Publicité
Publicité
Format du document : text/plain
Prévisualisation
Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023
Exécuté par kirot (administrateur) sur DESKTOP-HU2VCAR (UNOWHY Y13G010S4EI) (04-10-2023 15:18:44)
Exécuté depuis C:\Users\kirot\Downloads\FRST64-2.1.exe
Profils chargés: kirot
Plate-forme: Microsoft Windows 10 Professionnel Version 22H2 19045.3448 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxEM.exe
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_828ed3dd8704ca78\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_828ed3dd8704ca78\IntelCpHeciSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) C:\Program Files\Sandboxie\SbieSvc.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [S6000Mnt] => C:\Windows\WebCam\S6000\S6000Mnt.exe [507904 2023-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Alcor)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-08-25] (Adobe Inc. -> )
HKU\S-1-5-21-818727085-2834302555-1898144868-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3395536 2023-02-05] (Tonalio GmbH -> Sandboxie-Plus.com)
HKU\S-1-5-21-818727085-2834302555-1898144868-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [253816 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-818727085-2834302555-1898144868-1001\...\Run: [MicrosoftEdgeAutoLaunch_2FC3D2E9A1FD4BD4738A9D62E22B1225] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe [2023-09-30] (Google LLC -> Google LLC)
==================== Tâches planifiées (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {597C44A0-633D-4493-A3BD-27FC2AEC5B55} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-03] (Adobe Inc. -> Adobe Inc.)
Task: {1E1B0148-A6DE-40B1-8B13-E403D288BD32} - System32\Tasks\GoogleUpdateTaskMachineCore{60BFE965-B9E6-4B86-9B2C-279FE5B02327} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-02-12] (Google LLC -> Google LLC)
Task: {44FE92E9-941C-4676-8F6A-9B948EA90548} - System32\Tasks\GoogleUpdateTaskMachineUA{896700A3-4012-428E-B38A-6433596FCCBF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-02-12] (Google LLC -> Google LLC)
Task: {425C9E9E-449C-4B90-9220-A75CB3EB1250} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [253880 2023-08-25] (Microsoft Corporation -> Microsoft)
Task: {2E547FA1-68DE-47A5-919E-1FF52D4D780B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6284B664-7C8A-49BE-A11C-D13EABA3DDBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8CCE34A2-29FA-4F06-95B6-5D01F8E4234F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {872BF9DC-1197-47EB-A6B6-1978079855CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E21CA069-75AB-4AD4-ABA7-5449C73C3D36} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [675232 2023-09-17] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8ff6d42d-ed4d-4506-9b4e-9fceb82bfc37}: [DhcpNameServer] 172.20.10.1
FireFox:
========
FF DefaultProfile: cn3uxcgc.default
FF ProfilePath: C:\Users\kirot\AppData\Roaming\Mozilla\Firefox\Profiles\cn3uxcgc.default [2023-04-03]
FF ProfilePath: C:\Users\kirot\AppData\Roaming\Mozilla\Firefox\Profiles\kh8d8vgj.default-release-1692534541647 [2023-10-04]
FF Extension: (Traduisez des sites web dans votre navigateur sans avoir recours au cloud.) - C:\Users\kirot\AppData\Roaming\Mozilla\Firefox\Profiles\kh8d8vgj.default-release-1692534541647\Extensions\firefox-translations-addon@mozilla.org.xpi [2023-08-20]
FF Extension: (uBlock Origin) - C:\Users\kirot\AppData\Roaming\Mozilla\Firefox\Profiles\kh8d8vgj.default-release-1692534541647\Extensions\uBlock0@raymondhill.net.xpi [2023-09-25]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-09-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\kirot\AppData\Local\Google\Chrome\User Data\Default [2023-10-04]
CHR Extension: (Google Docs hors connexion) - C:\Users\kirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-04]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\kirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-04]
Opera:
=======
OPR Profile: C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable [2023-07-28]
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Translator) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2023-06-05]
OPR Extension: (Rich Hints Agent) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-10]
OPR Extension: (Opera Wallet) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-07-10]
OPR Extension: (Aria) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-07-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2023-02-12]
OPR Extension: (uBlock Origin) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2023-07-28]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-03] (Adobe Inc. -> Adobe Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287960 2023-10-04] (Malwarebytes Inc. -> Malwarebytes)
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2023-05-24] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [371152 2023-02-05] (Tonalio GmbH -> Sandboxie-Plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-09-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [20738360 2023-07-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 mshield; C:\Windows\System32\DRIVERS\mshield.sys [43112 2023-05-17] (nordvpn s.a. -> Nordvpn S.A.)
R2 NDivert; C:\Program Files\NordVPN\7.13.3.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [44928 2023-01-17] (nordvpn s.a. -> TEFINCOM S.A.)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [891008 2023-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Bison)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [251912 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2023-05-19] (nordvpn s.a. -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2023-07-30] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2023-10-04 12:26 - 2023-10-04 12:26 - 003343008 _____ (Nicolas Coolman) C:\Users\kirot\ZHPCleaner.exe
2023-10-04 10:23 - 2023-10-04 10:23 - 008791352 _____ (Malwarebytes) C:\Users\kirot\Downloads\adwcleaner.exe
2023-10-04 10:23 - 2023-10-04 10:23 - 003343008 _____ (Nicolas Coolman) C:\Users\kirot\Downloads\ZHPCleaner.exe
2023-10-04 10:20 - 2023-10-04 10:20 - 013905960 _____ (AVAST Software) C:\Users\kirot\Downloads\avastclear.exe
2023-10-03 21:36 - 2023-10-04 11:02 - 000035535 _____ C:\Users\kirot\Downloads\Addition.txt
2023-10-03 21:33 - 2023-10-04 15:19 - 000015474 _____ C:\Users\kirot\Downloads\FRST.txt
2023-10-03 21:32 - 2023-10-04 15:19 - 000000000 ____D C:\FRST
2023-10-03 21:32 - 2023-10-03 21:32 - 000000000 ____D C:\Users\kirot\Downloads\FRST-OlderVersion
2023-10-03 21:29 - 2023-10-03 21:30 - 003511456 _____ (Nicolas Coolman) C:\Users\kirot\Downloads\ZHPSuite.exe
2023-10-03 21:27 - 2023-10-03 21:32 - 002382848 _____ (Farbar) C:\Users\kirot\Downloads\FRST64-2.1.exe
2023-09-30 01:40 - 2023-09-30 01:40 - 000000000 ___HD C:\$WinREAgent
2023-09-27 00:01 - 2023-09-27 00:07 - 000000000 ____D C:\Users\kirot\OneDrive\Documents\Enregistrements audio
2023-09-27 00:01 - 2023-09-27 00:01 - 000265853 _____ C:\Users\kirot\Downloads\Enregistrement.m4a
2023-09-17 12:15 - 2023-10-04 10:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-09-16 21:18 - 2023-09-16 21:18 - 000000000 ____D C:\Users\kirot\AppData\Local\IsolatedStorage
==================== Un mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2023-10-04 15:19 - 2023-02-12 12:18 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-10-04 15:18 - 2023-06-04 15:30 - 000000000 ____D C:\Users\kirot\AppData\Local\Malwarebytes
2023-10-04 15:17 - 2023-02-12 12:17 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-04 15:17 - 2023-02-12 12:11 - 000000000 __SHD C:\Users\kirot\IntelGraphicsProfiles
2023-10-04 15:17 - 2022-09-08 05:12 - 000000000 ____D C:\Windows\SystemTemp
2023-10-04 12:49 - 2023-03-23 12:27 - 000000000 ____D C:\Users\kirot\AppData\Roaming\ZHP
2023-10-04 12:26 - 2023-02-12 12:07 - 000000000 ____D C:\Users\kirot
2023-10-04 11:27 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-04 11:05 - 2023-02-12 11:56 - 001681370 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-04 11:05 - 2019-12-07 16:50 - 000757852 _____ C:\Windows\system32\perfh00C.dat
2023-10-04 11:05 - 2019-12-07 16:50 - 000142606 _____ C:\Windows\system32\perfc00C.dat
2023-10-04 11:05 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-10-04 10:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-10-04 10:57 - 2023-07-27 23:38 - 000000000 ____D C:\Program Files\TeamViewer
2023-10-04 10:57 - 2023-02-12 12:03 - 000000000 ____D C:\Intel
2023-10-04 10:57 - 2023-02-12 11:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-04 10:57 - 2023-02-12 11:49 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-04 10:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2023-10-04 10:56 - 2019-12-07 11:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-10-04 10:54 - 2023-08-31 20:39 - 000000000 ____D C:\Users\kirot\AppData\Local\Avast Software
2023-10-04 10:54 - 2023-02-12 12:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-10-04 10:54 - 2023-02-12 11:49 - 000473200 _____ C:\Windows\system32\FNTCACHE.DAT
2023-10-04 10:52 - 2019-12-07 16:53 - 000000000 ___SD C:\Windows\system32\AppV
2023-10-04 10:52 - 2019-12-07 16:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-10-04 10:21 - 2023-08-31 20:36 - 000000000 ____D C:\ProgramData\Avast Software
2023-10-04 10:14 - 2023-02-12 11:49 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-04 09:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-10-04 09:24 - 2023-02-12 13:15 - 000000000 ____D C:\Users\kirot\AppData\Local\CrashDumps
2023-10-03 21:47 - 2023-02-12 12:14 - 000000000 ____D C:\Users\kirot\AppData\Local\D3DSCache
2023-10-03 21:32 - 2023-03-23 12:27 - 000000000 ____D C:\Users\kirot\AppData\Local\ZHP
2023-10-03 21:29 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-10-02 15:31 - 2023-08-23 23:38 - 000003482 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-10-02 15:31 - 2023-08-02 01:06 - 000003602 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{896700A3-4012-428E-B38A-6433596FCCBF}
2023-10-02 15:31 - 2023-08-02 01:05 - 000003378 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{60BFE965-B9E6-4B86-9B2C-279FE5B02327}
2023-10-02 15:31 - 2023-02-12 21:42 - 000003694 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{A25DFB55-A17D-446C-9387-2C4059DBFBBA}
2023-10-02 15:31 - 2023-02-12 21:42 - 000003470 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{90F981C2-F993-4B89-93D8-AF1EAB611FF2}
2023-10-02 15:31 - 2023-02-12 12:13 - 000003062 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-818727085-2834302555-1898144868-1001
2023-10-02 15:31 - 2023-02-12 12:13 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-818727085-2834302555-1898144868-1001
2023-10-02 15:16 - 2023-02-18 00:34 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-02 15:16 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-02 15:13 - 2023-08-23 23:37 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-09-30 18:53 - 2023-07-30 11:13 - 000000000 ____D C:\Users\kirot\AppData\Local\NordVPN
2023-09-30 01:56 - 2023-02-12 11:52 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-30 01:41 - 2023-02-12 12:23 - 002709096 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-09-30 01:41 - 2023-02-12 12:23 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-09-30 01:41 - 2023-02-12 12:23 - 000095736 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-09-30 01:41 - 2023-02-12 12:23 - 000075360 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-09-30 01:40 - 2023-02-12 12:23 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-09-30 01:40 - 2023-02-12 12:23 - 000210536 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-09-30 01:40 - 2023-02-12 12:23 - 000181864 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-09-30 01:36 - 2023-02-12 12:07 - 000002417 _____ C:\Users\kirot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-30 01:34 - 2023-07-30 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2023-09-30 01:34 - 2023-07-30 11:13 - 000000000 ____D C:\Program Files\NordVPN
2023-09-27 17:39 - 2023-02-14 16:48 - 000000000 ____D C:\Windows\system32\MRT
2023-09-27 17:19 - 2023-02-14 16:48 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-25 14:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-09-25 14:19 - 2023-02-12 12:17 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-16 21:07 - 2023-02-12 12:23 - 000000000 ____D C:\XboxGames
2023-09-10 00:51 - 2023-02-14 17:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
==================== Fichiers à la racine de certains dossiers ========
2023-10-04 12:26 - 2023-10-04 12:26 - 003343008 _____ (Nicolas Coolman) C:\Users\kirot\ZHPCleaner.exe
2023-06-02 11:22 - 2023-06-02 11:22 - 000004462 _____ () C:\Users\kirot\AppData\Local\93751345977
2023-08-25 00:51 - 2023-08-25 00:51 - 000002177 _____ () C:\Users\kirot\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== Fin de FRST.txt ========================
Exécuté par kirot (administrateur) sur DESKTOP-HU2VCAR (UNOWHY Y13G010S4EI) (04-10-2023 15:18:44)
Exécuté depuis C:\Users\kirot\Downloads\FRST64-2.1.exe
Profils chargés: kirot
Plate-forme: Microsoft Windows 10 Professionnel Version 22H2 19045.3448 (X64) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal
==================== Processus (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxEM.exe
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_828ed3dd8704ca78\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_828ed3dd8704ca78\IntelCpHeciSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) C:\Program Files\Sandboxie\SbieSvc.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registre (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)
HKLM\...\Run: [S6000Mnt] => C:\Windows\WebCam\S6000\S6000Mnt.exe [507904 2023-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Alcor)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-08-25] (Adobe Inc. -> )
HKU\S-1-5-21-818727085-2834302555-1898144868-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3395536 2023-02-05] (Tonalio GmbH -> Sandboxie-Plus.com)
HKU\S-1-5-21-818727085-2834302555-1898144868-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [253816 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-818727085-2834302555-1898144868-1001\...\Run: [MicrosoftEdgeAutoLaunch_2FC3D2E9A1FD4BD4738A9D62E22B1225] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe [2023-09-30] (Google LLC -> Google LLC)
==================== Tâches planifiées (Avec liste blanche) =================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
Task: {597C44A0-633D-4493-A3BD-27FC2AEC5B55} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-03] (Adobe Inc. -> Adobe Inc.)
Task: {1E1B0148-A6DE-40B1-8B13-E403D288BD32} - System32\Tasks\GoogleUpdateTaskMachineCore{60BFE965-B9E6-4B86-9B2C-279FE5B02327} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-02-12] (Google LLC -> Google LLC)
Task: {44FE92E9-941C-4676-8F6A-9B948EA90548} - System32\Tasks\GoogleUpdateTaskMachineUA{896700A3-4012-428E-B38A-6433596FCCBF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-02-12] (Google LLC -> Google LLC)
Task: {425C9E9E-449C-4B90-9220-A75CB3EB1250} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [253880 2023-08-25] (Microsoft Corporation -> Microsoft)
Task: {2E547FA1-68DE-47A5-919E-1FF52D4D780B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6284B664-7C8A-49BE-A11C-D13EABA3DDBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8CCE34A2-29FA-4F06-95B6-5D01F8E4234F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {872BF9DC-1197-47EB-A6B6-1978079855CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E21CA069-75AB-4AD4-ABA7-5449C73C3D36} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [675232 2023-09-17] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Avec liste blanche) ====================
(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8ff6d42d-ed4d-4506-9b4e-9fceb82bfc37}: [DhcpNameServer] 172.20.10.1
FireFox:
========
FF DefaultProfile: cn3uxcgc.default
FF ProfilePath: C:\Users\kirot\AppData\Roaming\Mozilla\Firefox\Profiles\cn3uxcgc.default [2023-04-03]
FF ProfilePath: C:\Users\kirot\AppData\Roaming\Mozilla\Firefox\Profiles\kh8d8vgj.default-release-1692534541647 [2023-10-04]
FF Extension: (Traduisez des sites web dans votre navigateur sans avoir recours au cloud.) - C:\Users\kirot\AppData\Roaming\Mozilla\Firefox\Profiles\kh8d8vgj.default-release-1692534541647\Extensions\firefox-translations-addon@mozilla.org.xpi [2023-08-20]
FF Extension: (uBlock Origin) - C:\Users\kirot\AppData\Roaming\Mozilla\Firefox\Profiles\kh8d8vgj.default-release-1692534541647\Extensions\uBlock0@raymondhill.net.xpi [2023-09-25]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-09-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\kirot\AppData\Local\Google\Chrome\User Data\Default [2023-10-04]
CHR Extension: (Google Docs hors connexion) - C:\Users\kirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-04]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\kirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-10-04]
Opera:
=======
OPR Profile: C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable [2023-07-28]
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={searchTerms}&sourceid=opera&ie={inputEncoding}&oe={outputEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Translator) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2023-06-05]
OPR Extension: (Rich Hints Agent) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-10]
OPR Extension: (Opera Wallet) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-07-10]
OPR Extension: (Aria) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-07-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2023-02-12]
OPR Extension: (uBlock Origin) - C:\Users\kirot\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2023-07-28]
==================== Services (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-03] (Adobe Inc. -> Adobe Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287960 2023-10-04] (Malwarebytes Inc. -> Malwarebytes)
S3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [310136 2021-06-11] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2023-05-24] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [371152 2023-02-05] (Tonalio GmbH -> Sandboxie-Plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-09-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [20738360 2023-07-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Pilotes (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 mshield; C:\Windows\System32\DRIVERS\mshield.sys [43112 2023-05-17] (nordvpn s.a. -> Nordvpn S.A.)
R2 NDivert; C:\Program Files\NordVPN\7.13.3.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [44928 2023-01-17] (nordvpn s.a. -> TEFINCOM S.A.)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [891008 2023-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Bison)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [251912 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2023-05-19] (nordvpn s.a. -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2023-07-30] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
==================== NetSvcs (Avec liste blanche) ===================
(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)
==================== Un mois (créés) (Avec liste blanche) =========
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2023-10-04 12:26 - 2023-10-04 12:26 - 003343008 _____ (Nicolas Coolman) C:\Users\kirot\ZHPCleaner.exe
2023-10-04 10:23 - 2023-10-04 10:23 - 008791352 _____ (Malwarebytes) C:\Users\kirot\Downloads\adwcleaner.exe
2023-10-04 10:23 - 2023-10-04 10:23 - 003343008 _____ (Nicolas Coolman) C:\Users\kirot\Downloads\ZHPCleaner.exe
2023-10-04 10:20 - 2023-10-04 10:20 - 013905960 _____ (AVAST Software) C:\Users\kirot\Downloads\avastclear.exe
2023-10-03 21:36 - 2023-10-04 11:02 - 000035535 _____ C:\Users\kirot\Downloads\Addition.txt
2023-10-03 21:33 - 2023-10-04 15:19 - 000015474 _____ C:\Users\kirot\Downloads\FRST.txt
2023-10-03 21:32 - 2023-10-04 15:19 - 000000000 ____D C:\FRST
2023-10-03 21:32 - 2023-10-03 21:32 - 000000000 ____D C:\Users\kirot\Downloads\FRST-OlderVersion
2023-10-03 21:29 - 2023-10-03 21:30 - 003511456 _____ (Nicolas Coolman) C:\Users\kirot\Downloads\ZHPSuite.exe
2023-10-03 21:27 - 2023-10-03 21:32 - 002382848 _____ (Farbar) C:\Users\kirot\Downloads\FRST64-2.1.exe
2023-09-30 01:40 - 2023-09-30 01:40 - 000000000 ___HD C:\$WinREAgent
2023-09-27 00:01 - 2023-09-27 00:07 - 000000000 ____D C:\Users\kirot\OneDrive\Documents\Enregistrements audio
2023-09-27 00:01 - 2023-09-27 00:01 - 000265853 _____ C:\Users\kirot\Downloads\Enregistrement.m4a
2023-09-17 12:15 - 2023-10-04 10:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-09-16 21:18 - 2023-09-16 21:18 - 000000000 ____D C:\Users\kirot\AppData\Local\IsolatedStorage
==================== Un mois (modifiés) ==================
(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)
2023-10-04 15:19 - 2023-02-12 12:18 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-10-04 15:18 - 2023-06-04 15:30 - 000000000 ____D C:\Users\kirot\AppData\Local\Malwarebytes
2023-10-04 15:17 - 2023-02-12 12:17 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-04 15:17 - 2023-02-12 12:11 - 000000000 __SHD C:\Users\kirot\IntelGraphicsProfiles
2023-10-04 15:17 - 2022-09-08 05:12 - 000000000 ____D C:\Windows\SystemTemp
2023-10-04 12:49 - 2023-03-23 12:27 - 000000000 ____D C:\Users\kirot\AppData\Roaming\ZHP
2023-10-04 12:26 - 2023-02-12 12:07 - 000000000 ____D C:\Users\kirot
2023-10-04 11:27 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-04 11:05 - 2023-02-12 11:56 - 001681370 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-04 11:05 - 2019-12-07 16:50 - 000757852 _____ C:\Windows\system32\perfh00C.dat
2023-10-04 11:05 - 2019-12-07 16:50 - 000142606 _____ C:\Windows\system32\perfc00C.dat
2023-10-04 11:05 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-10-04 10:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-10-04 10:57 - 2023-07-27 23:38 - 000000000 ____D C:\Program Files\TeamViewer
2023-10-04 10:57 - 2023-02-12 12:03 - 000000000 ____D C:\Intel
2023-10-04 10:57 - 2023-02-12 11:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-04 10:57 - 2023-02-12 11:49 - 000008192 ___SH C:\DumpStack.log.tmp
2023-10-04 10:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2023-10-04 10:56 - 2019-12-07 11:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-10-04 10:54 - 2023-08-31 20:39 - 000000000 ____D C:\Users\kirot\AppData\Local\Avast Software
2023-10-04 10:54 - 2023-02-12 12:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-10-04 10:54 - 2023-02-12 11:49 - 000473200 _____ C:\Windows\system32\FNTCACHE.DAT
2023-10-04 10:52 - 2019-12-07 16:53 - 000000000 ___SD C:\Windows\system32\AppV
2023-10-04 10:52 - 2019-12-07 16:53 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-10-04 10:52 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-10-04 10:21 - 2023-08-31 20:36 - 000000000 ____D C:\ProgramData\Avast Software
2023-10-04 10:14 - 2023-02-12 11:49 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-04 09:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-10-04 09:24 - 2023-02-12 13:15 - 000000000 ____D C:\Users\kirot\AppData\Local\CrashDumps
2023-10-03 21:47 - 2023-02-12 12:14 - 000000000 ____D C:\Users\kirot\AppData\Local\D3DSCache
2023-10-03 21:32 - 2023-03-23 12:27 - 000000000 ____D C:\Users\kirot\AppData\Local\ZHP
2023-10-03 21:29 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-10-02 15:31 - 2023-08-23 23:38 - 000003482 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-10-02 15:31 - 2023-08-02 01:06 - 000003602 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{896700A3-4012-428E-B38A-6433596FCCBF}
2023-10-02 15:31 - 2023-08-02 01:05 - 000003378 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{60BFE965-B9E6-4B86-9B2C-279FE5B02327}
2023-10-02 15:31 - 2023-02-12 21:42 - 000003694 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{A25DFB55-A17D-446C-9387-2C4059DBFBBA}
2023-10-02 15:31 - 2023-02-12 21:42 - 000003470 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{90F981C2-F993-4B89-93D8-AF1EAB611FF2}
2023-10-02 15:31 - 2023-02-12 12:13 - 000003062 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-818727085-2834302555-1898144868-1001
2023-10-02 15:31 - 2023-02-12 12:13 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-818727085-2834302555-1898144868-1001
2023-10-02 15:16 - 2023-02-18 00:34 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-02 15:16 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-02 15:13 - 2023-08-23 23:37 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-09-30 18:53 - 2023-07-30 11:13 - 000000000 ____D C:\Users\kirot\AppData\Local\NordVPN
2023-09-30 01:56 - 2023-02-12 11:52 - 003014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-30 01:41 - 2023-02-12 12:23 - 002709096 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-09-30 01:41 - 2023-02-12 12:23 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-09-30 01:41 - 2023-02-12 12:23 - 000095736 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-09-30 01:41 - 2023-02-12 12:23 - 000075360 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-09-30 01:40 - 2023-02-12 12:23 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-09-30 01:40 - 2023-02-12 12:23 - 000210536 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-09-30 01:40 - 2023-02-12 12:23 - 000181864 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-09-30 01:36 - 2023-02-12 12:07 - 000002417 _____ C:\Users\kirot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-30 01:34 - 2023-07-30 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2023-09-30 01:34 - 2023-07-30 11:13 - 000000000 ____D C:\Program Files\NordVPN
2023-09-27 17:39 - 2023-02-14 16:48 - 000000000 ____D C:\Windows\system32\MRT
2023-09-27 17:19 - 2023-02-14 16:48 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-25 14:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-09-25 14:19 - 2023-02-12 12:17 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-16 21:07 - 2023-02-12 12:23 - 000000000 ____D C:\XboxGames
2023-09-10 00:51 - 2023-02-14 17:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
==================== Fichiers à la racine de certains dossiers ========
2023-10-04 12:26 - 2023-10-04 12:26 - 003343008 _____ (Nicolas Coolman) C:\Users\kirot\ZHPCleaner.exe
2023-06-02 11:22 - 2023-06-02 11:22 - 000004462 _____ () C:\Users\kirot\AppData\Local\93751345977
2023-08-25 00:51 - 2023-08-25 00:51 - 000002177 _____ () C:\Users\kirot\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)
==================== Fin de FRST.txt ========================