Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2021 Exécuté par Frances (administrateur) sur ELODIE (LENOVO 80E3) (31-10-2021 17:54:08) Exécuté depuis C:\Users\Frances\Desktop Profils chargés: Frances & Invité Plate-forme: Microsoft Windows 8.1 (Update) (X64) Langue: Français (France) Navigateur par défaut: FF Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) () [Fichier non signé] C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe () [Fichier non signé] C:\Program Files\Lenovo PhoneCompanion\adb.exe (Advanced Micro Devices Inc.) [Fichier non signé] [Fichier en cours d'utilisation] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ATI Technologies Inc.) [Fichier non signé] [Fichier en cours d'utilisation] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe (Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe (Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe (LENOVO -> LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Nitro PDF Software -> Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe (Realtek Semiconductor Corporation) [Fichier non signé] C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> ) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [Fichier non signé] HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2014-02-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation) [Fichier non signé] HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-08-26] (Lenovo (Beijing) Limited -> Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-08-26] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-08-26] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [snp2uvc] => C:\WINDOWS\vsnp2uvc.exe HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-504155008-3405910705-3580942356-1002\...\MountPoints2: {1d49f6cb-2d05-11e4-8255-806e6f6e6963} - "E:\InstallNavi.exe" HKU\S-1-5-21-504155008-3405910705-3580942356-1002\...\MountPoints2: {22344062-8c84-11e4-825b-38b1db38cfdc} - "F:\LGAutoRun.exe" HKU\S-1-5-21-504155008-3405910705-3580942356-1002\...\MountPoints2: {af75a31e-4729-11e5-82a6-38b1db38cfdc} - "F:\Startme.exe" HKU\S-1-5-21-504155008-3405910705-3580942356-501\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform HKLM\...\Print\Monitors\EPSON XP-243 245 247 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBRFE.DLL [182784 2015-12-08] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2015-12-24] (SEIKO EPSON CORPORATION) [Fichier non signé] HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2013-01-25] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\WINDOWS\system32\nitrolocalmon9.dll [29704 2013-12-12] (Nitro PDF Software -> Nitro PDF Software) HKLM\Software\...\Authentication\Credential Providers: [{d0869df6-64b0-4289-b483-9bff61394420}] -> C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfCredProv.dll [2014-08-26] (Lenovo (Beijing) Limited -> ) GroupPolicy: Restriction ? <==== ATTENTION ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {026E2418-F5A4-49A4-95F2-21A53C32244A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16672 2014-10-16] (LENOVO -> Lenovo) Task: {1D68F133-C697-41A7-A9AE-43E5614D2EF1} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [148768 2014-10-16] (LENOVO -> ) Task: {392420B0-9EA9-48D2-90A3-F07ABDC42E00} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1360672 2014-10-16] (LENOVO -> Lenovo) Task: {5F6592C5-A08E-470F-BE32-449C429B35BD} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [95192 2013-03-08] (CyberLink Corp. -> CyberLink Corp.) Task: {7CAD6BC5-A18B-447F-A21C-CA28F63123CD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [914120 2015-07-01] (Microsoft Corporation -> Microsoft Corporation) Task: {8C9F112E-C0EB-46BD-A3F5-06B0A85D9BDA} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [148768 2014-10-16] (LENOVO -> ) Task: {8E7FA746-CF52-403B-A964-C448461D8D24} - System32\Tasks\{3DC79793-EFFF-4F7A-BF8A-358E3C4D7E27} => C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\SafeWeb\uninstall.exe -c /kb=y /ic=1 Task: {BEFCCF89-EE71-4C43-8D31-A8CF62E7756D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270208 2014-10-16] (LENOVO -> Lenovo) Task: {D2ECCC78-9734-4BAF-ACFD-E2DAAF590803} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {DB5A9B1E-82BA-4A31-B7FA-0EBCAE4D5A6C} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [33536 2014-05-21] (LENOVO -> ) Task: {DEB41226-091A-4C0D-A955-54794B620BC8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [914120 2015-07-01] (Microsoft Corporation -> Microsoft Corporation) Task: {E9346FA2-E394-4E7C-81F3-B1FA421DFFD3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [17184 2014-05-30] (LENOVO -> Lenovo) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 109.0.66.20 109.0.66.10 Tcpip\..\Interfaces\{44772E1F-9E62-4C8B-BF0A-295F966FB8F8}: [DhcpNameServer] 109.0.66.20 109.0.66.10 Tcpip\..\Interfaces\{4A192E8A-298D-4175-9D29-8B3EFE8BB7E2}: [DhcpNameServer] 150.212.1.2 FireFox: ======== FF DefaultProfile: y7rj5iej.default FF ProfilePath: C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\y7rj5iej.default [2021-10-31] FF Homepage: Mozilla\Firefox\Profiles\y7rj5iej.default -> hxxp//www.google.com FF Extension: (Adblock Plus) - C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\y7rj5iej.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-30] [] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-26] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF Software -> Nitro PDF) ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-18] (Advanced Micro Devices, Inc.) [Fichier non signé] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [Fichier non signé] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation -> Microsoft Corporation) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2016-01-13] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Fichier non signé] S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (LENOVO -> Lenovo) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO -> LENOVO INCORPORATED.) R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-26] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] (LENOVO -> ) S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo -> Lenovo(beijing) Limited) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7826104 2021-10-30] (Malwarebytes Inc -> Malwarebytes) R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software -> Nitro PDF Software) R2 nlsX86cc; C:\WINDOWS\SysWOW64\NLSSRV32.EXE [69640 2013-12-12] (Nitro PDF Software -> Nalpeiron Ltd.) R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-08-26] (Lenovo (Beijing) Limited -> Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-08-26] (Lenovo (Beijing) Limited -> Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> ) R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-08-26] (Lenovo (Beijing) Limited -> ) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation -> Microsoft Corporation) S2 vgSHDaF; "C:\ProgramData\tMwuRY\vgSHDaF.exe" [X] ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 andnetadb; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Google Inc) S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) S3 andnetndis; C:\WINDOWS\system32\DRIVERS\lgandnetndis64.sys [93184 2011-09-16] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation -> AppEx Networks Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-30] (Malwarebytes Inc -> Malwarebytes) S3 MotioninJoyXFilter; C:\WINDOWS\System32\drivers\MijXfilt.sys [121416 2012-05-12] (Shenzhen Saikeware Technology Co., Ltd. -> MotioninJoy) R3 SNP2UVC; C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2853400 2014-01-23] (Sonix Technology CO., LTD -> Sonix Co. Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Windows -> Microsoft Corporation) S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink) R3 WUDFWpdComp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Windows -> Microsoft Corporation) S3 MpKsl0b45f0cc; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{052C62C7-08A1-4019-B790-49AC8790BF10}\MpKslDrv.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2021-10-31 14:13 - 2021-10-31 14:13 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-10-30 18:26 - 2021-10-30 18:26 - 000013892 _____ C:\Users\Frances\Desktop\NBAM.txt 2021-10-30 17:55 - 2021-10-31 14:13 - 000000000 ____D C:\Users\Frances\AppData\LocalLow\IGDump 2021-10-30 17:54 - 2021-10-30 17:54 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-10-30 17:54 - 2021-10-30 17:54 - 000001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-10-30 17:54 - 2021-10-30 17:54 - 000001975 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-10-30 17:54 - 2021-10-30 17:54 - 000000000 ____D C:\Users\Frances\AppData\Local\mbam 2021-10-30 17:54 - 2021-10-30 17:53 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-10-30 17:52 - 2021-10-30 17:52 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-10-30 17:52 - 2021-10-30 17:52 - 000000000 ____D C:\Program Files\Malwarebytes 2021-10-30 17:51 - 2021-10-30 17:51 - 002101944 _____ (Malwarebytes) C:\Users\Frances\Desktop\MBSetup.exe 2021-10-30 17:47 - 2021-10-30 17:48 - 000005885 _____ C:\Users\Frances\Desktop\AdwCleaner[C00].txt 2021-10-30 17:47 - 2021-10-30 17:47 - 000012340 _____ C:\Users\Frances\Desktop\AdwCleaner[S00].txt 2021-10-30 17:39 - 2021-10-30 17:40 - 000000000 ____D C:\AdwCleaner 2021-10-30 17:38 - 2021-10-30 17:38 - 008553680 _____ (Malwarebytes) C:\Users\Frances\Desktop\adwcleaner_8.3.0.exe 2021-10-30 17:36 - 2021-10-30 17:36 - 000069781 _____ C:\Users\Frances\Desktop\ZHPCleaner (R).txt 2021-10-30 17:26 - 2021-10-30 17:26 - 000072764 _____ C:\Users\Frances\Desktop\ZHPCleaner (S).txt 2021-10-30 17:09 - 2021-10-30 17:09 - 000000888 _____ C:\Users\Frances\Desktop\ZHPCleaner.lnk 2021-10-30 17:08 - 2021-10-30 17:08 - 003290264 _____ (Nicolas Coolman) C:\Users\Frances\Desktop\ZHPCleaner.exe 2021-10-30 16:59 - 2021-10-30 16:59 - 000003096 _____ C:\WINDOWS\system32\Tasks\{3DC79793-EFFF-4F7A-BF8A-358E3C4D7E27} 2021-10-30 16:14 - 2021-10-30 16:14 - 001004586 _____ C:\Users\Frances\Desktop\Wub.zip 2021-10-30 16:14 - 2021-10-30 16:14 - 000000000 ____D C:\Users\Frances\Desktop\Wub 2021-10-30 15:40 - 2016-02-11 21:17 - 001663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-10-30 15:40 - 2016-02-11 21:17 - 001490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-10-30 15:37 - 2021-10-30 15:55 - 000068598 _____ C:\Users\Frances\Desktop\Shortcut.txt 2021-10-30 15:29 - 2021-10-30 15:55 - 000084116 _____ C:\Users\Frances\Desktop\Addition.txt 2021-10-30 15:17 - 2021-10-31 17:55 - 000017337 _____ C:\Users\Frances\Desktop\FRST.txt 2021-10-30 15:16 - 2021-10-31 17:55 - 000000000 ____D C:\FRST 2021-10-30 15:14 - 2021-10-30 15:14 - 002310656 _____ (Farbar) C:\Users\Frances\Desktop\FRST64.exe 2021-10-30 15:07 - 2021-10-30 15:07 - 000351008 _____ C:\WINDOWS\Minidump\103021-32968-01.dmp 2021-10-30 14:58 - 2021-10-31 17:47 - 000280763 _____ C:\Users\Frances\Desktop\ZHPDiag.txt 2021-10-30 14:49 - 2021-10-31 17:49 - 000000000 ____D C:\Users\Frances\AppData\Roaming\ZHP 2021-10-30 14:49 - 2021-10-30 17:09 - 000000000 ____D C:\Users\Frances\AppData\Local\ZHP 2021-10-30 14:49 - 2021-10-30 14:49 - 000000878 _____ C:\Users\Frances\Desktop\ZHPSuite.lnk 2021-10-30 14:44 - 2021-10-30 14:44 - 003476632 _____ (Nicolas Coolman) C:\Users\Frances\Desktop\ZHPSuite.exe 2021-10-29 11:09 - 2021-10-29 11:09 - 000003174 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-504155008-3405910705-3580942356-1002 2021-10-29 11:09 - 2021-10-29 11:09 - 000002390 _____ C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive Entreprise.lnk ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2021-10-31 17:57 - 2014-12-26 01:18 - 000003596 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-504155008-3405910705-3580942356-1002 2021-10-31 17:47 - 2015-08-07 01:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-10-31 17:35 - 2014-08-26 20:31 - 000812350 _____ C:\WINDOWS\system32\perfh00C.dat 2021-10-31 17:35 - 2014-08-26 20:31 - 000159412 _____ C:\WINDOWS\system32\perfc00C.dat 2021-10-31 17:35 - 2014-03-18 10:53 - 001824010 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-10-31 17:35 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2021-10-31 17:34 - 2014-12-26 01:24 - 000003936 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{DA49CB72-43EB-42EA-AFEB-0A260B9939E6} 2021-10-31 14:23 - 2014-08-26 11:31 - 003092491 _____ C:\WINDOWS\SysWOW64\rootpa.e2e 2021-10-31 14:21 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-10-31 14:21 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI 2021-10-31 14:20 - 2014-08-26 12:26 - 000004608 _____ C:\WINDOWS\system32\VfService.trf 2021-10-31 14:09 - 2014-08-26 12:39 - 000000000 ____D C:\ProgramData\LU 2021-10-31 14:08 - 2015-06-27 12:35 - 000001279 _____ C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk 2021-10-30 18:27 - 2015-01-10 17:14 - 000000000 ___SD C:\WINDOWS\system32\CompatTel 2021-10-30 18:27 - 2015-01-10 17:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2021-10-30 18:27 - 2014-12-26 01:12 - 000000000 ____D C:\Users\Frances 2021-10-30 18:27 - 2013-08-22 16:36 - 000000000 ___RD C:\WINDOWS\ToastData 2021-10-30 18:25 - 2015-04-16 07:29 - 000000000 ____D C:\ProgramData\Radio 2021-10-30 18:25 - 2015-03-01 21:20 - 000000000 ____D C:\Users\Invité 2021-10-30 16:52 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2021-10-30 16:52 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2021-10-30 16:22 - 2016-05-26 21:19 - 000215552 ___SH C:\Users\Frances\Desktop\Thumbs.db 2021-10-30 16:20 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-10-30 16:17 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy 2021-10-30 16:06 - 2015-03-25 09:04 - 000356864 ___SH C:\Users\Frances\Downloads\Thumbs.db 2021-10-30 15:26 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2021-10-30 15:26 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-10-30 15:20 - 2014-12-26 01:13 - 000000000 ____D C:\Users\Frances\AppData\Local\Packages 2021-10-30 15:07 - 2015-03-14 12:10 - 731732373 _____ C:\WINDOWS\MEMORY.DMP 2021-10-30 15:07 - 2015-03-14 12:10 - 000000000 ____D C:\WINDOWS\Minidump 2021-10-30 15:05 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-10-30 14:18 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache 2021-10-29 14:23 - 2015-03-01 21:21 - 000001065 _____ C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2021-10-29 14:23 - 2014-12-26 01:13 - 000001065 _____ C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ==================== Fichiers à la racine de certains dossiers ======== 2014-12-26 01:13 - 2021-10-31 17:52 - 000712469 _____ () C:\Users\Frances\AppData\Local\BTServer.log ==================== SigCheckExt ========================= 2014-08-26 11:36 - 2013-04-23 12:55 - 000003372 _____ C:\WINDOWS\system32\bt_only_chip_bt40_fw_asic_rom_patch.dll 2015-12-24 13:40 - 2015-12-24 13:40 - 000500736 ____S (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll 2015-12-24 13:43 - 2015-12-24 13:43 - 002646528 ____S (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll 2015-12-24 13:40 - 2015-12-24 13:40 - 000500736 ____S (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll 2015-12-24 13:43 - 2015-12-24 13:43 - 002646528 ____S (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll 2014-04-18 21:56 - 2014-04-18 21:56 - 000051200 _____ C:\WINDOWS\system32\kdbsdk64.dll 2014-08-26 11:36 - 2013-10-08 15:00 - 000040916 _____ C:\WINDOWS\system32\rlt8723a_chip_bt40_fw_asic_rom_patch.dll 2014-08-26 11:36 - 2013-05-20 15:55 - 000006752 _____ C:\WINDOWS\system32\rtl8723b_chip_bt40_fw_asic_rom_patch.dll 2014-08-26 11:36 - 2014-01-07 14:40 - 000041696 _____ C:\WINDOWS\system32\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new.dll 2014-08-26 11:36 - 2013-12-17 14:59 - 000049272 _____ C:\WINDOWS\system32\rtl8761a_bcut_bt40_fw_asic_rom_patch_new.dll 2014-08-26 11:36 - 2013-12-17 14:59 - 000049272 _____ C:\WINDOWS\system32\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192ee_new.dll 2014-08-26 11:36 - 2013-12-17 14:59 - 000043376 _____ C:\WINDOWS\system32\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192eu_new.dll 2014-08-26 11:36 - 2013-12-17 14:59 - 000051632 _____ C:\WINDOWS\system32\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8812ae_new.dll 2014-08-26 11:36 - 2013-12-17 14:59 - 000047316 _____ C:\WINDOWS\system32\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_new.dll 2014-08-26 11:36 - 2014-01-17 16:44 - 000030384 _____ C:\WINDOWS\system32\rtl8821a_mp_chip_bt40_fw_asic_rom_patch_new.dll 2014-08-26 11:40 - 2012-02-14 18:37 - 000594432 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\Rtlihvs.dll 2014-08-26 11:40 - 2014-03-24 11:37 - 000422400 _____ (Realtek) C:\WINDOWS\SwUSB.exe 2014-08-26 11:40 - 2010-12-01 08:31 - 000451072 _____ C:\WINDOWS\SysWOW64\ISSRemoveSP.exe 2014-04-18 21:51 - 2014-04-18 21:51 - 000038912 _____ C:\WINDOWS\SysWOW64\kdbsdk32.dll 2021-10-30 15:14 - 2021-10-30 15:14 - 002310656 _____ (Farbar) C:\Users\Frances\Desktop\FRST64.exe 2015-01-08 20:16 - 2015-01-08 20:17 - 007715210 _____ (Herac) C:\Users\Frances\Desktop\tuxguitar-1.2-windows-x86-installer.exe 2021-10-30 17:08 - 2021-10-30 17:08 - 003290264 _____ (Nicolas Coolman) C:\Users\Frances\Desktop\ZHPCleaner.exe 2021-10-30 14:44 - 2021-10-30 14:44 - 003476632 _____ (Nicolas Coolman) C:\Users\Frances\Desktop\ZHPSuite.exe 2015-07-16 17:50 - 2015-07-16 17:51 - 000250859 _____ C:\Users\Frances\Downloads\ControlMKv0232(1).exe 2015-07-17 13:45 - 2015-07-17 13:45 - 000250859 _____ C:\Users\Frances\Downloads\ControlMKv0232(2).exe 2015-07-17 13:55 - 2015-07-17 13:55 - 000250859 _____ C:\Users\Frances\Downloads\ControlMKv0232(3).exe 2015-07-16 17:15 - 2015-07-16 17:15 - 000250859 _____ C:\Users\Frances\Downloads\ControlMKv0232.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de d‚marrage du microprogramme ------------------------------------------- identificateur {fwbootmgr} displayorder {bootmgr} {18d3b4f4-2d56-11e4-bc87-806e6f6e6963} {18d3b4f5-2d56-11e4-bc87-806e6f6e6963} {18d3b4f2-2d56-11e4-bc87-806e6f6e6963} {18d3b4f3-2d56-11e4-bc87-806e6f6e6963} timeout 0 Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale fr-FR inherit {globalsettings} integrityservices Enable default {current} resumeobject {af82ab39-2d57-11e4-bc87-abbdd432d728} displayorder {current} toolsdisplayorder {memdiag} timeout 0 Application logicielle (101fffff) -------------------------------- identificateur {18d3b4f2-2d56-11e4-bc87-806e6f6e6963} description EFI USB Device Application logicielle (101fffff) -------------------------------- identificateur {18d3b4f3-2d56-11e4-bc87-806e6f6e6963} description EFI DVD/CDROM Application logicielle (101fffff) -------------------------------- identificateur {18d3b4f4-2d56-11e4-bc87-806e6f6e6963} description EFI Network Application logicielle (101fffff) -------------------------------- identificateur {18d3b4f5-2d56-11e4-bc87-806e6f6e6963} device partition=\Device\HarddiskVolume3 path \EFI\Microsoft\Boot\LrsBootMgr.efi description Lenovo Recovery System Application logicielle (101fffff) -------------------------------- identificateur {18d3b4f6-2d56-11e4-bc87-806e6f6e6963} description EFI Network 0 for IPv4 (28-D2-44-D7-46-6A) Application logicielle (101fffff) -------------------------------- identificateur {18d3b4f7-2d56-11e4-bc87-806e6f6e6963} description EFI Network 0 for IPv6 (28-D2-44-D7-46-6A) Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 8.1 locale fr-FR inherit {bootloadersettings} recoverysequence {af82ab3b-2d57-11e4-bc87-abbdd432d728} integrityservices Enable recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {af82ab39-2d57-11e4-bc87-abbdd432d728} nx OptIn bootmenupolicy Standard Chargeur de d‚marrage Windows ----------------------------- identificateur {af82ab3b-2d57-11e4-bc87-abbdd432d728} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{af82ab3c-2d57-11e4-bc87-abbdd432d728} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-fr inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{af82ab3c-2d57-11e4-bc87-abbdd432d728} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {af82ab39-2d57-11e4-bc87-abbdd432d728} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale fr-FR inherit {resumeloadersettings} recoverysequence {af82ab3b-2d57-11e4-bc87-abbdd432d728} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Diagnostics m‚moire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes ParamŠtres EMS -------------- identificateur {emssettings} bootems No ParamŠtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} ParamŠtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ParamŠtres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options Ramdisk du programme d'installation ------------------------------------------- identificateur {ramdiskoptions} description Ramdisk options ramdisksdidevice boot ramdisksdipath \boot\boot.sdi Options de p‚riph‚rique ----------------------- identificateur {af82ab3c-2d57-11e4-bc87-abbdd432d728} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2021-10-30 15:54 ==================== Fin de FRST.txt ========================