Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Exécuté par InfoWare31 (administrateur) sur DESKTOP-MVJ4EJ1 (09-09-2022 00:04:05)
Exécuté depuis C:\Users\InfoWare31\OneDrive\Desktop
Profils chargés: InfoWare31
Plate-forme: Microsoft Windows 10 Professionnel Version 21H1 19043.1889 (X64) Langue: Français (France)
Navigateur par défaut: Edge
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(services.exe ->) () [Fichier non signé] C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe
(services.exe ->) () [Fichier non signé] C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe (Pas de fichier)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [12837288 2022-07-19] (SteelSeries ApS -> SteelSeries ApS)
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234600 2022-08-20] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart (Pas de fichier)
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [org.openvpn.client] => C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe [110833152 2022-03-17] (OpenVPN) [Fichier non signé]
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [MicrosoftEdgeAutoLaunch_474483BF035A5B1D2FEA44D887F4B957] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [utweb] => "C:\Users\InfoWare31\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (Pas de fichier)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\105.0.5195.102\Installer\chrmstp.exe [2022-09-08] (Google LLC -> Google LLC)
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {2190F7A2-D1A2-4D38-BAB3-7A26FFB2C879} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23706576 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {30E54446-E107-463C-8CF2-4BF9C0A12B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-06-11] (Google Inc -> Google LLC)
Task: {43AD2271-6CFF-4FF8-A787-77074D76D6AA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142232 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {83AB2C52-E150-4304-8C50-64A305785C1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23706576 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C4F2C80E-577B-43A4-BD3A-28B4842AFA6A} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {D13AC0F2-D9AE-4FCA-8C88-A2F6A95AF3AE} - System32\Tasks\Opera scheduled Autoupdate 1636548709 => C:\Users\InfoWare31\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {D29AA48A-C81C-4491-BF7D-4CEB1969FBD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DFC60B63-2672-4DCE-B3C6-DEC01DCDBA52} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142232 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3ACFB3A-D0C1-4BC1-9B8A-E0DD79704A70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-06-11] (Google Inc -> Google LLC)
Task: {E7C4E023-9C10-47A3-87FA-1DBDDB6F7CA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7D12F3B-FB8E-4C33-89F4-EA74318D4CE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F636181F-C40D-42A8-9E3A-1EF2FB88F357} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4d9bf435-7921-4b9a-9446-297821271248}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{c5b19a51-403a-4595-a095-373f006b5e88}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge DefaultProfile: Default
Edge Profile: C:\Users\InfoWare31\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-09]
FireFox:
========
FF DefaultProfile: yyurrrwp.default
FF ProfilePath: C:\Users\InfoWare31\AppData\Roaming\Mozilla\Firefox\Profiles\yyurrrwp.default [2020-06-11]
FF ProfilePath: C:\Users\InfoWare31\AppData\Roaming\Mozilla\Firefox\Profiles\u858sn0x.default-release [2020-06-11]
FF Extension: (Avast Online Security) - C:\Users\InfoWare31\AppData\Roaming\Mozilla\Firefox\Profiles\u858sn0x.default-release\Extensions\wrc@avast.com.xpi [2020-06-11]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [Fichier non signé]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default [2022-09-09]
CHR HomePage: Default -> hxxp://google/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/"
CHR Extension: (Safe Torrent Scanner) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-09-08]
CHR Extension: (Google Docs hors connexion) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-08]
CHR Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-09-08]
CHR Extension: (Nebula) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlmflgnnmmojlnbmaokpfcjdkhkjbnok [2022-09-08]
CHR Extension: (Web Safety) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp [2022-09-08]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-08]
CHR Profile: C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-31]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
Opera:
=======
OPR Profile: C:\Users\InfoWare31\AppData\Roaming\Opera Software\Opera Stable [2021-11-10]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe [3196928 2022-03-17] () [Fichier non signé]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12126112 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-15] (Epic Games Inc. -> Epic Games, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [225368 2022-08-14] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-08] (Malwarebytes Inc. -> Malwarebytes)
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [22174424 2021-12-03] (LLC Mail.Ru -> LLC Mail.Ru)
R2 ovpnhelper_service; C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe [3021824 2022-03-17] () [Fichier non signé]
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2021-06-23] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [35240 2022-07-19] (SteelSeries ApS -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
S3 EasyAntiCheat_EOS; "C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 Rockstar Service; "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 atvi-brynhildr; C:\ProgramData\Battle.net_components\brynhildr_odin2\brynhildr.sys [2188544 2022-08-02] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl5803526e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC792197-B126-4FE5-BF52-429D06347668}\MpKslDrv.sys [228600 2022-09-08] (Microsoft Windows -> Microsoft Corporation)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [21413808 2021-12-03] (LLC Mail.Ru -> LLC Mail.Ru)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [86632 2020-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-15] (SteelSeries ApS -> )
R3 sshid; C:\WINDOWS\system32\DRIVERS\sshid.sys [43960 2022-07-06] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteelSeries_Sonar_VAD; C:\WINDOWS\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_ab95c13003d9c50f\SteelSeries-Sonar-VAD.sys [92912 2022-07-18] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tap_ovpnconnect; C:\WINDOWS\System32\drivers\tap_ovpnconnect.sys [40128 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
S3 wtbt; \??\e:\jeux\steamapps\common\super people playtest\engine\binaries\thirdparty\wondertrust\wtdrv64.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Exécuté par InfoWare31 (administrateur) sur DESKTOP-MVJ4EJ1 (09-09-2022 00:04:05)
Exécuté depuis C:\Users\InfoWare31\OneDrive\Desktop
Profils chargés: InfoWare31
Plate-forme: Microsoft Windows 10 Professionnel Version 21H1 19043.1889 (X64) Langue: Français (France)
Navigateur par défaut: Edge
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(services.exe ->) () [Fichier non signé] C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe
(services.exe ->) () [Fichier non signé] C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe (Pas de fichier)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [12837288 2022-07-19] (SteelSeries ApS -> SteelSeries ApS)
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234600 2022-08-20] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart (Pas de fichier)
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [org.openvpn.client] => C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe [110833152 2022-03-17] (OpenVPN) [Fichier non signé]
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [MicrosoftEdgeAutoLaunch_474483BF035A5B1D2FEA44D887F4B957] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [utweb] => "C:\Users\InfoWare31\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (Pas de fichier)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\105.0.5195.102\Installer\chrmstp.exe [2022-09-08] (Google LLC -> Google LLC)
==================== Tâches planifiées (Avec liste blanche) ============
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {2190F7A2-D1A2-4D38-BAB3-7A26FFB2C879} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23706576 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {30E54446-E107-463C-8CF2-4BF9C0A12B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-06-11] (Google Inc -> Google LLC)
Task: {43AD2271-6CFF-4FF8-A787-77074D76D6AA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142232 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {83AB2C52-E150-4304-8C50-64A305785C1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23706576 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C4F2C80E-577B-43A4-BD3A-28B4842AFA6A} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {D13AC0F2-D9AE-4FCA-8C88-A2F6A95AF3AE} - System32\Tasks\Opera scheduled Autoupdate 1636548709 => C:\Users\InfoWare31\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {D29AA48A-C81C-4491-BF7D-4CEB1969FBD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DFC60B63-2672-4DCE-B3C6-DEC01DCDBA52} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142232 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3ACFB3A-D0C1-4BC1-9B8A-E0DD79704A70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-06-11] (Google Inc -> Google LLC)
Task: {E7C4E023-9C10-47A3-87FA-1DBDDB6F7CA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7D12F3B-FB8E-4C33-89F4-EA74318D4CE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F636181F-C40D-42A8-9E3A-1EF2FB88F357} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4d9bf435-7921-4b9a-9446-297821271248}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{c5b19a51-403a-4595-a095-373f006b5e88}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge DefaultProfile: Default
Edge Profile: C:\Users\InfoWare31\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-09]
FireFox:
========
FF DefaultProfile: yyurrrwp.default
FF ProfilePath: C:\Users\InfoWare31\AppData\Roaming\Mozilla\Firefox\Profiles\yyurrrwp.default [2020-06-11]
FF ProfilePath: C:\Users\InfoWare31\AppData\Roaming\Mozilla\Firefox\Profiles\u858sn0x.default-release [2020-06-11]
FF Extension: (Avast Online Security) - C:\Users\InfoWare31\AppData\Roaming\Mozilla\Firefox\Profiles\u858sn0x.default-release\Extensions\wrc@avast.com.xpi [2020-06-11]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [Fichier non signé]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default [2022-09-09]
CHR HomePage: Default -> hxxp://google/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/"
CHR Extension: (Safe Torrent Scanner) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-09-08]
CHR Extension: (Google Docs hors connexion) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-08]
CHR Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-09-08]
CHR Extension: (Nebula) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlmflgnnmmojlnbmaokpfcjdkhkjbnok [2022-09-08]
CHR Extension: (Web Safety) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp [2022-09-08]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-08]
CHR Profile: C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-31]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
Opera:
=======
OPR Profile: C:\Users\InfoWare31\AppData\Roaming\Opera Software\Opera Stable [2021-11-10]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe [3196928 2022-03-17] () [Fichier non signé]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12126112 2022-09-08] (Microsoft Corporation -> Microsoft Corporation)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-15] (Epic Games Inc. -> Epic Games, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [225368 2022-08-14] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-08] (Malwarebytes Inc. -> Malwarebytes)
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [22174424 2021-12-03] (LLC Mail.Ru -> LLC Mail.Ru)
R2 ovpnhelper_service; C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe [3021824 2022-03-17] () [Fichier non signé]
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2021-06-23] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [35240 2022-07-19] (SteelSeries ApS -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]
S3 EasyAntiCheat_EOS; "C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 Rockstar Service; "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 atvi-brynhildr; C:\ProgramData\Battle.net_components\brynhildr_odin2\brynhildr.sys [2188544 2022-08-02] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl5803526e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC792197-B126-4FE5-BF52-429D06347668}\MpKslDrv.sys [228600 2022-09-08] (Microsoft Windows -> Microsoft Corporation)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [21413808 2021-12-03] (LLC Mail.Ru -> LLC Mail.Ru)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [86632 2020-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-15] (SteelSeries ApS -> )
R3 sshid; C:\WINDOWS\system32\DRIVERS\sshid.sys [43960 2022-07-06] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteelSeries_Sonar_VAD; C:\WINDOWS\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_ab95c13003d9c50f\SteelSeries-Sonar-VAD.sys [92912 2022-07-18] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tap_ovpnconnect; C:\WINDOWS\System32\drivers\tap_ovpnconnect.sys [40128 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation)
S3 wtbt; \??\e:\jeux\steamapps\common\super people playtest\engine\binaries\thirdparty\wondertrust\wtdrv64.sys [X]
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)