Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2023 Exécuté par xav94 (administrateur) sur DESKTOP-VL2GP6J (Hewlett-Packard HP 15 Notebook PC) (15-01-2023 16:28:42) Exécuté depuis C:\Users\xav94\Desktop Profils chargés: xav94 Plate-forme: Microsoft Windows 10 Famille Version 21H2 19044.2486 (X64) Langue: Français (France) Navigateur par défaut: Edge Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCopyAccelerator.exe (C:\Windows\ImmersiveControlPanel\SystemSettings.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <26> (explorer.exe ->) (NICOLAS_COOLMAN -> Nicolas Coolman) [Fichier non signé] C:\Users\xav94\AppData\Roaming\ZHP\ZHPSuite.exe (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe (services.exe ->) (pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 9\activation-service.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (services.exe ->) (Vtech Electronics North America, L.L.C. -> VTech Electronics Limited) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\6021\VTLeapStartHelper.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_none_7e14edbc7c88b7d5\TiWorker.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Vtech Electronics North America, L.L.C. -> ) C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [697408 2019-03-13] (Vtech Electronics North America, L.L.C. -> ) HKU\S-1-5-21-576369062-1899587579-3126029580-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38916432 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-576369062-1899587579-3126029580-1001\...\Run: [MicrosoftEdgeAutoLaunch_C5D5C50787D0DE222E10D59448483BEA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188616 2023-01-13] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\HP B111 Status Monitor: C:\WINDOWS\system32\hpinkstsB111LM.dll [331664 2012-06-13] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Photosmart 5520 series): C:\WINDOWS\system32\HPDiscoPMB111.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\PDF Architect 9 Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\brand_solution_name_pdfpmon_v.6.11.0.7.dll [960120 2023-01-02] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com)) HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [181248 2023-01-02] (pdfforge GmbH) [Fichier non signé] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.126\Installer\chrmstp.exe [2023-01-14] (Google LLC -> Google LLC) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {079F606E-5142-4851-9E63-C9A21613168C} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4669264 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "9cd02ba4-9260-4c4a-9e79-8edb277d462a" --version "6.07.10191" --silent Task: {427C8E14-F6E2-4160-9E74-08A26A762AF5} - System32\Tasks\pdfforge GmbH\PDF Architect 9\App Notification Logon => C:\Program Files\PDF Architect 9\architect-launcher.exe [2149312 2022-12-07] (pdfforge GmbH -> pdfforge GmbH) Task: {4740EF3D-4093-49A9-8073-28D4DA5B0674} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4A6D773A-6BBA-4D62-8F38-3AC8EB3094A0} - System32\Tasks\pdfforge GmbH\PDF Architect 9\Installer updater => C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe [15918008 2023-01-02] (pdfforge GmbH -> pdfforge GmbH.) Task: {70E02C0D-B719-425C-B729-9E9D30D9A924} - System32\Tasks\pdfforge GmbH\PDF Architect 9\Update => C:\Program Files\PDF Architect 9\architect.exe [3438016 2022-12-07] (pdfforge GmbH -> pdfforge GmbH) Task: {A719EDF2-AF41-4093-8555-0ABAFDCEA234} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B130A9AE-D6FA-4DF0-A191-111CBD0122ED} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4475136 2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) Task: {B9E1E2F3-EA18-404C-8589-958D479ECF34} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DC0586E3-FA77-4124-B6A9-1CC5808F5876} - System32\Tasks\CCleanerSkipUAC - xav94 => C:\Program Files\CCleaner\CCleaner.exe [32602448 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {E1D9169A-442D-42D3-9DF7-C41405D40C0A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-12-09] (Piriform Software Ltd -> Piriform) Task: {E6C5D6EA-3D22-4EE0-B66C-5BC5EFED4A42} - System32\Tasks\pdfforge GmbH\PDF Architect 9\App Notification => C:\Program Files\PDF Architect 9\architect-launcher.exe [2149312 2022-12-07] (pdfforge GmbH -> pdfforge GmbH) Task: {E9F343CE-0D92-4C6B-81C7-09D1241ADAFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-24] (Google Inc -> Google Inc.) Task: {EBD2985D-2315-42A2-A993-B709982C53D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FE8427D6-BB34-47A5-8EC9-CDDBB2369279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-24] (Google Inc -> Google Inc.) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{58f082d2-2155-48d2-a03b-4395f5fc287c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b684840c-e2fd-47bf-97c3-8d276dcbea31}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)] Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)] Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)] Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)] Edge DefaultProfile: Default Edge Profile: C:\Users\xav94\AppData\Local\Microsoft\Edge\User Data\Default [2023-01-15] FireFox: ======== FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-576369062-1899587579-3126029580-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR Profile: C:\Users\xav94\AppData\Local\Google\Chrome\User Data\Default [2023-01-15] CHR HomePage: Default -> hxxp://www.google.fr/ CHR StartupUrls: Default -> "hxxp://www.google.fr/" CHR Extension: (Google Docs hors connexion) - C:\Users\xav94\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-02] CHR Extension: (Les recettes d'Amandine Cooking) - C:\Users\xav94\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoehncjmgklkechlkhjmninhcghgmcli [2020-03-22] CHR Extension: (Amandine Cooking) - C:\Users\xav94\AppData\Local\Google\Chrome\User Data\Default\Extensions\igoflcmbbkklmiekecefmlnbdieajfhc [2019-04-29] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\xav94\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-01] ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1003344 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [2184192 2017-05-29] (DIAL GmbH) [Fichier non signé] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-23] (Malwarebytes Inc -> Malwarebytes) R3 PDF Architect 9; C:\Program Files\PDF Architect 9\activation-service.exe [3108288 2022-12-07] (pdfforge GmbH -> pdfforge GmbH) S3 PDF Architect 9 Creator; C:\Program Files\PDF Architect 9\creator-ws.exe [507328 2022-12-07] (pdfforge GmbH -> pdfforge GmbH) S3 PDF Architect 9 Update Service; C:\Program Files\PDF Architect 9\update-service.exe [414656 2022-12-07] (pdfforge GmbH -> pdfforge GmbH) R2 VTLeapStartHelper; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\6021\VTLeapStartHelper.exe [86720 2021-08-11] (Vtech Electronics North America, L.L.C. -> VTech Electronics Limited) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Fichier non signé] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Fichier non signé] R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) S3 hmxproj64; C:\WINDOWS\system32\drivers\hmxusb64.sys [98944 2009-06-05] (Microsoft Windows Hardware Compatibility Publisher -> Magic Control Technology Corp.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216056 2020-08-03] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-10] (Malwarebytes Inc -> Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [125088 2020-05-23] (Malwarebytes Inc -> Malwarebytes) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2022-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473376 2022-12-12] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-12] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-01-15 16:28 - 2023-01-15 16:30 - 000018034 _____ C:\Users\xav94\Desktop\FRST.txt 2023-01-15 16:27 - 2023-01-15 16:29 - 000000000 ____D C:\FRST 2023-01-15 15:23 - 2023-01-15 15:23 - 000258541 _____ C:\Users\xav94\Desktop\ZHPDiag.txt 2023-01-15 15:13 - 2023-01-15 15:13 - 002376704 _____ (Farbar) C:\Users\xav94\Desktop\FRST64.exe 2023-01-15 15:06 - 2023-01-15 15:06 - 000000865 _____ C:\Users\xav94\Desktop\ZHPSuite.lnk 2023-01-15 15:04 - 2023-01-15 15:04 - 003311816 _____ (Nicolas Coolman) C:\Users\xav94\Downloads\ZHPDiag3.exe 2023-01-15 15:03 - 2023-01-15 15:23 - 000000000 ____D C:\Users\xav94\AppData\Roaming\ZHP 2023-01-15 15:03 - 2023-01-15 15:03 - 000000000 ____D C:\Users\xav94\AppData\Local\ZHP 2023-01-15 12:42 - 2023-01-15 12:42 - 003510472 _____ (Nicolas Coolman) C:\Users\xav94\Desktop\ZHPSuite.exe 2023-01-15 11:26 - 2023-01-15 11:27 - 000000000 ____D C:\Users\xav94\Desktop\Mutzig 2023-01-15 11:26 - 2023-01-15 11:26 - 000851675 _____ C:\Users\xav94\Downloads\Maison MUTZIG Surface.pdf 2023-01-15 11:25 - 2023-01-15 11:25 - 001110182 _____ C:\Users\xav94\Downloads\Maison MUTZIG.pdf 2023-01-15 10:56 - 2023-01-15 10:56 - 000012829 _____ C:\Users\xav94\Downloads\Etude comparative M DUPUIS Xavier.xlsx 2023-01-11 17:30 - 2023-01-11 17:30 - 000000000 ___HD C:\$WinREAgent 2023-01-05 10:04 - 2023-01-05 10:04 - 000194278 _____ C:\Users\xav94\Downloads\Carte d'identité.pdf 2023-01-03 15:08 - 2023-01-03 15:08 - 023385816 _____ C:\Users\xav94\Downloads\rapport d'estimation Mrs DUPUIS.pdf 2023-01-03 15:08 - 2023-01-03 15:08 - 003483307 _____ C:\Users\xav94\Downloads\Estim DUPUIS.pdf 2023-01-03 07:56 - 2023-01-03 07:56 - 000000000 ____D C:\Users\xav94\Desktop\Documents Meilleurtaux 2023-01-02 14:40 - 2023-01-02 14:40 - 000167292 _____ C:\Users\xav94\Downloads\sfr-facture-0 (3).pdf 2023-01-02 13:59 - 2023-01-15 11:53 - 000000000 ____D C:\ProgramData\boost_interprocess 2023-01-02 13:55 - 2023-01-02 13:55 - 000000000 ____D C:\Users\xav94\Documents\PDF Architect 2023-01-02 13:52 - 2023-01-02 13:52 - 000730422 _____ C:\Users\xav94\Downloads\ATTESTATION AVANT PARTAGE.pdf 2023-01-02 13:45 - 2023-01-15 11:36 - 000000000 ____D C:\Users\xav94\AppData\Roaming\PDF Architect 9 2023-01-02 13:45 - 2023-01-02 13:51 - 000000000 ____D C:\Program Files\PDF Architect 9 2023-01-02 13:45 - 2023-01-02 13:45 - 000001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 9.lnk 2023-01-02 13:45 - 2023-01-02 13:45 - 000000841 _____ C:\Users\Public\Desktop\PDF Architect 9.lnk 2023-01-02 13:43 - 2023-01-02 13:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\pdfforge GmbH 2023-01-02 13:42 - 2023-01-02 13:58 - 000000000 ____D C:\ProgramData\PDF Architect 9 2023-01-02 13:42 - 2023-01-02 13:42 - 000181248 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll 2023-01-02 13:42 - 2023-01-02 13:42 - 000000680 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2023-01-02 13:42 - 2023-01-02 13:42 - 000000000 ____D C:\Users\xav94\AppData\Local\pdfforge 2023-01-02 13:41 - 2023-01-02 13:50 - 000000000 ____D C:\Program Files\PDFCreator 2023-01-02 13:41 - 2023-01-02 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2023-01-02 13:39 - 2023-01-02 13:40 - 039184760 _____ (pdfforge GmbH) C:\Users\xav94\Downloads\PDFCreator-5_0_3-Setup.exe 2023-01-02 13:15 - 2023-01-02 13:15 - 000170129 _____ C:\Users\xav94\Downloads\bmwestimationreprise (22).pdf 2023-01-01 20:46 - 2023-01-01 20:46 - 000363762 _____ C:\Users\xav94\Downloads\12_2022_dupuis_xavier_92406.pdf 2023-01-01 20:46 - 2023-01-01 20:46 - 000354048 _____ C:\Users\xav94\Downloads\11_2022_dupuis_xavier_14851.pdf 2022-11-20 10:31 - 2022-11-20 10:31 - 000088278 _____ C:\Users\xav94\Downloads\Attestation_locataire_MME_RICHERT_MELANIE_22B_RTE_DE_MEISTRATZHEIM_67880_KRAUTERGERSHEIM.pdf 2022-11-20 10:11 - 2023-01-02 14:48 - 000000000 ____D C:\Users\xav94\Desktop\Documents Courtier 2022-11-15 18:51 - 2022-11-15 18:51 - 000352229 _____ C:\Users\xav94\Downloads\09_2022_dupuis_xavier_83541.pdf 2022-11-15 18:51 - 2022-11-15 18:51 - 000348377 _____ C:\Users\xav94\Downloads\10_2022_dupuis_xavier_88086.pdf 2022-11-15 18:51 - 2022-11-15 18:51 - 000143761 _____ C:\Users\xav94\Downloads\08_2022_dupuis_xavier_76844.pdf 2022-11-06 16:21 - 2022-11-06 17:42 - 000000000 ____D C:\Users\xav94\Desktop\Photo vacance Emilion ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-01-15 16:25 - 2020-06-26 11:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-01-15 16:25 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-01-15 15:45 - 2019-01-24 18:42 - 000000000 ____D C:\Program Files (x86)\Google 2023-01-15 11:58 - 2022-08-02 20:35 - 000000000 ____D C:\Program Files\CCleaner 2023-01-15 11:54 - 2020-06-26 11:50 - 001770910 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-01-15 11:54 - 2019-12-07 15:49 - 000793016 _____ C:\WINDOWS\system32\perfh00C.dat 2023-01-15 11:54 - 2019-12-07 15:49 - 000150146 _____ C:\WINDOWS\system32\perfc00C.dat 2023-01-15 11:54 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2023-01-15 11:52 - 2019-01-24 18:37 - 000000000 __SHD C:\Users\xav94\IntelGraphicsProfiles 2023-01-15 11:50 - 2020-06-26 12:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-01-15 11:50 - 2020-06-26 11:31 - 000303752 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-01-15 11:49 - 2020-06-26 11:30 - 000008192 ___SH C:\DumpStack.log.tmp 2023-01-15 11:48 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-01-15 11:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2023-01-15 11:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-01-15 11:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2023-01-15 11:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-01-15 10:09 - 2020-06-27 22:42 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-01-15 10:09 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-01-15 10:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-01-14 13:13 - 2021-10-25 18:25 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-01-14 13:13 - 2021-10-25 18:25 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2023-01-14 12:43 - 2022-08-02 20:36 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2023-01-11 21:08 - 2022-09-25 15:28 - 000000000 ____D C:\Users\xav94\Desktop\Curatelle REP 2023-01-11 18:50 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-01-11 18:33 - 2020-06-26 11:36 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2023-01-11 17:30 - 2019-01-25 09:06 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-01-11 17:11 - 2019-01-25 09:05 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-01-10 21:10 - 2022-05-05 18:52 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-576369062-1899587579-3126029580-1001 2023-01-10 21:10 - 2021-06-03 10:10 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-576369062-1899587579-3126029580-1001 2023-01-10 21:10 - 2021-04-29 13:49 - 000002417 _____ C:\Users\xav94\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-01-05 02:21 - 2020-06-27 22:42 - 000003690 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-01-05 02:21 - 2020-06-27 22:42 - 000003566 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemApps 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning 2023-01-03 00:06 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System 2023-01-03 00:05 - 2020-06-26 11:34 - 000000000 ____D C:\Users\xav94 2023-01-02 14:46 - 2020-03-23 10:22 - 000000000 ____D C:\Users\xav94\Desktop\Krautergersheim 2023-01-02 08:47 - 2022-09-29 13:57 - 000002922 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting 2023-01-02 08:47 - 2022-09-25 15:19 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job ==================== Fichiers à la racine de certains dossiers ======== 2020-04-20 09:16 - 2020-04-20 09:16 - 000002407 _____ () C:\Users\xav94\AppData\Local\recently-used.xbel ==================== SigCheckExt ========================= 2023-01-02 13:42 - 2023-01-02 13:42 - 000181248 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll 2019-08-14 17:47 - 1998-10-07 13:08 - 000327168 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUn040c.exe 2019-08-14 19:49 - 2008-10-14 08:36 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.dll 2019-08-14 19:49 - 2008-10-14 08:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHS.DLL 2019-08-14 19:49 - 2008-10-14 08:36 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHT.DLL 2019-08-14 19:49 - 2008-10-14 08:36 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71u.dll 2019-08-14 19:49 - 2008-10-14 08:36 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll 2019-08-14 19:49 - 2008-10-14 08:36 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll 2019-08-14 19:49 - 2008-10-14 08:36 - 000167936 _____ (Tidestone Technologies, Inc.) C:\WINDOWS\SysWOW64\TTF16FR.DLL 2006-10-26 13:45 - 2006-10-26 13:45 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WISPTIS.EXE 2023-01-15 15:13 - 2023-01-15 15:13 - 002376704 _____ (Farbar) C:\Users\xav94\Desktop\FRST64.exe 2023-01-15 12:42 - 2023-01-15 12:42 - 003510472 _____ (Nicolas Coolman) C:\Users\xav94\Desktop\ZHPSuite.exe 2019-08-14 17:44 - 2019-08-14 17:45 - 055199882 _____ (Hager ) C:\Users\xav94\Downloads\Semiolog_5.1_05.2017.exe 2019-01-27 17:18 - 2019-01-27 17:19 - 178304840 _____ (Trimble, Inc.) C:\Users\xav94\Downloads\SketchUpPro-fr.exe 2019-08-01 16:17 - 2019-08-01 16:18 - 085965001 _____ (Hewlett-Packard Company ) C:\Users\xav94\Downloads\sp53261.exe 2023-01-15 15:04 - 2023-01-15 15:04 - 003311816 _____ (Nicolas Coolman) C:\Users\xav94\Downloads\ZHPDiag3.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de d‚marrage du microprogramme ------------------------------------------- identificateur {fwbootmgr} displayorder {bootmgr} {76cc132e-4175-11e8-82db-806e6f6e6963} {d81e0fe9-fe07-11e3-a603-b5dbfa2d858f} {d81e0fea-fe07-11e3-a603-b5dbfa2d858f} timeout 2 Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {5ec4618b-b7a0-11ea-9509-d4a4ae4953e0} displayorder {current} toolsdisplayorder {memdiag} timeout 0 Application logicielle (101fffff) -------------------------------- identificateur {76cc132e-4175-11e8-82db-806e6f6e6963} description Internal Hard Disk or Solid State Disk Application logicielle (101fffff) -------------------------------- identificateur {b2889977-934f-11e5-825c-806e6f6e6963} description Disque dur portable Application logicielle (101fffff) -------------------------------- identificateur {d81e0fe9-fe07-11e3-a603-b5dbfa2d858f} description EFI USB Device Application logicielle (101fffff) -------------------------------- identificateur {d81e0fea-fe07-11e3-a603-b5dbfa2d858f} description EFI DVD/CDROM Chargeur de d‚marrage Windows ----------------------------- identificateur {21b0a8bc-9350-11e5-825c-f8a96388b557} device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{21b0a8bd-9350-11e5-825c-f8a96388b557} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-FR inherit {bootloadersettings} displaymessage Recovery displaymessageoverride Recovery osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{21b0a8bd-9350-11e5-825c-f8a96388b557} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Chargeur de d‚marrage Windows ----------------------------- identificateur {4a090b9e-b798-11ea-bc22-aac8778bb026} device ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{4a090b9f-b798-11ea-bc22-aac8778bb026} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-FR inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{4a090b9f-b798-11ea-bc22-aac8778bb026} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 10 locale fr-FR inherit {bootloadersettings} recoverysequence {4a090b9e-b798-11ea-bc22-aac8778bb026} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {5ec4618b-b7a0-11ea-9509-d4a4ae4953e0} nx OptIn bootmenupolicy Standard Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {5ec4618b-b7a0-11ea-9509-d4a4ae4953e0} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale fr-FR inherit {resumeloadersettings} recoverysequence {4a090b9e-b798-11ea-bc22-aac8778bb026} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Diagnostics m‚moire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes ParamŠtres EMS -------------- identificateur {emssettings} bootems No ParamŠtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} ParamŠtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} ParamŠtres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p‚riph‚rique ----------------------- identificateur {4a090b9f-b798-11ea-bc22-aac8778bb026} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume5 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Fin de FRST.txt ========================