936-1099489086-4074059558-1001" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\Software Update Application" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{5FE12437-7BBF-4C75-BD66-3E035BB7C5EE}" /ENABLE
Task: {1FA41754-C4A7-4149-A85B-24841714C25E} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {232D9FEE-D24A-48E0-AEAA-B126E2E9A176} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4953F4ED-68B9-40D3-953C-BA53E8446E92} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-08-19] (Acer Incorporated -> Acer Incorporated)
Task: {62B4D3FB-51F0-4730-AF7B-3C3E394786F3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {65875B10-FDE3-4EAE-8EB9-F8B392359E68} - System32\Tasks\ACC => C:\Program Files (x86)\Packard Bell\Care Center\LiveUpdateChecker.exe [2920752 2017-05-24] (Acer Incorporated -> )
Task: {66212BDB-D3C4-420C-9C5C-4B8696670D0B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65824 2017-09-26] (Acer Incorporated -> Acer Incorporated)
Task: {6DB2B5B9-C506-4307-8467-6AA68BE8E1FB} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {705BEB74-DE6E-4E7A-8C0C-BD609B71EF39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {7C6DE2C9-102D-447C-8CE0-0DF7953305F5} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe /nogui (Pas de fichier)
Task: {7CA25339-C579-4988-8909-E26DC400B822} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-27] (Google Inc -> Google Inc.)
Task: {7D991D48-AA94-4F36-961A-C2696E2FE688} - \{03EE7218-BE89-BFFB-2816-23E00B5697E1}\UpdTask -> Pas de fichier <==== ATTENTION
Task: {808B53C6-B93C-44EF-B4F1-BA4E41B1F94F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82D0F765-AA3C-4FE1-B77F-19E37E1E0481} - System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.5.1.7\SymErr.exe /ui (Pas de fichier)
Task: {A1611421-5B43-4B46-8B25-9D26F3CD8FE4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-06-14] (Piriform Software Ltd -> Piriform)
Task: {A1DE2BE8-681C-4568-B641-D7D68BAFB9EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D848653B-1F08-4B37-B053-98BFC44B0B9B} - System32\Tasks\CCleanerSkipUAC - bourdet => C:\Program Files\CCleaner\CCleaner.exe [31027800 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DBAB8162-584B-4BE4-B3F3-AD60641613CE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (Pas de fichier)
Task: {DDBF25EE-20B1-477D-8D5D-307761061CF5} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.1.7\SymErr.exe /submit (Pas de fichier)
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bff5e714-6bfa-4a87-866a-7ec6bcf9db8e}: [DhcpNameServer] 192.168.151.228
Tcpip\..\Interfaces\{d5d8fd4e-0975-480d-b79f-68e07ed7af9f}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge Profile: C:\Users\bourdet\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-30]
FireFox:
========
FF DefaultProfile: cl94n9ni.default
FF ProfilePath: C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default [2022-06-30]
FF Homepage: Mozilla\Firefox\Profiles\cl94n9ni.default -> hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_inprft_18_29_04¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0C0C0CyC0AtD0Azz0DtD0AtDtBzztAtN0D0Tzu0StBtAzyyEtN1L2XzuyEtFtByCtFtDtFtCtDtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtAtB0AtA0DtA0CtGtBtDzyyDtG0DyD0E0FtGtC0D0DtDtG0Fzz0F0FtCzyyByEzy0A0F0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1O1PyEtDyB1SzyyEtG1PzytDtDtGyEtC1SzytGzzyC1QyBtGtD1Rzyzzzz1PyByCtDtA1PyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDtAtBtByCyDzztDtC%26cr%3D1822612109%26a%3Dwnf_inprft_18_29_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Extension: (Firefox Hotfix) - C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-01-27] []
FF Extension: (Français Language Pack) - C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\Extensions\langpack-fr@firefox.mozilla.org [2017-01-20] []
FF Extension: (Mozilla Partner Defaults) - C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\Extensions\partnerdefaults@mozilla.com [2017-01-20] []
FF SearchPlugin: C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\searchplugins\Search Start Page.xml [2017-01-27]
FF SearchPlugin: C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\searchplugins\Start Search.xml [2017-02-03]
FF SearchPlugin: C:\Users\bourdet\AppData\Roaming\Mozilla\Firefox\Profiles\cl94n9ni.default\searchplugins\Web Start Page.xml [2017-03-10]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [Fichier non signé]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [Pas de fichier]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-06-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default [2022-06-29]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.fr/"
CHR Extension: (Slides) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (MapsGalaxy) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\acijnjjfbpbelhlpijjoohhhmdeiemkm [2020-06-13]
CHR Extension: (Docs) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-27]
CHR Extension: (Pro Particuliers - Offres shopping) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdagankaloagjljjdmoiodoeakgndkb [2018-01-31]
CHR Extension: (Sheets) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Google Docs hors connexion) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Norton Identity Safe) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-01-27]
CHR Extension: (PDF Viewer & Converter by FromDocToPDF (BETA)) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2020-11-05]
CHR Extension: (Coupert - Codes Promo Automatiques & Cashback) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2020-12-23]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-06-30]
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-06-30]
CHR Extension: (Total WebShield: Chrome Antivirus Protection) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bobjajapamhdnbnimmaddcceeckkoiff [2022-04-25]
CHR Extension: (Adobe Acrobat : outils de modification, de conversion et de signature de PDF) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-29]
CHR Extension: (Google Docs hors connexion) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-29]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2022-06-29]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-06-30]
CHR Notifications: Profile 2 -> hxxps://bestcaptcharesolver.com; hxxps://www.vente-unique.com
CHR Extension: (Google Docs hors connexion) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-30]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\bourdet\AppData\Local\Google\Chrome\User Data\System Profile [2022-06-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-756064936-1099489086-4074059558-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce]
CHR HKU\S-1-5-21-756064936-1099489086-4074059558-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [75056 2015-06-25] (Dashlane -> Dashlane SAS)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Fichier non signé]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Fichier non signé]
S3 QASvc; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [450400 2015-07-17] (Acer Incorporated -> Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-10-08] (CyberLink Corp. -> )
S2 SymSilent; C:\Program Files (x86)\SymSilent\SymSilent.exe [1290176 2015-08-26] (Symantec Corporation -> Symantec Corporation)
S3 UEIPSvc; C:\Program Files\Packard Bell\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (Acer Incorporated -> acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2022-06-30 22:09 - 2022-06-30 22:10 - 000000000 ____D C:\FRST
2022-06-30 19:18 - 2022-06-30 19:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-06-30 19:14 - 2022-06-30 19:14 - 012693728 _____ (AVAST Software) C:\Users\bourdet\Downloads\avastclear.exe
2022-06-30 18:29 - 2022-06-30 18:29 - 000000000 ___HD C:\$WinREAgent
2022-06-30 18:29 - 2022-06-30 18:29 - 000000000 ____D C:\Users\bourdet\.ms-ad
2022-06-29 22:17 - 2022-06-29 22:17 - 000065944 _____ (Avast Software) C:\WINDOWS\system32\Drivers\aswacf90b20f8f610b8.tmp
2022-06-29 21:01 - 2022-06-29 21:02 - 003487984 _____ (Nicolas Coolman) C:\Users\bourdet\Downloads\ZHPSuite.exe
2022-06-29 16:55 - 2022-06-29 16:55 - 000052353 _____ C:\Users\bourdet\Downloads\bon_transport_XZ361838860JB.pdf
==================== Un mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2022-06-30 22:02 - 2022-02-20 14:26 - 000000000 ____D C:\Users\bourdet\AppData\Roaming\ZHP
2022-06-30 21:59 - 2017-01-27 18:49 - 000000000 ____D C:\Program Files (x86)\Google
2022-06-30 21:52 - 2021-10-02 14:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-06-30 21:52 - 2015-08-26 05:06 - 000000000 ____D C:\ProgramData\AVAST Software
2022-06-30 21:51 - 2021-10-02 14:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-06-30 21:51 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-30 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-06-30 19:35 - 2018-02-11 11:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-30 19:24 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-06-30 19:24 - 2017-12-10 11:42 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-06-30 19:24 - 2017-01-28 19:44 - 000000000 ____D C:\Program Files\CCleaner
2022-06-30 19:23 - 2017-01-20 03:53 - 000000000 ___RD C:\Users\bourdet\OneDrive
2022-06-30 19:22 - 2021-10-02 14:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-06-30 19:22 - 2021-02-15 16:57 - 000008192 ___SH C:\DumpStack.log.tmp
2022-06-30 19:22 - 2017-06-07 15:00 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-06-30 19:22 - 2017-01-20 03:50 - 000000000 __SHD C:\Users\bourdet\IntelGraphicsProfiles
2022-06-30 19:21 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-06-30 19:21 - 2018-07-11 09:03 - 000000000 ____D C:\Users\bourdet\AppData\Local\AVAST Software
2022-06-30 19:21 - 2017-12-07 09:56 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-06-30 19:21 - 2017-01-27 18:49 - 000000000 ____D C:\Users\bourdet\AppData\Roaming\AVAST Software
2022-06-30 19:20 - 2020-02-02 11:10 - 000000000 ____D C:\Users\bourdet\AppData\Local\D3DSCache
2022-06-30 19:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-06-30 19:08 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-06-30 18:36 - 2017-01-28 20:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-30 18:29 - 2021-10-02 13:15 - 000000000 ____D C:\Users\bourdet
2022-06-30 18:29 - 2017-01-28 20:27 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-30 18:28 - 2021-10-02 14:20 - 000004180 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5FE12437-7BBF-4C75-BD66-3E035BB7C5EE}
2022-06-30 18:26 - 2021-12-11 12:40 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-756064936-1099489086-4074059558-1001
2022-06-30 18:26 - 2021-10-02 14:20 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-756064936-1099489086-4074059558-1001
2022-06-30 18:26 - 2021-10-02 13:15 - 000002435 _____ C:\Users\bourdet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-30 18:24 - 2021-10-02 14:20 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-06-30 18:22 - 2017-01-27 09:31 - 000000000 ____D C:\Users\bourdet\AppData\Local\CrashDumps
2022-06-29 21:19 - 2022-02-20 14:26 - 000000000 ____D C:\Users\bourdet\AppData\Local\ZHP
2022-06-29 15:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-06-29 15:36 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-06-29 15:36 - 2018-07-10 22:51 - 000000000 ____D C:\ProgramData\Packages
2022-06-29 15:35 - 2020-06-16 08:53 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-29 15:26 - 2021-10-15 17:05 - 000003596 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7b7867bae82c7
2022-06-29 15:26 - 2021-10-02 14:20 - 000003690 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-29 15:19 - 2017-04-13 09:38 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-06-29 15:11 - 2018-12-09 12:03 - 000000000 ____D C:\Users\bourdet\AppData\Roaming\PhotoScape
2022-06-29 14:53 - 2021-10-02 14:20 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== Fin de FRST.txt ========================