Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-01-2021 01 Ran by Jean-Christophe (administrator) on DESKTOP-3SDP51R (Acer Aspire one 1-131) (26-01-2021 17:38:09) Running from C:\Users\Administrator.DESKTOP-3SDP51R\Desktop Loaded Profiles: Jean-Christophe Platform: Windows 10 Pro Version 1703 15063.608 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Druide Informatique Inc. -> Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 10\Application\Bin64\AgentAntidote.exe (Druide Informatique Inc. -> Druide informatique inc.) C:\Program Files (x86)\Druide\Connectix 10\Application\Bin64\AgentConnectix.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8> (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [AgentConnectix64] => C:\Program Files (x86)\Druide\Connectix 10\Application\Bin64\AgentConnectix.exe [2872936 2019-04-30] (Druide Informatique Inc. -> Druide informatique inc.) HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:autoplay;backup;easeofaccess-closedcaptioning;easeofaccess-highcontrast;easeofaccess-keyboard;easeofaccess-magnifier;easeofaccess-mouse;easeofaccess-narrator;easeofaccess-otheroptions;gaming-broa (the data entry has 112 more characters). HKU\S-1-5-21-2756927612-10717093-2089134081-500\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> ) HKU\S-1-5-21-2756927612-10717093-2089134081-500\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\...\Print\Monitors\IppMon: C:\Windows\system32\IPPMon.dll [225792 2017-03-18] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\...\Winlogon\GPExtensions: [{9650FDBC-053A-4715-AD14-FC2DC65E8330}] -> C:\Windows\system32\hvsigpext.dll [2017-03-19] (Microsoft Windows -> ) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\Users\Administrator\NTUSER.pol: Restriction <==== ATTENTION Policies: C:\Users\Administrator.DESKTOP-3SDP51R\NTUSER.pol: Restriction <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A7246C-FDD2-48C2-A873-AA2D9B77465A} - System32\Tasks\Microsoft\Windows\Maintenance\WinSAT => {A9A33436-678B-4C9C-A211-7CC38785E79D} Task: {0331F43B-FCE9-4EDE-9FCE-DC0DC0214C07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {065067E4-27B2-4646-BA30-33C0EE0CD316} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-30] (Google Inc -> Google Inc.) Task: {2F0BC1EA-793A-4C13-B19F-267A7DFF6702} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-30] (Google Inc -> Google Inc.) Task: {520F86EC-C5DB-41FF-82B3-E663FE0F008D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd) Task: {67B9A00B-839C-4225-A8BD-B2B010442C83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd) Task: {841E4420-306A-4ED2-890A-BE95B09DDD64} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {8E2369CB-F097-42B6-9E27-A0B73090A61E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe Task: {9D61B7D6-60A3-4B6C-A43F-FC0F6FBA9E86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {EDBF0E3C-0F4C-4CE5-BBD3-66E48273F6E4} - System32\Tasks\bklVvgvXgAlRDIC => rundll32 "C:\Users\Jean-Christophe\AppData\Local\Temp\FIRAWjfGQJGclXpaI\ZPqjSGRTXDNAqErs\EfVfNtp.dll",#1 /adp RVDL5YVDL0TVDL9DWDL1XUDL8MVDL9XUDL5NWDL4MVDL7UWDL9TVDL0HWDL8RWDL1CXDL2WWDL9 /site_id 751 <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\bklVvgvXgAlRDIC.job => C:\Users\Jean-Christophe\AppData\Local\Temp\FIRAWjfGQJGclXpaI\ZPqjSGRTXDNAqErs\EfVfNtp.dll <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e931c2a2-5021-4483-94b7-8a7fe4bbf2b9}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF DefaultProfile: 9g1hj5cw.default FF ProfilePath: C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\9g1hj5cw.default [2020-05-03] FF Extension: (Antidote) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\9g1hj5cw.default\Extensions\antidote_uni10_firefox@druide.com.xpi [2019-04-16] [UpdateUrl:hxxps://www.druide.com/telecharger/texteurs/Mozilla/commun/maj_antidote_mozilla.php?id=%ITEM_ID%&version=%ITEM_VERSION%&appid=%APP_ID%&appversion=%APP_VERSION%&appos=%APP_OS%&appabi=%APP_ABI%&applocale=%APP_LOCALE%;&itemstatus=%ITEM_STATUS%] FF Extension: (Avira Password Manager) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\9g1hj5cw.default\Extensions\passwordmanager@avira.com [2020-03-06] FF ProfilePath: C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\Mozilla\Firefox\Profiles\q29m2e1l.default-release-1605439988070 [2021-01-26] FF Notifications: Mozilla\Firefox\Profiles\q29m2e1l.default-release-1605439988070 -> hxxps://www.cnetfrance.fr FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-20] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default [2020-11-09] CHR Extension: (Slides) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-02] CHR Extension: (Docs) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-02] CHR Extension: (Google Drive) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25] CHR Extension: (YouTube) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-02] CHR Extension: (Avira Password Manager) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-11-07] CHR Extension: (Antidote) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\cchfigjcpjmclmmphipdkeocklpnjecm [2020-11-07] CHR Extension: (Sheets) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-02] CHR Extension: (Google Docs hors connexion) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-03] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-17] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-02] CHR Extension: (Gmail) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-03] CHR Extension: (Chrome Media Router) - C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-19] CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM\...\Chrome\Extension: [cchfigjcpjmclmmphipdkeocklpnjecm] CHR HKU\S-1-5-21-2756927612-10717093-2089134081-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [cchfigjcpjmclmmphipdkeocklpnjecm] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-25] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-09-14] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-01-25] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-25] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2021-01-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [141472 2021-01-25] (Malwarebytes Inc -> Malwarebytes) R3 MpKslb2e6bc37; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B430EB6A-A930-45E9-A102-D9628E82067D}\MpKslDrv.sys [91376 2021-01-25] (Microsoft Windows -> Microsoft Corporation) S3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2020-02-24] (Avira Operations GmbH & Co. KG -> The OpenVPN Project) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Windows -> Microsoft Corporation) U4 dcpsvc; no ImagePath U2 DiagTrack; no ImagePath S3 kdnic; \SystemRoot\System32\drivers\kdnic.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-26 17:38 - 2021-01-26 17:39 - 000013783 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\FRST.txt 2021-01-26 17:37 - 2021-01-26 17:38 - 000000000 ____D C:\FRST 2021-01-26 17:36 - 2021-01-26 17:37 - 002297344 _____ (Farbar) C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\FRST64.exe 2021-01-25 20:04 - 2021-01-25 20:04 - 000257921 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\ZHPDiag.txt 2021-01-25 19:55 - 2021-01-25 19:55 - 000001542 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\malwarebytes.txt 2021-01-25 19:36 - 2021-01-25 19:36 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2021-01-25 19:35 - 2021-01-25 19:35 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2021-01-25 19:35 - 2021-01-25 19:35 - 000141472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2021-01-25 19:34 - 2021-01-25 19:34 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\mbam 2021-01-25 19:33 - 2021-01-25 19:33 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-01-25 19:33 - 2021-01-25 19:33 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-01-25 19:33 - 2021-01-25 19:33 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2021-01-25 19:33 - 2021-01-25 19:33 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2021-01-25 19:33 - 2021-01-25 19:33 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-01-25 19:33 - 2021-01-25 19:33 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-01-25 19:33 - 2021-01-25 19:33 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-01-25 19:22 - 2021-01-25 19:22 - 000002088 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\AdwCleaner[S03].txt 2021-01-25 19:17 - 2021-01-25 19:17 - 000004913 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\ZHPCleaner (S).txt 2021-01-25 13:03 - 2021-01-25 20:04 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\ZHP 2021-01-25 13:03 - 2021-01-25 19:56 - 000000889 _____ C:\Users\Administrator.DESKTOP-3SDP51R\Desktop\ZHPSuite.lnk 2021-01-25 13:03 - 2021-01-25 19:00 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Local\ZHP 2021-01-19 17:08 - 2021-01-25 19:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-26 17:36 - 2019-01-30 18:26 - 000000000 ____D C:\ProgramData\Mozilla 2021-01-26 17:35 - 2019-06-03 18:52 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\LocalLow\Mozilla 2021-01-26 17:31 - 2020-03-06 09:49 - 000000000 ____D C:\Program Files\CCleaner 2021-01-26 17:31 - 2019-06-03 19:43 - 000000000 ___RD C:\Users\Administrator.DESKTOP-3SDP51R\Google Drive 2021-01-25 21:38 - 2018-04-28 17:32 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-01-25 19:33 - 2020-11-19 10:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-01-25 19:33 - 2017-03-18 22:03 - 000000000 ___HD C:\Windows\ELAMBKUP 2021-01-25 19:28 - 2018-04-28 17:38 - 001483710 _____ C:\Windows\system32\PerfStringBackup.INI 2021-01-25 19:24 - 2018-04-30 18:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-01-25 19:24 - 2018-04-28 17:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-01-25 19:24 - 2017-03-18 12:40 - 000032768 _____ C:\Windows\system32\config\BBI 2021-01-25 19:19 - 2019-06-01 11:40 - 000000000 ___HD C:\Windows\rss 2021-01-21 17:19 - 2018-04-30 18:49 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-01-18 17:12 - 2020-03-06 09:49 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update 2021-01-04 13:43 - 2020-04-20 16:06 - 000000000 ____D C:\Users\Administrator.DESKTOP-3SDP51R\AppData\Roaming\994d67d60f02 ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully ==================== End of FRST.txt ========================