Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021 Exécuté par Admin (administrateur) sur DESKTOP-3AJ2T2N (Acer NC-F5-573-37KH) (04-01-2022 17:04:11) Exécuté depuis C:\Users\Admin\Desktop Profils chargés: Admin Plate-forme: Microsoft Windows 10 Famille Version 21H1 19043.1415 (X64) Langue: Français (France) Navigateur par défaut: FF Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391120 2019-11-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-11-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (Canon Inc. -> CANON INC.) HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe [1790704 2019-12-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) [Fichier non signé] HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\MountPoints2: {020fea54-e92b-11ea-b1f0-74dfbf7dfeb2} - "D:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2043018391-611827920-1664459823-1002\...\MountPoints2: {4a02d1ad-114e-11ea-b1d7-806e6f6e6963} - "F:\Autorun.exe" HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe [1790704 2019-12-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts) [Fichier non signé] HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\MountPoints2: {020fea54-e92b-11ea-b1f0-74dfbf7dfeb2} - "D:\HiSuiteDownLoader.exe" HKU\S-1-5-21-2043018391-611827920-1664459823-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01032022214529641\...\MountPoints2: {4a02d1ad-114e-11ea-b1d7-806e6f6e6963} - "F:\Autorun.exe" HKLM\...\Windows x64\Print Processors\Canon MG7500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC7.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG7500 series: C:\WINDOWS\system32\CNMLMC7.DLL [406016 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [375296 2014-03-17] (CANON INC.) [Fichier non signé] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-27] (Google LLC -> Google LLC) GroupPolicy: Restriction ? <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {00C517A9-A664-4D3A-9682-CDF8523F3DB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-27] (Google LLC -> Google LLC) Task: {0E7E7CDC-1896-48A8-AEDD-926D8C2EBEBB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation) Task: {2BCDD601-813E-43FE-802D-6214EBFB573E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation) Task: {2DC76FC5-E36B-4A48-8A20-3778D6F9F59B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation) Task: {37227BD1-2489-4CF2-BDAD-FC9047D7F46C} - System32\Tasks\CCleanerSkipUAC - Admin => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {3ABE7EE5-043D-4E52-8F76-D4F8065E54B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {473053D3-E8F8-4F02-8D71-62BB5AAD3BA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4D9B3DA2-4E66-4298-97FC-B178DEAEDBDA} - System32\Tasks\Driver Booster SkipUAC (Admin) => D:\Programme\IObitDriverBooster\App\DriverBooster\DriverBooster.exe /skipuac (Pas de fichier) Task: {7FA74535-678D-433D-ACDE-A6C9783C2DA9} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: {8272EBA7-B3B8-4AB1-8F12-895C5FF1BDFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {868F93D8-7666-42E9-BA25-8E0B3F40538F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1615336 2021-12-24] (Microsoft Corporation -> Microsoft Corporation) Task: {87C73372-ED11-4EAD-A403-D4A9CCE2AA10} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-24] (Microsoft Corporation -> Microsoft Corporation) Task: {902B0F0E-567D-4685-AC98-716638C26CD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A2B83773-89DA-4026-B7C3-90F2666B38EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-27] (Google LLC -> Google LLC) Task: {A43761AF-2BA0-48DF-BF14-7579A70FCABA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-24] (Microsoft Corporation -> Microsoft Corporation) Task: {B02CD279-9ACF-45FB-939C-7D9F05994D3B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform) Task: {B2E0AD50-8019-4B94-9EC2-21B7143AD1E1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation) Task: {BA6572B3-7CEF-49D2-93E8-F2B2D7937FE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-24] (Microsoft Corporation -> Microsoft Corporation) Task: {CCCF4465-C87A-4EBD-8347-EF7DC6739D2E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-24] (Microsoft Corporation -> Microsoft Corporation) Task: {E085E717-A2A6-4CA9-86F3-3C4EDE541746} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {E4DB2704-FF2B-46BE-B998-D1D43BD8C8B9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{d025d5e1-f262-417f-b84a-c5345b54b669}: [DhcpNameServer] 192.168.1.1 Edge: ======= DownloadDir: C:\Users\Admin\Downloads Edge HomeButtonPage: HKU\S-1-5-21-2043018391-611827920-1664459823-1002 -> hxxps://www.google.fr/ Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] Edge DefaultProfile: Default Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-04] Edge HomePage: Default -> hxxps://www.google.fr/ Edge StartupUrls: Default -> "hxxps://www.google.fr/" FireFox: ======== FF DefaultProfile: fbwbaeix.default FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fbwbaeix.default [2020-03-06] FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fbwbaeix.default\Extensions\sp@avast.com.xpi [2019-12-02] FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fbwbaeix.default\Extensions\wrc@avast.com.xpi [2019-12-02] FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release [2022-01-04] FF Extension: (Avast SafePrice | Comparaison, offres, coupons) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\sp@avast.com.xpi [2021-10-28] FF Extension: (Avast Online Security) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\wrc@avast.com.xpi [2020-04-21] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json] FF Extension: (Widilo Cashback) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\{37d71f0b-917d-485a-ad55-7fd43df7cb57}.xpi [2021-12-24] FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\70jjxygk.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-27] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2022-01-03] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-29] ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-12-02] (Malwarebytes Inc -> Malwarebytes) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-24] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-03-14] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2022-01-03] (Malwarebytes Inc -> Malwarebytes) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-24] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-24] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2022-01-04 17:03 - 2022-01-04 17:03 - 000000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion 2022-01-04 16:51 - 2022-01-04 16:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\ZHPSuite.exe 2022-01-03 22:19 - 2022-01-03 22:19 - 000006399 _____ C:\Users\Admin\Desktop\ZHPCleaner (R).txt 2022-01-03 22:02 - 2022-01-03 22:02 - 000000748 _____ C:\Users\Admin\Downloads\Téléchargements - Raccourci.lnk 2021-12-29 21:37 - 2022-01-03 21:45 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-12-29 19:15 - 2021-12-29 19:15 - 000001779 _____ C:\Users\Admin\Desktop\AdwCleaner[C02].txt 2021-12-29 19:09 - 2021-12-29 19:09 - 008540344 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_8.3.1(1).exe 2021-12-29 19:06 - 2022-01-03 22:16 - 000006168 _____ C:\Users\Admin\Desktop\ZHPCleaner (S).txt 2021-12-29 18:54 - 2022-01-03 22:01 - 000000875 _____ C:\Users\Admin\Desktop\ZHPCleaner.lnk 2021-12-29 18:52 - 2021-12-29 18:52 - 003291800 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPCleaner.exe 2021-12-27 22:06 - 2021-12-27 22:06 - 000002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-12-27 22:06 - 2021-12-27 22:06 - 000002276 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-12-27 22:06 - 2021-12-27 22:06 - 000000000 ____D C:\Program Files\Google 2021-12-27 22:00 - 2022-01-04 17:05 - 000000000 ____D C:\Program Files (x86)\Google 2021-12-27 22:00 - 2021-12-27 22:06 - 000000000 ____D C:\Users\Admin\AppData\Local\Google 2021-12-27 22:00 - 2021-12-27 22:00 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-12-27 22:00 - 2021-12-27 22:00 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-12-27 21:59 - 2021-12-27 21:59 - 001341272 _____ (Google LLC) C:\Users\Admin\Downloads\ChromeSetup.exe 2021-12-26 22:09 - 2021-12-26 22:10 - 000000000 ____D C:\Program Files\CrystalDiskInfo 2021-12-26 22:09 - 2021-12-26 22:09 - 000001828 _____ C:\Users\Admin\Desktop\CrystalDiskInfo.lnk 2021-12-26 22:09 - 2021-12-26 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2021-12-26 22:08 - 2021-12-26 22:08 - 004707136 _____ (Crystal Dew World ) C:\Users\Admin\Downloads\CrystalDiskInfo8_11_2.exe 2021-12-26 22:01 - 2021-12-26 22:01 - 000000000 ____D C:\Users\Admin\Downloads\Wub 2021-12-26 21:59 - 2021-12-26 21:59 - 001004640 _____ C:\Users\Admin\Downloads\Wub.zip 2021-12-24 23:04 - 2021-12-24 23:04 - 000000000 ____D C:\WINDOWS\SystemTemp 2021-12-24 21:48 - 2021-12-24 21:48 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-12-24 21:48 - 2021-12-24 21:48 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-12-24 21:45 - 2021-12-24 21:45 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-12-24 21:45 - 2021-12-24 21:45 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-12-24 20:48 - 2021-12-24 20:48 - 000000000 ___HD C:\$WinREAgent 2021-12-24 19:50 - 2021-12-24 19:50 - 000031520 _____ C:\Users\Admin\Desktop\Shortcut.txt 2021-12-24 19:41 - 2021-12-24 19:50 - 000038383 _____ C:\Users\Admin\Desktop\Addition.txt 2021-12-24 19:25 - 2022-01-04 17:05 - 000017786 _____ C:\Users\Admin\Desktop\FRST.txt 2021-12-24 19:24 - 2022-01-04 17:05 - 000000000 ____D C:\FRST 2021-12-24 19:23 - 2022-01-04 17:03 - 002311168 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2021-12-24 19:04 - 2022-01-04 16:59 - 000248479 _____ C:\Users\Admin\Desktop\ZHPDiag.txt 2021-12-24 18:52 - 2022-01-04 16:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\ZHP 2021-12-24 18:52 - 2022-01-04 16:51 - 000000724 _____ C:\Users\Admin\Desktop\ZHPSuite.lnk 2021-12-24 18:52 - 2021-12-29 18:54 - 000000000 ____D C:\Users\Admin\AppData\Local\ZHP 2021-12-24 18:50 - 2021-12-24 18:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPSuite.exe 2021-12-23 21:16 - 2021-12-23 21:16 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2043018391-611827920-1664459823-1002 2021-12-23 19:18 - 2021-12-23 22:05 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-12-23 18:33 - 2021-12-23 18:33 - 008540344 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_8.3.1.exe 2021-12-23 17:52 - 2021-12-23 17:52 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-11-27 20:20 - 2021-12-23 21:16 - 000002417 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-11-27 15:55 - 2021-11-27 15:55 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk 2021-11-27 15:55 - 2021-11-27 15:55 - 000000000 ____D C:\Program Files\PCHealthCheck 2021-10-20 13:18 - 2021-10-20 13:18 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-10-20 13:16 - 2021-10-20 13:16 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll 2021-10-20 13:16 - 2021-10-20 13:16 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-10-20 13:15 - 2021-10-20 13:15 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2021-10-09 21:06 - 2021-12-23 21:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2022-01-04 17:04 - 2019-12-02 11:16 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla 2022-01-04 16:51 - 2020-11-10 22:17 - 000000000 ____D C:\Users\Admin 2022-01-04 16:48 - 2019-12-02 12:15 - 000000000 ____D C:\Program Files\CCleaner 2022-01-03 21:51 - 2020-11-10 22:26 - 001770910 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-01-03 21:51 - 2019-12-07 15:49 - 000793016 _____ C:\WINDOWS\system32\perfh00C.dat 2022-01-03 21:51 - 2019-12-07 15:49 - 000150146 _____ C:\WINDOWS\system32\perfc00C.dat 2022-01-03 21:51 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2022-01-03 21:46 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-01-03 21:43 - 2020-11-10 22:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-01-03 21:43 - 2020-11-10 22:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-01-03 21:43 - 2020-11-10 22:10 - 000008192 ___SH C:\DumpStack.log.tmp 2021-12-29 21:37 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-12-29 10:45 - 2019-11-27 20:45 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles 2021-12-29 10:43 - 2019-11-27 20:35 - 000000000 ____D C:\Intel 2021-12-26 22:13 - 2019-11-27 20:28 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache 2021-12-26 22:06 - 2019-12-02 11:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-12-26 22:04 - 2019-12-12 11:04 - 000000000 ____D C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite 2021-12-26 22:04 - 2019-12-12 11:03 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite 2021-12-26 22:02 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy 2021-12-25 21:23 - 2020-11-10 22:44 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-12-24 23:09 - 2020-11-10 22:10 - 000438080 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-12-24 23:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-12-24 23:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-12-24 23:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-12-24 23:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-12-24 23:03 - 2019-12-12 10:49 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps 2021-12-24 22:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-12-24 20:43 - 2019-09-18 16:32 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-12-24 20:35 - 2019-09-18 16:32 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-12-24 20:07 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-12-24 20:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-12-24 19:39 - 2019-12-12 11:57 - 000000000 ____D C:\Program Files\Microsoft Office 2021-12-24 15:38 - 2019-09-18 16:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-12-23 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-12-23 22:02 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing 2021-12-23 21:54 - 2019-12-02 11:16 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-12-23 21:16 - 2020-11-10 22:44 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2043018391-611827920-1664459823-1002 2021-12-23 19:38 - 2020-07-12 20:14 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-12-23 19:38 - 2020-07-12 20:14 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-12-23 18:47 - 2019-12-02 11:41 - 000000000 ____D C:\ProgramData\AVAST Software 2021-12-23 18:46 - 2021-06-13 18:22 - 000000000 ____D C:\Users\Admin\AppData\Local\Avast Software 2021-12-23 18:37 - 2019-12-02 13:22 - 000000000 ____D C:\AdwCleaner 2021-12-23 18:32 - 2019-09-18 16:24 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2021-12-23 18:26 - 2020-11-30 09:45 - 000003540 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b7a81059d7cc 2021-12-23 18:26 - 2020-11-10 22:44 - 000003634 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA ==================== Fichiers à la racine de certains dossiers ======== 2022-01-04 16:51 - 2022-01-04 16:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\ZHPSuite.exe ==================== SigCheckExt ========================= 2020-01-13 22:02 - 2014-03-17 19:15 - 000375296 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL 2020-01-13 22:02 - 2014-03-17 19:15 - 000039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL 2020-01-13 22:02 - 2014-03-17 19:15 - 000380928 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL 2022-01-04 16:51 - 2022-01-04 16:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\ZHPSuite.exe 2021-12-24 19:23 - 2022-01-04 17:03 - 002311168 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2021-12-29 18:52 - 2021-12-29 18:52 - 003291800 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPCleaner.exe 2021-12-24 18:50 - 2021-12-24 18:51 - 003478168 _____ (Nicolas Coolman) C:\Users\Admin\Desktop\ZHPSuite.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de d‚marrage du microprogramme ------------------------------------------- identificateur {fwbootmgr} displayorder {bootmgr} {38a580ec-1146-11ea-b5a6-e1dcf4021cb6} {38a580ed-1146-11ea-b5a6-e1dcf4021cb6} {38a580ee-1146-11ea-b5a6-e1dcf4021cb6} timeout 0 Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {12786c3c-2399-11eb-801b-bc5bc03668b0} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Application logicielle (101fffff) -------------------------------- identificateur {38a580ec-1146-11ea-b5a6-e1dcf4021cb6} description EFI USB Device Application logicielle (101fffff) -------------------------------- identificateur {38a580ed-1146-11ea-b5a6-e1dcf4021cb6} description EFI DVD/CDROM Application logicielle (101fffff) -------------------------------- identificateur {38a580ee-1146-11ea-b5a6-e1dcf4021cb6} description EFI Network Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 10 locale fr-FR inherit {bootloadersettings} recoverysequence {12786c3e-2399-11eb-801b-bc5bc03668b0} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {12786c3c-2399-11eb-801b-bc5bc03668b0} nx OptIn bootmenupolicy Standard Chargeur de d‚marrage Windows ----------------------------- identificateur {12786c3e-2399-11eb-801b-bc5bc03668b0} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{12786c3f-2399-11eb-801b-bc5bc03668b0} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-FR inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{12786c3f-2399-11eb-801b-bc5bc03668b0} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {12786c3c-2399-11eb-801b-bc5bc03668b0} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale fr-FR inherit {resumeloadersettings} recoverysequence {12786c3e-2399-11eb-801b-bc5bc03668b0} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Diagnostics m‚moire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes ParamŠtres EMS -------------- identificateur {emssettings} bootems No ParamŠtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Local Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} ParamŠtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ParamŠtres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p‚riph‚rique ----------------------- identificateur {12786c3f-2399-11eb-801b-bc5bc03668b0} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Fin de FRST.txt ========================