Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2022 Exécuté par Ninaniania (administrateur) sur HPNINANIANIA (HP HP ENVY Notebook) (20-08-2022 16:32:56) Exécuté depuis C:\Users\Ninaniania\Desktop Profils chargés: Ninaniania Plate-forme: Microsoft Windows 10 Famille Version 21H2 19044.1889 (X64) Langue: Français (France) Navigateur par défaut: FF Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe (C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (C:\Users\Ninaniania\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe ->) (Synology Inc. -> Synology Inc.) C:\Users\Ninaniania\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-connect.exe (C:\Users\Ninaniania\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe ->) (Synology Inc. -> Synology Inc.) C:\Users\Ninaniania\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe (Conexant Systems, Inc) [Fichier non signé] C:\Program Files\CONEXANT\Flow\Flow.exe (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe (explorer.exe ->) (Deezer SA -> Deezer) C:\Users\Ninaniania\AppData\Local\Programs\deezer-desktop\Deezer.exe <7> (explorer.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127499.inf_amd64_cb699266208b2bfa\igfxEM.exe (Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Conexant Systems LLC -> Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe (services.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Windows\CxSvc\CxMonSvc.exe (services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) D:\Origin\OriginWebHelperService.exe (services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127499.inf_amd64_cb699266208b2bfa\igfxCUIService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127499.inf_amd64_cb699266208b2bfa\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127499.inf_amd64_cb699266208b2bfa\IntelCpHeciSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe (services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_7c484f80872e1cd8\jhi_service.exe (services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe (services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (svchost.exe ->) (Conexant Systems, Inc. -> Conexant) C:\Windows\System32\MicTray64.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22062.536.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synology Inc. -> Synology Inc.) C:\Users\Ninaniania\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194736 2022-07-07] (ESET, spol. s r.o. -> ESET) HKLM\...\Run: [RtsCM] => RTSCM64.EXE (Pas de fichier) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKU\S-1-5-21-3126634247-1669701285-4095728502-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234600 2022-08-17] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-3126634247-1669701285-4095728502-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [280952 2021-06-09] (nordvpn s.a. -> TEFINCOM S.A.) HKU\S-1-5-21-3126634247-1669701285-4095728502-1001\...\Run: [com.deezer.deezer-desktop] => C:\Users\Ninaniania\AppData\Local\Programs\deezer-desktop\Deezer.exe [113743840 2022-08-16] (Deezer SA -> Deezer) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.82\Installer\chrmstp.exe [2022-08-18] (Google LLC -> Google LLC) Startup: C:\Users\Ninaniania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Drive Client.lnk [2022-08-20] ShortcutTarget: Synology Drive Client.lnk -> C:\Program Files (x86)\Synology\SynologyDrive\bin\launcher.exe (Synology Inc. -> Synology Inc.) ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {145BBA49-860B-4CDD-B129-B0BD0F900DB5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.) Task: {268E97AF-E950-45A1-9729-8D6E0F1F0ED6} - System32\Tasks\GoogleUpdateTaskMachineCore{7D5AC86A-05C5-4C0F-8C1F-786F56A02DF2} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-15] (Google LLC -> Google LLC) Task: {281DE5C3-A98F-4327-BEF5-C30F134E442B} - System32\Tasks\GoogleUpdateTaskMachineUA{3FDB493D-5718-4CD4-8F11-5894713FB969} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-15] (Google LLC -> Google LLC) Task: {44D51B85-361F-473A-91B1-088592E0F75B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6570472 2022-08-15] (Microsoft Corporation -> Microsoft Corporation) Task: {4E1E73BE-449F-4985-940E-9ECC47023B4A} - System32\Tasks\Microsoft\Windows\Management\Autopilot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-15] (Microsoft Windows -> Microsoft Corporation) Task: {6A8A7B0F-E447-4457-849D-1BE90066F37F} - System32\Tasks\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\WINDOWS\System32\Autopilot.dll [192000 2022-08-15] (Microsoft Windows -> Microsoft Corporation) Task: {714DB2BE-2DEA-4B0C-B0E0-6D55D58B3F27} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116632 2022-08-15] (Microsoft Corporation -> Microsoft Corporation) Task: {8AF56EBA-12BA-4004-B042-7CE9C7752EDF} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2758232 2017-05-14] (Conexant Systems, Inc. -> Conexant) Task: {8D453332-BDA4-4215-A4A0-1B378A983009} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {99340B7B-51B0-4690-8EEB-8CE820766511} - System32\Tasks\Microsoft\Windows\Conexant\FLOW => C:\Program Files\CONEXANT\FLOW\SACpl.exe [1818112 2016-08-29] (Conexant Systems, Inc.) [Fichier non signé] Task: {B7464D35-BFC4-486B-BB89-B3D79759E7F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6570472 2022-08-15] (Microsoft Corporation -> Microsoft Corporation) Task: {C558C6A2-CF27-47A8-A751-A8BA71996657} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116632 2022-08-15] (Microsoft Corporation -> Microsoft Corporation) Task: {DBB493F7-0136-4E5F-886A-6DAF27A84D17} - System32\Tasks\Microsoft\Windows\Conexant\SA3 => C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SACpl.exe [1832280 2016-10-06] (Conexant Systems, Inc. -> Conexant Systems, Inc.) Task: {DC295577-C69C-438F-B9B6-4FC682D31897} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-15] (Microsoft Corporation -> Microsoft Corporation) Task: {E76703AB-4BFD-4B68-88AF-35CC3F0DA980} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23713200 2022-08-15] (Microsoft Corporation -> Microsoft Corporation) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{85dcbcfc-1638-4d86-afbf-cf15e626a6c4}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Ninaniania\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-18] Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] FireFox: ======== FF DefaultProfile: k8vutkko.default FF ProfilePath: C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\k8vutkko.default [2020-11-10] FF ProfilePath: C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374 [2022-08-20] FF Notifications: Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374 -> hxxps://www.marciatack.fr; hxxps://www.astuces-aide-informatique.info FF Extension: (English United States Dictionary) - C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374\Extensions\@unitedstatesenglishdictionary.xpi [2022-08-16] FF Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2022-08-17] FF Extension: (English (GB) Language Pack) - C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2022-08-16] FF Extension: (NordVPN - A VPN Proxy Extension for Firefox) - C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374\Extensions\nordvpnproxy@nordvpn.com.xpi [2022-08-16] FF Extension: (LastPass: Free Password Manager) - C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374\Extensions\support@lastpass.com.xpi [2022-08-16] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-08-18] FF Extension: (Galaxy 02 by suphaxxx) - C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374\Extensions\{29aa4e1a-5073-4b6f-a029-e7e91febb638}.xpi [2022-08-17] FF Extension: (British English Dictionary (Darmeth)) - C:\Users\Ninaniania\AppData\Roaming\Mozilla\Firefox\Profiles\igl7nm3x.default-release-1660674994374\Extensions\{d187b435-812e-4813-a93e-edccc4118f9d}.xpi [2022-08-16] FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-08-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2022-08-20] Chrome: ======= CHR Profile: C:\Users\Ninaniania\AppData\Local\Google\Chrome\User Data\Default [2022-08-18] CHR Extension: (Google Docs hors connexion) - C:\Users\Ninaniania\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-15] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Ninaniania\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-15] CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12102608 2022-08-15] (Microsoft Corporation -> Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3342536 2022-07-07] (ESET, spol. s r.o. -> ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3342536 2022-07-07] (ESET, spol. s r.o. -> ESET) R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2021-06-07] (nordvpn s.a. -> TEFINCOM S.A.) R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [281464 2021-06-09] (nordvpn s.a. -> TEFINCOM S.A.) S3 Origin Client Service; D:\Origin\OriginClientService.exe [2579272 2022-08-09] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3497808 2022-08-09] (Electronic Arts, Inc. -> Electronic Arts) R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [371672 2020-05-08] (Synology Inc. -> ) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14770472 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbc.sys [46944 2011-07-14] (Bose Corp -> CSR plc.) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [192880 2022-07-07] (ESET, spol. s r.o. -> ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [116960 2022-07-07] (ESET, spol. s r.o. -> ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [234192 2022-07-07] (ESET, spol. s r.o. -> ESET) R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [119528 2022-07-07] (ESET, spol. s r.o. -> ESET) R2 NDivert; C:\Program Files\NordVPN\6.48.18.0\Drivers\NDivert.sys [131456 2022-04-05] (nordvpn s.a. -> Nordvpn S.A.) S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-12-13] (TEFINCOM S.A. -> WireGuard LLC) R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-10-14] (TEFINCOM S.A. -> TEFINCOM S.A.) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64880 2020-04-24] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated) R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29592 2022-03-12] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2022-08-20 16:32 - 2022-08-20 16:33 - 000020008 _____ C:\Users\Ninaniania\Desktop\FRST.txt 2022-08-20 16:32 - 2022-08-20 16:33 - 000000000 ____D C:\FRST 2022-08-20 16:31 - 2022-08-20 16:31 - 002371072 _____ (Farbar) C:\Users\Ninaniania\Desktop\FRST64.exe 2022-08-20 14:23 - 2022-08-20 16:32 - 000000000 ____D C:\Users\Ninaniania\Desktop\ZHP 2022-08-18 19:56 - 2022-08-19 19:38 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\CrashDumps 2022-08-18 08:36 - 2022-08-20 14:52 - 000000000 ____D C:\Users\Ninaniania\AppData\Roaming\ZHP 2022-08-18 08:36 - 2022-08-20 14:24 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\ZHP 2022-08-18 08:16 - 2022-08-18 08:16 - 000000000 ____D C:\WINDOWS\Panther 2022-08-18 08:14 - 2022-08-18 08:14 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\mbam 2022-08-16 20:36 - 2022-08-16 20:36 - 000000000 ____D C:\Users\Ninaniania\Desktop\Anciennes données de Firefox 2022-08-16 13:37 - 2022-08-18 10:09 - 000000000 ____D C:\Users\Ninaniania\Desktop\Pole Emplois 2022-08-15 15:07 - 2022-08-15 15:07 - 001329416 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll 2022-08-15 15:07 - 2022-08-15 15:07 - 001314304 _____ C:\WINDOWS\system32\FaceProcessor.dll 2022-08-15 15:07 - 2022-08-15 15:07 - 000506136 _____ C:\WINDOWS\system32\FaceProcessorCore.dll 2022-08-15 15:06 - 2022-08-15 15:06 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2022-08-15 15:06 - 2022-08-15 15:06 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2022-08-15 15:06 - 2022-08-15 15:06 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-08-15 15:06 - 2022-08-15 15:06 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2022-08-15 15:06 - 2022-08-15 15:06 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2022-08-15 15:06 - 2022-08-15 15:06 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2022-08-15 15:06 - 2022-08-15 15:06 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2022-08-15 15:06 - 2022-08-15 15:06 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-08-15 14:58 - 2022-08-15 14:58 - 000000000 ___HD C:\$WinREAgent 2022-08-15 13:59 - 2022-08-16 20:36 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-07-31 08:28 - 2022-07-31 08:28 - 000000000 ____D C:\ProgramData\NordUpdater 2022-07-15 13:47 - 2022-07-15 13:47 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2022-07-15 13:47 - 2022-07-15 13:47 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe 2022-07-15 13:47 - 2022-07-15 13:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com 2022-07-15 13:47 - 2022-07-15 13:47 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll 2022-07-15 13:47 - 2022-07-15 13:47 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com 2022-07-15 13:47 - 2022-07-15 13:47 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com 2022-07-15 13:46 - 2022-07-15 13:46 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2022-07-15 13:46 - 2022-07-15 13:46 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll 2022-07-15 13:46 - 2022-07-15 13:46 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe 2022-07-15 13:46 - 2022-07-15 13:46 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll 2022-07-15 13:46 - 2022-07-15 13:46 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll 2022-07-15 13:46 - 2022-07-15 13:46 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll 2022-07-15 13:46 - 2022-07-15 13:46 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll 2022-07-15 13:46 - 2022-07-15 13:46 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com 2022-07-15 13:46 - 2022-07-15 13:46 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll 2022-07-15 13:46 - 2022-07-15 13:46 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com 2022-07-15 13:46 - 2022-07-15 13:46 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com 2022-07-15 12:19 - 2022-08-20 16:24 - 000000000 ____D C:\Program Files (x86)\Google 2022-07-15 12:19 - 2022-08-18 18:26 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-07-15 12:19 - 2022-08-18 18:26 - 000002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-07-15 12:19 - 2022-07-15 13:52 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\Google 2022-07-15 12:19 - 2022-07-15 12:19 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{3FDB493D-5718-4CD4-8F11-5894713FB969} 2022-07-15 12:19 - 2022-07-15 12:19 - 000003542 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{7D5AC86A-05C5-4C0F-8C1F-786F56A02DF2} 2022-07-15 12:19 - 2022-07-15 12:19 - 000000000 ____D C:\Program Files\Google 2022-06-25 11:39 - 2022-08-20 16:23 - 000000000 ____D C:\Users\Ninaniania\AppData\Roaming\deezer-desktop 2022-06-25 11:39 - 2022-07-31 08:33 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\deezer-desktop-updater 2022-06-25 11:39 - 2022-06-25 11:39 - 000002467 _____ C:\Users\Ninaniania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Deezer.lnk 2022-06-25 11:39 - 2022-06-25 11:39 - 000002459 _____ C:\Users\Ninaniania\Desktop\Deezer.lnk 2022-06-25 11:39 - 2022-06-25 11:39 - 000000000 ____D C:\Users\Ninaniania\.config 2022-06-22 18:27 - 2022-06-22 18:27 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\SolidDocuments 2022-06-22 18:27 - 2022-06-22 18:27 - 000000000 ____D C:\Users\Ninaniania\.ms-ad 2022-06-21 17:37 - 2022-08-15 13:55 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2022-06-21 17:37 - 2022-08-15 13:55 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk 2022-06-21 17:36 - 2022-06-21 17:36 - 000000000 ____D C:\Program Files\Common Files\Adobe 2022-06-21 17:36 - 2022-06-21 17:36 - 000000000 ____D C:\Program Files\Adobe 2022-06-17 18:23 - 2022-06-17 18:23 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll 2022-06-17 18:22 - 2022-06-17 18:22 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2022-06-17 18:22 - 2022-06-17 18:22 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2022-08-20 16:23 - 2021-05-11 13:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-08-20 16:23 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-08-20 14:56 - 2022-02-10 21:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2022-08-20 13:52 - 2020-11-10 23:15 - 000000000 ____D C:\Users\Ninaniania\AppData\LocalLow\Mozilla 2022-08-20 13:44 - 2021-09-05 18:20 - 000000000 ____D C:\Users\Ninaniania\AppData\Roaming\Origin 2022-08-20 13:44 - 2020-11-11 11:49 - 000000000 ____D C:\ProgramData\Origin 2022-08-20 13:44 - 2020-11-11 00:39 - 000000000 ____D C:\Program Files (x86)\Steam 2022-08-20 13:31 - 2021-09-05 18:20 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\Origin 2022-08-20 12:01 - 2020-12-16 13:34 - 000000000 ___RD C:\Users\Ninaniania\SynologyDrive 2022-08-20 12:01 - 2020-12-16 13:34 - 000000000 ___RD C:\Users\Ninaniania\Shared with me 2022-08-20 12:01 - 2020-11-11 00:48 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\SynologyDrive 2022-08-20 12:01 - 2020-11-10 23:02 - 000000000 __SHD C:\Users\Ninaniania\IntelGraphicsProfiles 2022-08-19 09:51 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-08-19 09:51 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-08-19 09:43 - 2020-11-10 23:02 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\Packages 2022-08-18 15:50 - 2020-11-11 11:53 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\D3DSCache 2022-08-18 15:50 - 2020-11-10 22:48 - 001388432 _____ C:\Users\Public\VOIP.dat 2022-08-18 10:20 - 2022-05-11 16:41 - 000790522 _____ C:\WINDOWS\system32\perfh00C.dat 2022-08-18 10:20 - 2022-05-11 16:41 - 000149406 _____ C:\WINDOWS\system32\perfc00C.dat 2022-08-18 10:20 - 2021-05-11 13:26 - 001761484 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-08-18 10:20 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2022-08-18 10:16 - 2021-05-31 18:45 - 000000000 ____D C:\Program Files\TeamViewer 2022-08-18 10:16 - 2021-05-11 13:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-08-18 10:16 - 2021-05-11 13:17 - 000008192 ___SH C:\DumpStack.log.tmp 2022-08-18 10:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-08-18 10:16 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-08-18 09:00 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2022-08-18 08:16 - 2020-11-10 23:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-08-18 08:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2022-08-18 08:05 - 2021-06-21 13:30 - 000000000 ____D C:\WINDOWS\Minidump 2022-08-17 17:44 - 2020-11-11 00:35 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\PlaceholderTileLogoFolder 2022-08-17 08:03 - 2021-05-11 13:24 - 000003690 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-08-17 08:03 - 2021-05-11 13:24 - 000003566 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-08-16 22:13 - 2021-10-06 18:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-08-16 20:57 - 2020-11-30 15:08 - 000000000 ____D C:\Users\Ninaniania\AppData\LocalLow\LastPass 2022-08-15 16:03 - 2020-11-10 23:15 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-08-15 15:34 - 2020-12-13 12:09 - 000000000 ____D C:\Users\Ninaniania\AppData\Local\NordVPN 2022-08-15 15:33 - 2022-05-13 23:45 - 000521104 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-08-15 15:32 - 2019-12-07 16:53 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2022-08-15 15:32 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-08-15 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2022-08-15 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-08-15 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-08-15 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2022-08-15 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-08-15 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-08-15 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2022-08-15 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-08-15 15:09 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-08-15 15:06 - 2021-05-11 13:20 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2022-08-15 14:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2022-08-15 14:25 - 2020-11-12 16:27 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-08-15 14:22 - 2020-11-12 16:27 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-08-15 13:59 - 2020-12-16 20:22 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2022-08-15 13:59 - 2020-11-10 22:47 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-08-15 13:57 - 2021-12-13 18:18 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3126634247-1669701285-4095728502-1001 2022-08-15 13:57 - 2021-05-11 13:24 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3126634247-1669701285-4095728502-1001 2022-08-15 13:57 - 2021-05-11 11:53 - 000002443 _____ C:\Users\Ninaniania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-08-15 13:55 - 2021-05-11 13:24 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2022-08-15 13:52 - 2020-12-13 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec 2022-08-15 13:52 - 2020-12-13 12:09 - 000000000 ____D C:\Program Files\NordVPN 2022-07-31 08:28 - 2022-03-02 17:52 - 000000000 ____D C:\Program Files\NordUpdater ==================== Fichiers à la racine de certains dossiers ======== 2020-11-10 22:48 - 2022-08-18 15:50 - 001388432 _____ () C:\Users\Public\VOIP.dat ==================== SigCheckExt ========================= 2022-08-20 16:31 - 2022-08-20 16:31 - 002371072 _____ (Farbar) C:\Users\Ninaniania\Desktop\FRST64.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de d‚marrage du microprogramme ------------------------------------------- identificateur {fwbootmgr} displayorder {bootmgr} {61dfa353-7018-11e6-b914-806e6f6e6963} {1f79a86c-3a9f-11e6-8ef2-f9fa6675adb7} {1f79a86d-3a9f-11e6-8ef2-f9fa6675adb7} timeout 0 Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume3 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {59e6b28b-b24a-11eb-bfdd-a402b9425477} displayorder {current} toolsdisplayorder {memdiag} timeout 0 Application logicielle (101fffff) -------------------------------- identificateur {1f79a86c-3a9f-11e6-8ef2-f9fa6675adb7} description EFI USB Device Application logicielle (101fffff) -------------------------------- identificateur {1f79a86d-3a9f-11e6-8ef2-f9fa6675adb7} description EFI DVD/CDROM Application logicielle (101fffff) -------------------------------- identificateur {61dfa353-7018-11e6-b914-806e6f6e6963} description Internal Hard Disk or Solid State Disk Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 10 locale fr-FR inherit {bootloadersettings} recoverysequence {59e6b28e-b24a-11eb-bfdd-a402b9425477} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {59e6b28b-b24a-11eb-bfdd-a402b9425477} nx OptIn bootmenupolicy Standard Chargeur de d‚marrage Windows ----------------------------- identificateur {59e6b28e-b24a-11eb-bfdd-a402b9425477} device ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{59e6b28f-b24a-11eb-bfdd-a402b9425477} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-FR inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{59e6b28f-b24a-11eb-bfdd-a402b9425477} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {59e6b28b-b24a-11eb-bfdd-a402b9425477} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale fr-FR inherit {resumeloadersettings} recoverysequence {59e6b28e-b24a-11eb-bfdd-a402b9425477} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume3 path \EFI\Microsoft\Boot\memtest.efi description Diagnostics m‚moire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes ParamŠtres EMS -------------- identificateur {emssettings} bootems No ParamŠtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} ParamŠtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ParamŠtres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p‚riph‚rique ----------------------- identificateur {59e6b28f-b24a-11eb-bfdd-a402b9425477} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume6 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Fin de FRST.txt ========================