Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 18-12-2023 Exécuté par Josette Regnault (administrateur) sur JOSETTEREGNAULT (Acer Aspire 5755G) (19-12-2023 15:53:48) Exécuté depuis C:\Users\Josette Regnault\Desktop\FRST64.exe Profils chargés: Josette Regnault Plate-forme: Microsoft Windows 10 Famille Version 22H2 19045.3803 (X64) Langue: Français (France) Navigateur par défaut: Chrome Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2> (C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe (explorer.exe ->) (KARPOLAN) [Fichier non signé] C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <33> (services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (MEDIATEK INC. -> Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe (services.exe ->) (MEDIATEK INC. -> Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe (svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation -> Renesas Electronics Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-1866081160-206520495-2343403741-1000\...\Run: [EPSON SX100 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2008-02-05] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-1866081160-206520495-2343403741-1000\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2595344 2023-12-17] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1866081160-206520495-2343403741-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44486048 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-1866081160-206520495-2343403741-1000\...\Run: [MicrosoftEdgeAutoLaunch_6D10E82E99D7F10E1DF76E18803C7369] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854376 2023-12-14] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1866081160-206520495-2343403741-1000\...\Run: [TrayStatus] => C:\Program Files\TrayStatus\TrayStatus.exe [314320 2023-05-01] (Binary Fortress Software Ltd -> Binary Fortress Software) HKU\S-1-5-21-1866081160-206520495-2343403741-1000\...\Run: [KeyboardLeds.exe] => C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-06] (KARPOLAN) [Fichier non signé] HKU\S-1-5-21-1866081160-206520495-2343403741-1000\...\Run: [CCleanerBrowserAutoLaunch_B8BDA7FB0DE3C122FA02676A09BEB28A] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3074496 2023-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) HKU\S-1-5-21-1866081160-206520495-2343403741-1001\...\Run: [EPSON SX100 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2008-02-05] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-1866081160-206520495-2343403741-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44486048 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-1866081160-206520495-2343403741-1001\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2595344 2023-12-17] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\EPSON SX100 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMEDE.DLL [108032 2007-12-07] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\120.0.23442.109\Installer\chrmstp.exe [2023-12-18] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.110\Installer\chrmstp.exe [2023-12-18] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> AppInit_DLLs: C:\WINDOWS\system32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll => C:\WINDOWS\system32\DriverStore\FileRepository\nvacwu.inf_amd64_bdd6ea477d4e2fba\nvinitx.dll [183144 2017-01-17] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) Startup: C:\Users\Josette Regnault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk [2023-12-07] ShortcutTarget: Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) Startup: C:\Users\Josette Regnault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thunderbird.lnk [2021-10-08] ShortcutTarget: Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation) Startup: C:\Users\Josette Regnault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrayStatus.lnk [2021-12-15] ShortcutTarget: TrayStatus.lnk -> C:\Program Files (x86)\TrayStatus\TrayStatus.exe (Pas de fichier) ==================== Tâches planifiées (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {4E17663B-8DED-4BDB-B372-9F93F6DEBB48} - System32\Tasks\{A8E777A4-6CDD-4697-8694-2E057D1A212A} => C:\Windows\system32\pcalua.exe [53760 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Josette Regnault\Desktop\RIDGE_4G_LL_V18\RIDGE 4G_V18\vcredist_x86.exe" -d "C:\Users\Josette Regnault\Desktop\RIDGE_4G_LL_V18\RIDGE 4G_V18" Task: {98868ECB-0D1E-4812-A95D-C611131B6668} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.) Task: {856BFC46-E6CD-4EF1-B7DD-AE7EEA115AAB} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3074496 2023-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) Task: {825327EB-B7E1-45C1-B7FF-203376CFE87D} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3074496 2023-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) Task: {BE726F2B-D4C6-4ADF-97DD-C45478E21957} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {A22887A2-0251-440F-917A-E233DFE24A9F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "c2b13245-f69b-4cd7-988b-0c3f635df718" --version "6.19.10858" --silent Task: {DCAE9767-2280-4DF2-92B4-47D43079CF39} - System32\Tasks\CCleanerSkipUAC - Josette Regnault => C:\Program Files\CCleaner\CCleaner.exe [37458848 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {7E2954BA-7616-4157-8BBA-76AE03A25597} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) Task: {480DDCB1-95B2-4098-BE9E-4CC2FAAF336E} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) Task: {38575F59-A610-4E8D-BAB2-BD21EA1E0292} - System32\Tasks\GoogleUpdateTaskMachineCore{8D281090-9A48-4C91-A389-464AFD446D1E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-12-02] (Google LLC -> Google LLC) Task: {F1B9881C-17DF-4A23-87CF-A7130E3EE055} - System32\Tasks\GoogleUpdateTaskMachineUA{BD489EB7-9E53-4777-9204-11C4D62DE6CB} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-12-02] (Google LLC -> Google LLC) Task: {E577F3F7-742C-4632-A5E7-89735BC517CB} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {144FE095-A1D2-4BA7-A822-7712A778F7FF} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {DECCE9C6-1CE2-4999-996E-D5FA7E8960FC} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {2881C9C5-8B3E-4D9A-9CDB-AA5B445BB8C0} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {D8AC3FCF-D592-4E43-AFE7-3AE1050A8401} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {6C4E9C45-728A-4A55-B089-5E0ACF9791D8} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {22A8CFF1-6CF0-4928-BE67-1C43104AB42C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AAAE6AF6-17A3-4C02-8A21-DA17516DB82A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {728D03BF-5374-4DC7-BB80-4C9FAB81D70D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6B53C9F4-0C68-4435-A8A3-1F06A8444C4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {34F7574A-1F16-479C-A65B-AAB6933FDDB9} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-17] (Microsoft Corporation -> Microsoft Corporation) Task: {B4D880FE-3AB0-49F3-9FAA-53AFDADD06F3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1866081160-206520495-2343403741-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-17] (Microsoft Corporation -> Microsoft Corporation) Task: {DF838AE9-90F2-4D5F-8F11-268A29AC66E5} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1866081160-206520495-2343403741-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-17] (Microsoft Corporation -> Microsoft Corporation) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{217DE529-51BA-41BC-A67C-1A65DB17A435}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{217DE529-51BA-41BC-A67C-1A65DB17A435}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E3416823-4B63-4451-8294-EEA4B0E450C0}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e85eed5e-4a92-4461-bd83-59a8d7f95e52}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-17] Edge HomePage: Default -> hxxps://www.google.com/ Edge StartupUrls: Default -> "hxxp://www.google.fr/","hxxps://www.duckduckgo.com/","hxxps://encrypted.google.com/" Edge Extension: (Bouton Enregistrer Pinterest) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkgoflemacdadndiohhdnphcmdhacabg [2022-06-25] Edge Extension: (Dropbox pour Gmail) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2021-09-02] Edge Extension: (Désactivation de Google Analytics) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2020-12-17] Edge Extension: (Google Docs hors connexion) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-30] Edge Extension: (Recettes: le marque-page de recettes en ligne) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\giceanipjojfnkbciljjblakfkihbjdb [2020-12-17] Edge Extension: (IGRAAL : Cashback & codes promo) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hgfjoaookbahbhinopgfoiajfijfcdhm [2023-11-14] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-12-02] Edge Extension: (Bouton Enregistrer Pinterest) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfcjijcigimhjjdimpghneggnegiphhh [2020-12-17] Edge Extension: (Edge relevant text changes) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-14] Edge Extension: (Vérificateur de messages Google) - C:\Users\Josette Regnault\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2020-12-17] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: wf4cz41t.default FF ProfilePath: C:\Users\Josette Regnault\AppData\Roaming\Mozilla\Firefox\Profiles\jtt7ag3w.default-release-1679059830944 [2023-12-16] FF Extension: (Language: English (CA)) - C:\Users\Josette Regnault\AppData\Roaming\Mozilla\Firefox\Profiles\jtt7ag3w.default-release-1679059830944\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2023-03-17] FF Extension: (Language: Français (French)) - C:\Users\Josette Regnault\AppData\Roaming\Mozilla\Firefox\Profiles\jtt7ag3w.default-release-1679059830944\Extensions\langpack-fr@firefox.mozilla.org.xpi [2023-03-17] FF ProfilePath: C:\Users\Josette Regnault\AppData\Roaming\Mozilla\Firefox\Profiles\wf4cz41t.default [2023-12-16] FF Extension: (uBlock Origin) - C:\Users\Josette Regnault\AppData\Roaming\Mozilla\Firefox\Profiles\wf4cz41t.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-10] FF Extension: (Flash and Video Download) - C:\Users\Josette Regnault\AppData\Roaming\Mozilla\Firefox\Profiles\wf4cz41t.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2017-12-10] FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-05] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) Chrome: ======= CHR Profile: C:\Users\Josette Regnault\AppData\Local\Google\Chrome\User Data\Default [2023-12-19] CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.fr/","hxxps://www.duckduckgo.com","hxxps://encrypted.google.com" CHR Extension: (Google Docs hors connexion) - C:\Users\Josette Regnault\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-18] CHR Extension: (Enregistrer sur Pinterest) - C:\Users\Josette Regnault\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2023-12-15] CHR Extension: (IGRAAL : Cashback & codes promo) - C:\Users\Josette Regnault\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2023-12-18] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Josette Regnault\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30] CHR Profile: C:\Users\Josette Regnault\AppData\Local\Google\Chrome\User Data\System Profile [2023-12-19] CHR HKU\S-1-5-21-1866081160-206520495-2343403741-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR Profile: C:\Users\Josette Regnault\AppData\Roaming\Opera Software\Opera Stable [2023-12-11] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.fr/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.) S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated) S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\120.0.23442.109\elevation_service.exe [1847224 2023-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082784 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncHelper.exe [3514384 2023-12-17] (Microsoft Corporation -> Microsoft Corporation) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9405400 2023-12-17] (Malwarebytes Inc. -> Malwarebytes) R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (MEDIATEK INC. -> Mediatek Inc.) R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-12-04] (MEDIATEK INC. -> Mediatek Inc.) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\OneDriveUpdaterService.exe [3851280 2023-12-17] (Microsoft Corporation -> Microsoft Corporation) R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16039344 2023-12-05] (ADLICE -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S3 aftap0901; C:\WINDOWS\System32\DRIVERS\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2009-03-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2023-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [54208 2023-12-18] (ADLICE (Julien Ascoet) -> ) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Trois mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-12-19 15:53 - 2023-12-19 15:55 - 000025024 _____ C:\Users\Josette Regnault\Desktop\FRST.txt 2023-12-19 15:53 - 2023-12-19 15:53 - 000000000 ____D C:\Users\Josette Regnault\Desktop\FRST-OlderVersion 2023-12-18 17:17 - 2023-12-18 17:17 - 000054208 _____ C:\WINDOWS\system32\Drivers\truesight.sys 2023-12-18 17:12 - 2023-12-18 17:12 - 000005154 _____ C:\Users\Josette Regnault\Desktop\roquekiller.txt 2023-12-18 16:11 - 2023-12-18 17:02 - 000000000 ____D C:\ProgramData\RogueKiller 2023-12-18 16:11 - 2023-12-18 16:11 - 000000859 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2023-12-18 16:11 - 2023-12-18 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2023-12-18 16:11 - 2023-12-18 16:11 - 000000000 ____D C:\Program Files\RogueKiller 2023-12-18 16:10 - 2023-12-18 16:10 - 047837272 _____ (Adlice Software ) C:\Users\Josette Regnault\Downloads\RogueKiller_setup.exe 2023-12-17 10:27 - 2023-12-17 10:27 - 000001544 _____ C:\Users\Josette Regnault\Desktop\MBMA.txt 2023-12-17 09:40 - 2023-12-18 08:37 - 000000000 ____D C:\Users\Josette Regnault\AppData\Local\Malwarebytes 2023-12-17 09:40 - 2023-12-17 09:40 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-12-17 09:40 - 2023-12-17 09:40 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2023-12-17 09:38 - 2023-12-17 09:38 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-12-17 09:37 - 2023-12-17 09:37 - 002606880 _____ (Malwarebytes) C:\Users\Josette Regnault\Downloads\MBSetup (1).exe 2023-12-17 09:26 - 2023-12-17 09:26 - 008791352 _____ (Malwarebytes) C:\Users\Josette Regnault\Downloads\adwcleaner_8.4.0 (1).exe 2023-12-17 09:25 - 2023-12-17 09:25 - 008791352 _____ (Malwarebytes) C:\Users\Josette Regnault\Downloads\adwcleaner_8.4.0.exe 2023-12-17 09:23 - 2023-12-17 09:23 - 000036100 _____ C:\Users\Josette Regnault\Desktop\ZHPCleaner (R).txt 2023-12-17 08:48 - 2023-12-17 08:48 - 000000931 _____ C:\Users\Josette Regnault\Desktop\ZHPCleaner.lnk 2023-12-17 08:47 - 2023-12-17 08:47 - 003362976 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (8).exe 2023-12-16 09:50 - 2023-12-16 11:06 - 000407349 _____ C:\Users\Josette Regnault\Desktop\Fixlog.txt 2023-12-15 18:48 - 2023-12-19 15:06 - 000181696 _____ C:\Users\Josette Regnault\Desktop\ZHPDiag.txt 2023-12-15 18:36 - 2023-12-15 18:36 - 003570848 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPSuite (2).exe 2023-12-15 18:36 - 2023-12-15 18:36 - 003570848 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPSuite (1).exe 2023-12-15 18:33 - 2023-12-15 18:37 - 000000921 _____ C:\Users\Josette Regnault\Desktop\ZHPSuite.lnk 2023-12-15 18:32 - 2023-12-15 18:32 - 003570848 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPSuite.exe 2023-12-15 17:39 - 2023-12-15 17:39 - 000000314 _____ C:\Users\Josette Regnault\Desktop\SearchReg.txt 2023-12-15 17:22 - 2023-12-15 17:22 - 000054648 _____ C:\Users\Josette Regnault\Downloads\Shortcut.txt 2023-12-15 17:17 - 2023-12-15 17:22 - 000055694 _____ C:\Users\Josette Regnault\Downloads\Addition.txt 2023-12-15 17:07 - 2023-12-15 17:07 - 000126669 _____ C:\Users\Josette Regnault\Desktop\pc qui rame.html 2023-12-15 17:07 - 2023-12-15 17:07 - 000000000 ____D C:\Users\Josette Regnault\Desktop\pc qui rame_files 2023-12-15 17:05 - 2023-12-19 15:53 - 002387456 _____ (Farbar) C:\Users\Josette Regnault\Desktop\FRST64.exe 2023-12-15 17:05 - 2023-12-15 17:22 - 000048768 _____ C:\Users\Josette Regnault\Downloads\FRST.txt 2023-12-15 17:04 - 2023-12-19 15:54 - 000000000 ____D C:\FRST 2023-12-15 17:03 - 2023-12-15 17:03 - 002386432 _____ (Farbar) C:\Users\Josette Regnault\Downloads\FRST64 (1).exe 2023-12-15 17:02 - 2023-12-15 17:03 - 002386432 _____ (Farbar) C:\Users\Josette Regnault\Downloads\FRST64.exe 2023-12-15 15:08 - 2023-12-15 15:08 - 003362976 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (7).exe 2023-12-13 19:20 - 2023-12-13 19:20 - 000000000 ____D C:\WINDOWS\InboxApps 2023-12-13 10:58 - 2023-12-13 10:58 - 000016707 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2023-12-13 10:11 - 2023-12-13 10:11 - 000000000 ___HD C:\$WinREAgent 2023-12-11 18:06 - 2023-12-11 18:06 - 000002322 _____ C:\Users\Josette Regnault\Documents\cc_20231211_180621.reg 2023-12-11 18:01 - 2023-12-11 18:01 - 003361440 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (6).exe 2023-12-11 17:59 - 2023-12-11 17:59 - 003361440 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (5).exe 2023-12-02 14:13 - 2023-12-18 17:53 - 000002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-12-02 14:13 - 2023-12-18 17:53 - 000002164 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2023-12-02 14:12 - 2023-12-07 10:05 - 000003960 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{BD489EB7-9E53-4777-9204-11C4D62DE6CB} 2023-12-02 14:12 - 2023-12-07 10:05 - 000003836 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{8D281090-9A48-4C91-A389-464AFD446D1E} 2023-12-02 14:12 - 2023-12-02 14:12 - 000000000 ____D C:\Program Files\Google 2023-12-02 14:11 - 2023-12-02 14:11 - 001375280 _____ (Google LLC) C:\Users\Josette Regnault\Downloads\ChromeSetup (1).exe 2023-11-28 16:48 - 2023-11-28 16:48 - 000004672 _____ C:\Users\Josette Regnault\Documents\cc_20231128_164819.reg 2023-11-21 17:41 - 2023-11-21 17:41 - 003346080 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (4).exe 2023-11-21 17:40 - 2023-11-21 17:40 - 003346080 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (3).exe 2023-11-20 14:39 - 2023-11-20 14:39 - 000079168 _____ C:\Users\Josette Regnault\Downloads\attestationfiscale (1).pdf 2023-11-08 14:33 - 2023-11-08 14:33 - 000003984 _____ C:\Users\Josette Regnault\Documents\cc_20231108_143331.reg 2023-11-06 10:28 - 2023-11-06 10:28 - 000159561 _____ C:\Users\Josette Regnault\Downloads\A13522589.pdf 2023-10-20 10:16 - 2023-10-20 10:16 - 000005346 _____ C:\Users\Josette Regnault\Documents\cc_20231020_111608.reg 2023-10-12 09:33 - 2023-10-12 09:33 - 000000000 ____D C:\Users\Josette Regnault\AppData\Local\Backup 2023-10-11 12:20 - 2023-10-11 12:20 - 000000000 ____D C:\ProgramData\PLUG 2023-10-11 08:20 - 2023-10-11 08:20 - 000000000 ____D C:\Program Files\RUXIM 2023-10-05 09:58 - 2023-10-05 09:58 - 000117765 _____ C:\Users\Josette Regnault\Downloads\releve_CCP0130034S023_20230904.pdf 2023-10-05 09:57 - 2023-10-05 09:57 - 000146612 _____ C:\Users\Josette Regnault\Downloads\releve_CCP0130034S023_20230804 (1).pdf 2023-10-05 09:57 - 2023-10-05 09:57 - 000113949 _____ C:\Users\Josette Regnault\Downloads\releve_CCP0130034S023_20230704.pdf 2023-10-05 09:49 - 2023-10-05 09:49 - 000114182 _____ C:\Users\Josette Regnault\Downloads\releve_CCP0010890M023_20230925.pdf 2023-10-05 09:47 - 2023-10-05 09:47 - 000113014 _____ C:\Users\Josette Regnault\Downloads\releve_CCP0010890M023_20230825.pdf 2023-09-27 17:26 - 2023-09-27 17:26 - 003343008 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (2).exe ==================== Trois mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2023-12-19 15:51 - 2020-10-26 20:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-12-19 15:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-12-19 15:11 - 2021-12-16 18:32 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-12-19 15:11 - 2017-05-11 10:30 - 000000000 ____D C:\Program Files (x86)\Google 2023-12-19 15:06 - 2018-01-24 18:26 - 000000135 _____ C:\Users\Josette 2023-12-19 15:06 - 2017-12-08 11:13 - 000000000 ____D C:\Users\Josette Regnault\AppData\Roaming\ZHP 2023-12-19 10:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-12-19 10:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-12-19 09:41 - 2022-09-28 10:15 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-12-18 19:20 - 2022-04-28 15:49 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser 2023-12-18 18:39 - 2022-04-28 15:51 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk 2023-12-18 17:17 - 2021-09-12 13:48 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-12-18 17:17 - 2020-10-26 21:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-12-18 17:17 - 2020-10-26 20:49 - 000008192 ___SH C:\DumpStack.log.tmp 2023-12-18 17:16 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-12-17 09:39 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2023-12-17 09:38 - 2017-05-26 17:25 - 000000000 ____D C:\Program Files\Malwarebytes 2023-12-17 09:30 - 2023-07-10 16:36 - 000000000 ____D C:\Users\Josette Regnault\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft 2023-12-17 09:30 - 2023-07-10 16:36 - 000000000 ____D C:\Users\Josette Regnault\AppData\Local\Lavasoft 2023-12-17 09:21 - 2023-07-10 16:34 - 000000000 ____D C:\Users\Josette Regnault\AppData\Roaming\Lavasoft 2023-12-17 08:33 - 2021-04-27 08:32 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-12-17 08:32 - 2021-12-13 15:19 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1866081160-206520495-2343403741-1001 2023-12-17 08:32 - 2021-12-13 15:19 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1866081160-206520495-2343403741-1000 2023-12-17 08:32 - 2021-04-27 08:31 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-12-16 11:06 - 2022-10-01 12:09 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job 2023-12-16 11:06 - 2020-12-16 09:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2023-12-16 11:06 - 2017-05-28 06:41 - 000000000 ____D C:\Program Files\CCleaner 2023-12-16 11:02 - 2023-07-03 08:54 - 000000000 ____D C:\Users\Josette Regnault\AppData\LocalLow\Temp 2023-12-16 10:45 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-12-16 09:26 - 2020-06-23 09:11 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-12-16 09:19 - 2020-10-26 21:17 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2023-12-15 18:33 - 2023-06-28 13:57 - 000000000 ____D C:\Users\Josette Regnault\AppData\Local\ZHP 2023-12-15 17:21 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2023-12-15 16:51 - 2020-08-12 16:43 - 000001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-12-15 16:51 - 2017-08-03 14:13 - 000000000 ____D C:\Users\Josette Regnault\AppData\Local\CrashDumps 2023-12-15 16:49 - 2022-10-01 12:09 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting 2023-12-15 11:30 - 2020-10-26 21:10 - 001927966 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-12-15 11:30 - 2019-12-07 15:49 - 000833030 _____ C:\WINDOWS\system32\perfh00C.dat 2023-12-15 11:30 - 2019-12-07 15:49 - 000167760 _____ C:\WINDOWS\system32\perfc00C.dat 2023-12-14 09:25 - 2020-02-10 18:56 - 000000000 ____D C:\Users\Josette Regnault\AppData\Local\Packages 2023-12-13 19:23 - 2020-10-26 20:50 - 000476728 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2023-12-13 19:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-12-13 19:20 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing 2023-12-13 11:08 - 2019-12-07 15:53 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2023-12-13 11:08 - 2019-12-07 15:53 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2023-12-13 10:59 - 2017-05-11 14:07 - 000416140 __RSH C:\bootmgr 2023-12-13 10:58 - 2020-10-26 20:53 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2023-12-11 18:23 - 2023-07-10 16:36 - 000000000 ____D C:\ProgramData\Lavasoft 2023-12-06 12:10 - 2020-02-14 14:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2023-12-02 14:14 - 2017-05-11 10:30 - 000000000 ____D C:\Users\Josette Regnault\AppData\Local\Google 2023-11-21 17:38 - 2020-10-26 18:52 - 000000000 ____D C:\Users\Josette Regnault 2023-11-21 17:38 - 2017-12-28 19:01 - 003346080 _____ (Nicolas Coolman) C:\Users\Josette Regnault\ZHPCleaner.exe ==================== Fichiers à la racine de certains dossiers ======== 2017-12-28 19:01 - 2023-11-21 17:38 - 003346080 _____ (Nicolas Coolman) C:\Users\Josette Regnault\ZHPCleaner.exe 2017-12-30 15:53 - 2018-01-24 18:24 - 000363388 _____ () C:\Users\Josette Regnault\ZHPDiag3.exe 2017-11-23 11:14 - 2017-11-26 13:43 - 000016293 _____ () C:\Users\Josette Regnault\AppData\Local\HWVendorDetection.log ==================== SigCheckExt ========================= 2017-05-11 10:55 - 2010-11-02 18:00 - 000443040 _____ (Atheros) C:\WINDOWS\system32\athihvs.dll 2017-05-11 10:55 - 2010-11-02 18:00 - 000063648 _____ (Atheros) C:\WINDOWS\system32\athihvui.dll 2022-10-01 12:22 - 2012-05-10 21:01 - 001503744 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\system32\libeay32.dll 2022-10-01 12:21 - 2012-01-10 10:39 - 000127488 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\RAEXTUI.dll 2022-10-01 12:21 - 2012-08-01 15:46 - 001115648 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\RAIHV.dll 2022-10-01 12:22 - 2012-05-10 21:01 - 000308736 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\system32\ssleay32.dll 2017-07-17 18:30 - 2017-07-17 18:30 - 000863744 _____ (Farbar) C:\WINDOWS\mod_frst.exe 2017-05-11 10:27 - 2010-12-23 10:09 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll 2022-10-01 12:21 - 2012-01-10 10:39 - 000127488 _____ (Ralink Technology, Corp.) C:\WINDOWS\SysWOW64\RAEXTUI.dll 2022-10-01 12:21 - 2012-08-01 15:46 - 001115648 _____ (Ralink Technology, Corp.) C:\WINDOWS\SysWOW64\RAIHV.dll 2006-10-26 12:45 - 2006-10-26 12:45 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WISPTIS.EXE 2017-12-28 19:01 - 2023-11-21 17:38 - 003346080 _____ (Nicolas Coolman) C:\Users\Josette Regnault\ZHPCleaner.exe 2017-12-30 15:53 - 2018-01-24 18:24 - 000363388 _____ C:\Users\Josette Regnault\ZHPDiag3.exe 2023-12-15 17:05 - 2023-12-19 15:53 - 002387456 _____ (Farbar) C:\Users\Josette Regnault\Desktop\FRST64.exe 2023-12-15 17:03 - 2023-12-15 17:03 - 002386432 _____ (Farbar) C:\Users\Josette Regnault\Downloads\FRST64 (1).exe 2023-12-15 17:02 - 2023-12-15 17:03 - 002386432 _____ (Farbar) C:\Users\Josette Regnault\Downloads\FRST64.exe 2023-04-26 13:09 - 2023-04-26 13:09 - 000522508 _____ (KARPOLAN) C:\Users\Josette Regnault\Downloads\keyboard-leds.exe 2023-07-31 16:27 - 2023-07-31 16:27 - 003343008 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (1).exe 2023-09-27 17:26 - 2023-09-27 17:26 - 003343008 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (2).exe 2023-11-21 17:40 - 2023-11-21 17:40 - 003346080 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (3).exe 2023-11-21 17:41 - 2023-11-21 17:41 - 003346080 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (4).exe 2023-12-11 17:59 - 2023-12-11 17:59 - 003361440 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (5).exe 2023-12-11 18:01 - 2023-12-11 18:01 - 003361440 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (6).exe 2023-12-15 15:08 - 2023-12-15 15:08 - 003362976 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (7).exe 2023-12-17 08:47 - 2023-12-17 08:47 - 003362976 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner (8).exe 2023-06-28 13:55 - 2023-06-28 13:56 - 003309728 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPCleaner.exe 2023-12-15 18:36 - 2023-12-15 18:36 - 003570848 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPSuite (1).exe 2023-12-15 18:36 - 2023-12-15 18:36 - 003570848 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPSuite (2).exe 2023-12-15 18:32 - 2023-12-15 18:32 - 003570848 _____ (Nicolas Coolman) C:\Users\Josette Regnault\Downloads\ZHPSuite.exe ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) ==================== BCD ================================ Gestionnaire de démarrage Windows --------------------------------- identificateur {bootmgr} device partition=C: description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {18b5d016-17c4-11eb-b15e-b870f4b5d2d5} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Chargeur de démarrage Windows ----------------------------- identificateur {current} device partition=C: path \WINDOWS\system32\winload.exe description Windows 10 locale fr-FR inherit {bootloadersettings} testsigning No allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {18b5d016-17c4-11eb-b15e-b870f4b5d2d5} nx OptIn bootmenupolicy Legacy Chargeur de démarrage Windows ----------------------------- identificateur {71380f21-364a-11e7-b523-c0c2f4ab57c1} device ramdisk=[C:]\Recovery\9f9a9893-3669-11e7-b98c-86b6ebc77999\Winre.wim,{71380f22-364a-11e7-b523-c0c2f4ab57c1} path \windows\system32\winload.exe description Windows Recovery Environment (récupéré) locale osdevice ramdisk=[C:]\Recovery\9f9a9893-3669-11e7-b98c-86b6ebc77999\Winre.wim,{71380f22-364a-11e7-b523-c0c2f4ab57c1} systemroot \windows winpe Yes Reprendre à partir de la mise en veille prolongée ------------------------------------------------- identificateur {18b5d016-17c4-11eb-b15e-b870f4b5d2d5} device partition=C: path \WINDOWS\system32\winresume.exe description Windows Resume Application locale fr-FR inherit {resumeloadersettings} allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Testeur de mémoire Windows -------------------------- identificateur {memdiag} device partition=C: path \boot\memtest.exe description Diagnostics mémoire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes Paramètres EMS -------------- identificateur {emssettings} bootems No Paramètres du débogueur ----------------------- identificateur {dbgsettings} debugtype Local Erreurs de mémoire RAM ---------------------- identificateur {badmemory} Paramètres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Paramètres du chargeur de démarrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Paramètres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Paramètres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de périphérique ----------------------- identificateur {71380f22-364a-11e7-b523-c0c2f4ab57c1} ramdisksdidevice partition=C: ramdisksdipath \Recovery\9f9a9893-3669-11e7-b98c-86b6ebc77999\boot.sdi ==================== Fin de FRST.txt ========================