Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2023 Exécuté par User (administrateur) sur PC-LENOVO-STÉPH (LENOVO ChiefRiver Platform) (30-08-2023 21:07:04) Exécuté depuis C:\Users\User\Desktop\FRST64.exe Profils chargés: User Plate-forme: Microsoft Windows 10 Famille Version 22H2 19045.3324 (X64) Langue: Français (France) Navigateur par défaut: FF Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe (explorer.exe ->) (Open-Shell) [Fichier non signé] C:\Program Files\Open-Shell\StartMenu.exe (Proton Technologies AG -> ) C:\Program Files\Proton\VPN\v3.1.0\ProtonVPN.exe (services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe (services.exe ->) (Proton Technologies AG -> ProtonVPN) C:\Program Files\Proton\VPN\v3.1.0\ProtonVPNService.exe (services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (services.exe ->) (TomTom International BV -> TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (AlcorMicro, Corp. -> Alcor Micro Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [226816 2022-05-12] (Open-Shell) [Fichier non signé] HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508256 2020-08-12] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel® Services Manager -> Intel Corporation) HKU\S-1-5-21-2571112955-4239876419-1220594018-1001\...\Run: [ProtonVPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe [12277144 2023-08-03] (Proton Technologies AG -> ProtonVPN) HKLM\...\Windows x64\Print Processors\Canon MP250 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9W.DLL [28672 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP250 series: C:\WINDOWS\system32\CNMLM9W.DLL [336896 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\Lenovo\Bluetooth Software\BtwCP.dll [2012-07-30] (Broadcom Corporation -> Broadcom Corporation.) ==================== Tâches planifiées (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {C47B3952-D67F-4038-86B2-DA7C38A8834C} - System32\Tasks\G2MUpdateTask-S-1-5-21-2571112955-4239876419-1220594018-1001 => C:\Users\User\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-04-25] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {B520E0C3-2FF7-4888-AA5B-1A636470C2D6} - System32\Tasks\G2MUploadTask-S-1-5-21-2571112955-4239876419-1220594018-1001 => C:\Users\User\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-04-25] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {8C0EA934-3553-4B9B-B494-1AD839647B55} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616800 2023-08-13] (Microsoft Corporation -> Microsoft Corporation) Task: {D563AA83-68F0-4BF8-8539-3A30A1382031} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616800 2023-08-13] (Microsoft Corporation -> Microsoft Corporation) Task: {23C33F68-C094-4D05-BA25-262C3ADED4B9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124264 2023-08-13] (Microsoft Corporation -> Microsoft Corporation) Task: {FBABD41C-9640-4882-958D-D8EB3FC4E832} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124264 2023-08-13] (Microsoft Corporation -> Microsoft Corporation) Task: {EE5F6402-16FA-4D04-A779-99F695A76263} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [896408 2023-08-13] (Microsoft Corporation -> Microsoft Corporation) Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {A3DF0BD7-5AEC-4F4F-8F2C-778AD6816398} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\WINDOWS\system32\rundll32.exe [71680 2021-01-15] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {069E56F4-AF16-4353-B941-2A73ED765400} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {C30BCD0C-A15A-4FC4-8368-8D84A74CA38E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {45208ED4-7C4F-45D5-BB31-A5876B5EB8F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BBDA0E03-61CA-42FB-B59E-B4FA1E4923B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {06D645E1-C5D0-4193-AA3A-EC9D3157A96E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe join (Pas de fichier) Task: {76DA94C1-978B-4A68-9AAF-79C949324411} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [675232 2023-08-29] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {DD1707CC-F96D-4236-A9AA-64FEC836A862} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [722336 2023-08-29] (Mozilla Corporation -> Mozilla Foundation) Task: {FB1460CC-8BF0-4947-977C-EE4C001D0B76} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 ] (Synaptics Incorporated -> Synaptics Incorporated) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{07e5b248-3456-42d9-b3f1-1681055429eb}: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{cdd9aa6a-c17f-4a9e-b56f-63ed7ea59cec}: [DhcpNameServer] 192.168.0.254 Edge: ======= DownloadDir: C:\Users\User\Downloads Edge DefaultProfile: Default Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-06] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-08-01] Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-27] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: sdcf5m94.default-1449679278495-1622248414203 FF DefaultProfile: bjcbl64y.default FF ProfilePath: C:\Users\User\AppData\Roaming\TomTom\HOME\Profiles\2xvvmal5.default [2019-07-16] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2019-07-16] [] [non signé] FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203 [2023-08-30] FF Homepage: Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203 -> hxxps://www.google.fr/ FF Session Restore: Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203 -> est activé. FF Notifications: Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203 -> hxxps://www.gametwist.com; hxxps://odysee.com; hxxps://www.piecesauto.fr; hxxps://twitter.com FF NewTabOverride: Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203 -> Enabled: {66E978CD-981F-47DF-AC42-E3CF417C1467} FF NewTabOverride: Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203 -> Enabled: jid1-MnnxcxisBPnSXQ@jetpack FF NewTabOverride: Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203 -> Enabled: uBlock0@raymondhill.net FF Extension: (Bookmark search plus 2) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\bookmarksearchplus2@aafn.org.xpi [2023-05-12] FF Extension: (Convertisseur de fichiers - Par Online-Convert.com) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\firefox@online-convert.com.xpi [2021-05-29] FF Extension: (I don't care about cookies) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2023-08-12] FF Extension: (Privacy Badger) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2023-06-28] FF Extension: (AdBlock — le meilleur bloqueur de pubs) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2023-03-06] FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\uBlock0@raymondhill.net.xpi [2023-07-26] FF Extension: (Reverse Image Search) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\{0da2e603-21ba-4422-8049-b6d9e013ed84}.xpi [2023-02-22] FF Extension: (Tab Suspender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\{29780561-0607-49f3-aba9-fb8806d2f22d}.xpi [2021-05-29] FF Extension: (Privacy Pass) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\{48748554-4c01-49e8-94af-79662bf34d50}.xpi [2023-02-16] FF Extension: (New Tab Homepage) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2021-05-29] FF Extension: (Flash and Video Download) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\{adeadebb-fedc-4180-a7f4-cfdd87496551}.xpi [2021-05-29] FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-25] FF Extension: (Auto Tab Discard) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\{c2c003ee-bd69-42a2-b0e9-6f34222cb046}.xpi [2022-12-20] FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sdcf5m94.default-1449679278495-1622248414203\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-21] FF ProfilePath: C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\bjcbl64y.default [2023-02-03] FF Homepage: Moonchild Productions\Pale Moon\Profiles\bjcbl64y.default -> hxxps://www.google.com/ FF NewTab: Moonchild Productions\Pale Moon\Profiles\bjcbl64y.default -> hxxps://www.google.com/ FF Session Restore: Moonchild Productions\Pale Moon\Profiles\bjcbl64y.default -> est activé. FF Extension: (Français (FR) Language Pack) - C:\Users\User\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\bjcbl64y.default\Extensions\langpack-fr@palemoon.org.xpi [2022-06-15] [] [non signé] FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-13] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11851232 2023-08-13] (Microsoft Corporation -> Microsoft Corporation) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-07-03] (Mixbyte Inc -> Freemake) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-08-29] (Malwarebytes Inc. -> Malwarebytes) R3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.1.0\ProtonVPNService.exe [472168 2023-08-03] (Proton Technologies AG -> ProtonVPN) S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.1.0\ProtonVPN.WireGuardService.exe [471656 2023-08-03] (Proton Technologies AG -> ProtonVPN) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [136760 2019-05-07] (Alcorlink Corp. -> ) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222272 2023-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-02-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKsl4b2802b2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26ABDBA8-FE93-475C-A80A-8EF414F055DA}\MpKslDrv.sys [222464 2023-08-30] (Microsoft Windows -> Microsoft Corporation) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc. -> CACE Technologies, Inc.) S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.1.0\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-12-06] (AnchorFree Inc -> Anchorfree Inc.) S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [648872 2015-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation) S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2023-07-15] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-04-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-08-29 21:26 - 2023-08-29 22:33 - 000009810 _____ C:\Users\User\Desktop\Fixlog.txt 2023-08-29 21:26 - 2023-08-29 21:26 - 000002945 _____ C:\Users\User\Desktop\qcpfvouoignkrpms.txt 2023-08-29 19:56 - 2023-08-30 13:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2023-08-29 18:58 - 2023-08-29 19:42 - 000042965 _____ C:\Users\User\Desktop\Addition.txt 2023-08-29 18:43 - 2023-08-30 21:10 - 000023319 _____ C:\Users\User\Desktop\FRST.txt 2023-08-29 18:40 - 2023-08-30 21:08 - 000000000 ____D C:\FRST 2023-08-29 18:32 - 2023-08-29 18:32 - 000386380 _____ C:\Users\User\Desktop\ZHPDiag.html 2023-08-29 18:32 - 2023-08-29 18:32 - 000312737 _____ C:\Users\User\Desktop\ZHPDiag.txt 2023-08-29 16:59 - 2023-08-29 16:59 - 002382336 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2023-08-29 16:40 - 2023-08-29 16:40 - 003511456 _____ (Nicolas Coolman) C:\Users\User\Desktop\ZHPSuite.exe 2023-08-29 16:40 - 2023-08-29 16:40 - 000000000 ____D C:\Users\User\AppData\Local\ZHP 2023-08-29 15:01 - 2023-08-30 13:09 - 000000000 ____D C:\Users\User\AppData\Local\Malwarebytes 2023-08-29 15:00 - 2023-08-29 15:00 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2023-08-09 15:24 - 2023-08-09 15:24 - 000000000 ___HD C:\$WinREAgent ==================== Un mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-08-30 21:05 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-08-30 20:24 - 2020-08-12 23:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-08-30 19:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-08-30 18:13 - 2020-08-12 23:09 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows 2023-08-30 18:11 - 2021-06-05 00:47 - 000000000 ____D C:\Users\User\AppData\Local\OpenShell 2023-08-30 15:19 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-08-30 13:37 - 2022-02-10 11:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-08-30 13:27 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-30 13:18 - 2018-05-29 21:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2023-08-30 13:14 - 2021-01-22 08:13 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-08-30 13:04 - 2020-08-12 23:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-08-30 13:04 - 2020-08-12 23:05 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-30 13:04 - 2015-10-23 16:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-08-30 00:00 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-08-29 21:33 - 2020-08-12 23:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT 2023-08-29 21:33 - 2020-08-12 23:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo 2023-08-29 21:20 - 2015-10-23 16:34 - 000001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-08-29 19:08 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2023-08-29 18:32 - 2018-05-01 01:55 - 000000000 ____D C:\Users\User\AppData\Roaming\ZHP 2023-08-29 17:06 - 2018-06-20 01:47 - 000000000 ____D C:\Users\User\Documents\Désinfection 2023-08-29 15:00 - 2023-02-05 19:13 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-08-29 14:59 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2023-08-29 14:54 - 2017-10-22 17:01 - 000000000 ____D C:\Program Files\Malwarebytes 2023-08-28 21:23 - 2021-12-13 14:19 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2571112955-4239876419-1220594018-1001 2023-08-28 21:23 - 2020-08-12 23:45 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2571112955-4239876419-1220594018-1001 2023-08-28 21:23 - 2020-08-12 23:09 - 000002475 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-08-27 02:46 - 2020-06-22 02:40 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-08-27 02:46 - 2020-06-22 02:40 - 000002291 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-08-16 12:09 - 2023-07-08 22:17 - 000000992 _____ C:\Users\Public\Desktop\Proton VPN.lnk 2023-08-16 12:09 - 2023-07-08 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton 2023-08-13 13:56 - 2017-02-04 04:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2023-08-11 12:43 - 2020-08-12 23:28 - 001770910 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-08-11 12:43 - 2019-12-07 16:49 - 000793016 _____ C:\WINDOWS\system32\perfh00C.dat 2023-08-11 12:43 - 2019-12-07 16:49 - 000150146 _____ C:\WINDOWS\system32\perfc00C.dat 2023-08-11 12:35 - 2021-06-10 04:46 - 000466872 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-08-11 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2023-08-11 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2023-08-11 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2023-08-11 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup 2023-08-11 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2023-08-11 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2023-08-11 00:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-08-11 00:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat 2023-08-09 18:08 - 2020-08-12 23:10 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2023-08-09 01:30 - 2015-10-24 04:06 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-08-09 01:17 - 2015-10-24 04:06 - 175983240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== Fin de FRST.txt ========================