Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 23-05-2021
Exécuté par Théodore (administrateur) sur LAPTOP-S5IUICR6 (HP HP Laptop 15-db0xxx) (23-05-2021 17:42:18)
Exécuté depuis C:\Users\Théodore\Desktop
Profils chargés: Théodore
Platform: Windows 10 Home Version 2004 19041.985 (X64) Langue: Français (France)
Navigateur par défaut: Chrome
Mode d'amorçage: Normal

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0358309.inf_amd64_43a6e326713b5bdb\B357813\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0358309.inf_amd64_43a6e326713b5bdb\B357813\atiesrxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Discord Inc. -> Discord Inc.) C:\Users\Théodore\AppData\Local\Discord\app-1.0.9001\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tencent Technology(Shenzhen) Company Limited -> Tencent) C:\Program Files\txgameassistant\appmarket\QMEmulatorService.exe

==================== Registre (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617808 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [118496 2021-05-01] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKU\S-1-5-21-3360816729-2502077305-453837097-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3360816729-2502077305-453837097-1001\...\Run: [Discord] => C:\Users\Théodore\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3360816729-2502077305-453837097-1001\...\Run: [com.blitz.app] => C:\Users\Théodore\AppData\Local\Blitz\Update.exe [1921680 2020-03-26] (Swift Media Entertainment, Inc. -> Blitz Inc.)
HKU\S-1-5-21-3360816729-2502077305-453837097-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5536440 2021-04-27] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3360816729-2502077305-453837097-1001\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [5682320 2021-02-25] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-5-21-3360816729-2502077305-453837097-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-05-19] (Valve -> Valve Corporation)
HKU\S-1-5-21-3360816729-2502077305-453837097-1001\...\MountPoints2: {86bffda8-ea2d-11ea-94b7-7440bb0cbdde} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3360816729-2502077305-453837097-1001\...\MountPoints2: {99e7c6ed-7119-11eb-94d1-7440bb0cbdde} - "F:\HiSuiteDownLoader.exe" 
HKLM\...\Windows x64\Print Processors\Canon MX470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC2.DLL [30208 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-14] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Tâches planifiées (Avec liste blanche) ============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {1619ABC2-8AC1-435A-8E56-BDAB39D10B32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-11] (Google Inc -> Google LLC)
Task: {528A00D6-F280-4734-AEF1-E540C72CAFC0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {59783FEB-A380-4E7A-BBA0-F182B4F3D538} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-07-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {608B8365-3130-4EC4-A1CE-8F28CAF4ABF7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {64DAA0F1-2946-495B-90DB-D427C284DB21} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-07-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {6F8500C6-D6D3-4570-A237-5969C911E755} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4699872 2021-05-01] (Avast Software s.r.o. -> AVAST Software)
Task: {863E058A-05BD-4F70-A92A-800FC68A4A1E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22764408 2020-09-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {97AC90F7-F9AD-4F1D-954A-5B92AC30A459} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-11] (Google Inc -> Google LLC)
Task: {9A6BCD94-A603-44CA-9C73-9F4ECE720EA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22764408 2020-09-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F0AB09A-3BBE-4336-8E75-0AA402760791} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-05-01] (Avast Software s.r.o. -> Avast Software)
Task: {B27F25D8-4A68-469B-9C3B-738BB734744D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)


==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: 127.0.0.1       activate.navicat.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{650b75c9-18c2-4c40-ad59-f98ec1f0085c}: [NameServer] 162.252.172.57,149.154.159.92
Tcpip\..\Interfaces\{650b75c9-18c2-4c40-ad59-f98ec1f0085c}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f209c53b-1368-48d9-b479-3627be104cd0}: [DhcpNameServer] 192.168.1.254
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge: 
=======
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge Profile: C:\Users\Théodore\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-23]

FireFox:
========
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default [2021-05-23]
CHR StartupUrls: Default -> "hxxp://google.fr/"
CHR Extension: (Slides) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-11]
CHR Extension: (Docs) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-11]
CHR Extension: (Google Drive) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-11]
CHR Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-21]
CHR Extension: (uBlock Origin) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-21]
CHR Extension: (Sheets) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-11]
CHR Extension: (HTTPS partout) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-04-18]
CHR Extension: (Google Docs hors connexion) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-21]
CHR Extension: (Ghostery – Bloqueur de publicité protégeant la vie privée) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-03-01]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2021-01-03]
CHR Extension: (Gmail) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Théodore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]