Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022 Exécuté par InfoWare31 (administrateur) sur DESKTOP-MVJ4EJ1 (09-09-2022 00:04:05) Exécuté depuis C:\Users\InfoWare31\OneDrive\Desktop Profils chargés: InfoWare31 Plate-forme: Microsoft Windows 10 Professionnel Version 21H1 19043.1889 (X64) Langue: Français (France) Navigateur par défaut: Edge Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCopyAccelerator.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9> (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15> (services.exe ->) () [Fichier non signé] C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe (services.exe ->) () [Fichier non signé] C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe (services.exe ->) (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservices.exe (services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_5.68.30003.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\NVDisplay.Container.exe <2> (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe (Pas de fichier) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [12837288 2022-07-19] (SteelSeries ApS -> SteelSeries ApS) HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234600 2022-08-20] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart (Pas de fichier) HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [org.openvpn.client] => C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe [110833152 2022-03-17] (OpenVPN) [Fichier non signé] HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [MicrosoftEdgeAutoLaunch_474483BF035A5B1D2FEA44D887F4B957] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-02] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1831518587-2530328139-2005501424-1001\...\Run: [utweb] => "C:\Users\InfoWare31\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (Pas de fichier) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\105.0.5195.102\Installer\chrmstp.exe [2022-09-08] (Google LLC -> Google LLC) ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {2190F7A2-D1A2-4D38-BAB3-7A26FFB2C879} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23706576 2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Task: {30E54446-E107-463C-8CF2-4BF9C0A12B1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-06-11] (Google Inc -> Google LLC) Task: {43AD2271-6CFF-4FF8-A787-77074D76D6AA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142232 2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Task: {83AB2C52-E150-4304-8C50-64A305785C1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23706576 2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Task: {C4F2C80E-577B-43A4-BD3A-28B4842AFA6A} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Task: {D13AC0F2-D9AE-4FCA-8C88-A2F6A95AF3AE} - System32\Tasks\Opera scheduled Autoupdate 1636548709 => C:\Users\InfoWare31\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier) Task: {D29AA48A-C81C-4491-BF7D-4CEB1969FBD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DFC60B63-2672-4DCE-B3C6-DEC01DCDBA52} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142232 2022-09-08] (Microsoft Corporation -> Microsoft Corporation) Task: {E3ACFB3A-D0C1-4BC1-9B8A-E0DD79704A70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-06-11] (Google Inc -> Google LLC) Task: {E7C4E023-9C10-47A3-87FA-1DBDDB6F7CA4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E7D12F3B-FB8E-4C33-89F4-EA74318D4CE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F636181F-C40D-42A8-9E3A-1EF2FB88F357} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4d9bf435-7921-4b9a-9446-297821271248}: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{c5b19a51-403a-4595-a095-373f006b5e88}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] Edge DefaultProfile: Default Edge Profile: C:\Users\InfoWare31\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-09] FireFox: ======== FF DefaultProfile: yyurrrwp.default FF ProfilePath: C:\Users\InfoWare31\AppData\Roaming\Mozilla\Firefox\Profiles\yyurrrwp.default [2020-06-11] FF ProfilePath: C:\Users\InfoWare31\AppData\Roaming\Mozilla\Firefox\Profiles\u858sn0x.default-release [2020-06-11] FF Extension: (Avast Online Security) - C:\Users\InfoWare31\AppData\Roaming\Mozilla\Firefox\Profiles\u858sn0x.default-release\Extensions\wrc@avast.com.xpi [2020-06-11] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [Fichier non signé] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-10] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default [2022-09-09] CHR HomePage: Default -> hxxp://google/ CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/" CHR Extension: (Safe Torrent Scanner) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-09-08] CHR Extension: (Google Docs hors connexion) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-08] CHR Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-09-08] CHR Extension: (Nebula) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlmflgnnmmojlnbmaokpfcjdkhkjbnok [2022-09-08] CHR Extension: (Web Safety) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp [2022-09-08] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-08] CHR Profile: C:\Users\InfoWare31\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-31] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp] Opera: ======= OPR Profile: C:\Users\InfoWare31\AppData\Roaming\Opera Software\Opera Stable [2021-11-10] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1647517251935.exe [3196928 2022-03-17] () [Fichier non signé] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12126112 2022-09-08] (Microsoft Corporation -> Microsoft Corporation) S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-15] (Epic Games Inc. -> Epic Games, Inc.) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [225368 2022-08-14] (HP Inc. -> HP Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-08] (Malwarebytes Inc. -> Malwarebytes) S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [22174424 2021-12-03] (LLC Mail.Ru -> LLC Mail.Ru) R2 ovpnhelper_service; C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe [3021824 2022-03-17] () [Fichier non signé] R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2021-06-23] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-12] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [35240 2022-07-19] (SteelSeries ApS -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X] S3 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X] S3 EasyAntiCheat_EOS; "C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe" [X] R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_47917a79b8c7fd22\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem S3 Rockstar Service; "C:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X] ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 atvi-brynhildr; C:\ProgramData\Battle.net_components\brynhildr_odin2\brynhildr.sys [2188544 2022-08-02] (Activision Publishing Inc -> Activision Blizzard, Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKsl5803526e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC792197-B126-4FE5-BF52-429D06347668}\MpKslDrv.sys [228600 2022-09-08] (Microsoft Windows -> Microsoft Corporation) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [21413808 2021-12-03] (LLC Mail.Ru -> LLC Mail.Ru) R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [86632 2020-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-15] (SteelSeries ApS -> ) R3 sshid; C:\WINDOWS\system32\DRIVERS\sshid.sys [43960 2022-07-06] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 SteelSeries_Sonar_VAD; C:\WINDOWS\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_ab95c13003d9c50f\SteelSeries-Sonar-VAD.sys [92912 2022-07-18] (SteelSeries ApS -> Windows (R) Win 7 DDK provider) S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project) R3 tap_ovpnconnect; C:\WINDOWS\System32\drivers\tap_ovpnconnect.sys [40128 2022-03-17] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation) S3 wtbt; \??\e:\jeux\steamapps\common\super people playtest\engine\binaries\thirdparty\wondertrust\wtdrv64.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)