Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 02-08.2024 Exécuté par Arisoa (administrateur) sur MYSISTERSASUS (ASUSTeK COMPUTER INC. X450MJ) (12-08-2024 10:08:12) Exécuté depuis C:\Users\Arisoa\Desktop\FRST64.exe Profils chargés: Arisoa Plate-forme: Microsoft Windows 8.1 (Update) (X64) Langue: Français (France) Navigateur par défaut: Chrome Mode d'amorçage: Normal ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Autodesk, Inc -> Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe ->) (Autodesk, Inc -> Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe <3> (C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe ->) (Qualcomm Atheros -> ) [Fichier non signé] C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (CompatTelRunner.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Temp\A5881638-1328-438E-A97B-E0F45B810DE4\DismHost.exe (explorer.exe ->) (BitTorrent Inc -> BitTorrent Limited) C:\Users\Arisoa\AppData\Roaming\uTorrent\uTorrent.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <7> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (explorer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (explorer.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\XDM\jre\bin\javaw.exe (explorer.exe ->) (Qualcomm Atheros -> Qualcomm®Atheros®) [Fichier non signé] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (explorer.exe ->) (Webroot) [Fichier non signé] C:\Users\Arisoa\AppData\Roaming\NTSystem\ntlhost.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Power Software Limited -> Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (services.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (services.exe ->) (Atheros) [Fichier non signé] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (services.exe ->) (Autodesk, Inc -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe (services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Intel(R) Corporation) [Fichier non signé] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2> (services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [Fichier non signé] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (services.exe ->) (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.20617_none_faf6123cb423a35e\TiWorker.exe (svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (wuauclt.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe (wuauclt.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.4.3.612\ASUSWSLoader.exe [63928 2018-09-28] (ASUS Cloud Corporation -> ASUS Cloud Corporation) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (Pas de fichier) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\ASUSWSLoader.exe (Pas de fichier) HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui (Pas de fichier) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [418952 2016-02-10] (Power Software Limited -> Power Software Ltd) HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc -> Autodesk, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.) [Fichier non signé] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [Fichier non signé] HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc -> Autodesk, Inc.) HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Run: [uTorrent] => C:\Users\Arisoa\AppData\Roaming\uTorrent\uTorrent.exe [2262024 2024-07-16] (BitTorrent Inc -> BitTorrent Limited) HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Run: [XDM] => "C:\Program Files (x86)\XDM\jre\bin\javaw.exe" -Xmx1024m -jar "C:\Program Files (x86)\XDM\xdman.jar" -m [1465071 2018-03-04] () [Fichier non signé] [Fichier en cours d'utilisation] HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Run: [CpuOptimizer] => C:\newcpuspeed\Cpufix.exe [937776 2015-09-18] (AutoIt Consulting Ltd -> AutoIt Team) HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Run: [Checkcpu] => C:\Windows\system32\cmd.exe /c start C:\newcpuspeed\Cpufix.exe "C:\newcpuspeed\cpuage.tnt" & exit (Pas de fichier) HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Run: [NTSystem] => C:\Users\Arisoa\AppData\Roaming\NTSystem\ntlhost.exe [833089320 2023-01-25] (Webroot) [Fichier non signé] <==== ATTENTION HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Run: [ut] => C:\Users\Arisoa\AppData\Roaming\uTorrent\uTorrent.exe [2262024 2024-07-16] (BitTorrent Inc -> BitTorrent Limited) HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Run: [Microsoft Edge Update] => C:\Users\Arisoa\AppData\Local\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateCore.exe [268232 2024-08-11] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Policies\Explorer: [] HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\MountPoints2: {728feafc-b8fe-11ec-8285-1c872ca754d5} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-21-606715473-1859003447-805624583-1001\...\MountPoints2: {82c9683e-3dca-11ef-8294-28c2dd54a930} - "G:\HiSuiteDownLoader.exe" HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc -> Autodesk, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.168\Installer\chrmstp.exe [2024-08-11] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{1D88D7CA-E498-40F4-A12D-ABDFFE4CAA4F}] -> C:\Program Files (x86)\WildTangent Games\App\NativeUserProxy.exe [2015-02-09] (WildTangent Inc -> ) HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [Fichier non signé] HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [Fichier non signé] Startup: C:\Users\Arisoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USBfichier.Vbs [2023-11-06] () [Fichier non signé] ==================== Tâches planifiées (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {A1E9B86D-74B5-4273-A5DD-AEC89C74FDC6} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2997528 2014-11-20] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {CB9A9D1D-FAB5-41AF-A18D-A69E543911F4} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2997528 2014-11-20] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {15BEA9AC-63C3-4746-AD4D-E3FF7BD0FB7C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18232 2014-12-16] (ASUSTeK Computer Inc. -> AsusTek) Task: {CC32032E-8791-453D-B2A5-A194E20B408A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [62536 2014-09-11] (ASUSTeK Computer Inc. -> ASUS) Task: {379E2DD7-F694-476B-85A8-C8E012C9C681} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19853392 2014-09-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {9EE072A7-9208-48CB-9415-2A708510A52B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1606784 2015-03-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [Fichier non signé] Task: {DFB52676-090D-4E82-B5DE-700136EB13C6} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [120632 2014-06-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {18ED53C2-F4C7-44AA-935A-0564E08A4048} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2144664 2024-08-12] (Avast Software s.r.o. -> Avast Software) Task: {C7609FD0-C204-4507-832C-AA243A7CE705} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-03] (Google Inc -> Google Inc.) Task: {A5EBEE17-4946-49BE-8B6A-80A96CC69927} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-03] (Google Inc -> Google Inc.) Task: {6DA02C99-8DD7-4AA4-BC3A-B6DBF32D8525} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-11] (Microsoft Corporation -> Microsoft Corporation) Task: {8F8D23E2-68C5-4404-AEF8-445610685134} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-11] (Microsoft Corporation -> Microsoft Corporation) Task: {708F43CB-ECC9-4123-BA76-229216609929} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144264 2024-08-11] (Microsoft Corporation -> Microsoft Corporation) Task: {A5D30629-ACB3-4784-ABDF-BDCD35926B05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144264 2024-08-11] (Microsoft Corporation -> Microsoft Corporation) Task: {583C35F6-7D5F-48C2-A972-6227A578281A} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168920 2024-08-11] (Microsoft Corporation -> Microsoft Corporation) Task: {2EF872AB-17CA-44AA-8FC1-62F24909A370} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\System32\MRT.exe [194135240 2024-08-12] (Microsoft Windows -> Microsoft Corporation) -> C:\Windows\system32\/EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x80072ee7" Task: {CBB5A485-FE66-48D6-B4A9-D717E974EAA5} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-606715473-1859003447-805624583-1001Core{FC95BB70-4422-4292-954E-9EE46E55507D} => C:\Users\Arisoa\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206280 2024-08-11] (Microsoft Corporation -> Microsoft Corporation) Task: {E8EB8824-95C9-4DC8-90DE-C65927B9FEA8} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-606715473-1859003447-805624583-1001UA{C1176DB8-AE9D-484F-83D6-9CD53760EBBF} => C:\Users\Arisoa\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206280 2024-08-11] (Microsoft Corporation -> Microsoft Corporation) Task: {F04782D4-CE5D-4F4B-9B23-FF2068BB7F28} - System32\Tasks\Opera scheduled assistant Autoupdate 1546954982 => C:\Users\Arisoa\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Arisoa\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {1284FDAE-7C8B-4AB8-9D7E-A3F0F39D6D43} - System32\Tasks\Opera scheduled Autoupdate 1546954970 => C:\Users\Arisoa\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier) Task: {861BFAC6-AABF-47DF-A3D9-F779E75AE552} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13872856 2014-12-26] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {5A6C2A71-FAB7-494F-9B9C-BD420963652F} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [12288 2014-11-03] () [Fichier non signé] (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\Parameters: [DhcpNameServer] 196.192.32.5 41.188.9.130 Tcpip\..\Interfaces\{8AFBA3E1-7750-4D5A-8055-57AE66F79BD8}: [DhcpNameServer] 196.192.32.5 41.188.9.130 Tcpip\..\Interfaces\{BC1BD932-CA6B-4845-8FD6-12002706DBEB}: [DhcpNameServer] 172.50.1.5 Tcpip\..\Interfaces\{BC1BD932-CA6B-4845-8FD6-12002706DBEB}: [DhcpDomain] CSC_Asus_1 Edge: ======= Edge Profile: C:\Users\Arisoa\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-20] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-08-11] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-08-11] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-08-11] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] (WildTangent Inc -> ) Chrome: ======= CHR DefaultProfile: Profile 1 CHR Profile: C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Default [2024-08-12] CHR Notifications: Default -> hxxps://btp-cours.com; hxxps://hero-wars.com CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/mb178?a=6R8CeQJytv&i=26" CHR NewTab: Default -> Not-active:"chrome-extension://kgmkoajcbbjaobdbmcnhkppmpnejjpkn/redirect.html", Active:"chrome-extension://ifkajkofhfehgooohbbgajkckiljocjk/ntp.html" CHR DefaultSearchURL: Default -> hxxps://search.medianewpagesearch.com/?src=MediaNewPage_ds&q={searchTerms} CHR DefaultSearchKeyword: Default -> keyword.MediaNewPage CHR Extension: (Avast SafePrice) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2024-08-11] CHR Extension: (Google Docs hors connexion) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-08-11] CHR Extension: (Avast Online Security & Privacy) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2024-08-11] CHR Extension: (FreeDirectionsOnline) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifkajkofhfehgooohbbgajkckiljocjk [2019-07-30] CHR Extension: (MediaNewPage) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmkoajcbbjaobdbmcnhkppmpnejjpkn [2021-04-28] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-28] CHR Profile: C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-08-12] CHR Extension: (Avast SafePrice) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2024-08-12] CHR Extension: (Google Docs hors connexion) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-08-12] CHR Extension: (Avast Online Security & Privacy) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2024-08-12] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Arisoa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-08-12] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] Opera: ======= OPR Profile: C:\Users\Arisoa\AppData\Roaming\Opera Software\Opera Stable [2019-01-31] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk, Inc -> Autodesk Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [Fichier non signé] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12554240 2023-02-11] (Microsoft Corporation -> Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-09] (WildTangent Inc -> WildTangent) S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-03] (Google Inc -> Google Inc.) S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-12-03] (Google Inc -> Google Inc.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Fichier non signé] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [112144 2021-05-18] (Microsoft Corporation -> Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [Fichier non signé] ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-12-16] (ASUSTeK Computer Inc. -> ASUS Corporation) S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) U3 aswbdisk; pas de ImagePath U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois (créés) (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2024-08-12 10:08 - 2024-08-12 10:10 - 000026407 _____ C:\Users\Arisoa\Desktop\FRST.txt 2024-08-12 10:06 - 2024-08-12 10:09 - 000000000 ____D C:\FRST 2024-08-12 10:02 - 2024-08-12 10:04 - 002397184 _____ (Farbar) C:\Users\Arisoa\Desktop\FRST64.exe 2024-08-11 15:49 - 2024-08-11 15:49 - 000000000 ____D C:\Users\Arisoa\AppData\LocalLow\uTorrent.WebView2 2024-08-11 15:47 - 2024-08-11 15:47 - 000003766 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-606715473-1859003447-805624583-1001UA{C1176DB8-AE9D-484F-83D6-9CD53760EBBF} 2024-08-11 15:47 - 2024-08-11 15:47 - 000003700 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-606715473-1859003447-805624583-1001Core{FC95BB70-4422-4292-954E-9EE46E55507D} 2024-08-11 10:19 - 2024-08-11 10:19 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk ==================== Un mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2024-08-12 10:12 - 2019-01-08 16:40 - 000000000 ____D C:\Users\Arisoa\AppData\Roaming\uTorrent 2024-08-12 09:51 - 2018-12-03 15:32 - 000000000 ____D C:\Program Files (x86)\Google 2024-08-12 09:43 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\NDF 2024-08-12 09:39 - 2018-07-12 13:21 - 000000126 _____ C:\Users\Arisoa\AppData\Roaming\sp_data.sys 2024-08-12 09:36 - 2018-07-12 13:23 - 000003594 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-606715473-1859003447-805624583-1001 2024-08-12 09:35 - 2015-04-11 15:36 - 000791436 _____ C:\Windows\system32\perfh013.dat 2024-08-12 09:35 - 2015-04-11 15:36 - 000159242 _____ C:\Windows\system32\perfc013.dat 2024-08-12 09:35 - 2015-04-11 15:24 - 000787354 _____ C:\Windows\system32\perfh010.dat 2024-08-12 09:35 - 2015-04-11 15:24 - 000153332 _____ C:\Windows\system32\perfc010.dat 2024-08-12 09:35 - 2015-04-11 15:12 - 000806842 _____ C:\Windows\system32\perfh00C.dat 2024-08-12 09:35 - 2015-04-11 15:12 - 000156662 _____ C:\Windows\system32\perfc00C.dat 2024-08-12 09:35 - 2015-04-11 15:00 - 000748044 _____ C:\Windows\system32\perfh007.dat 2024-08-12 09:35 - 2015-04-11 15:00 - 000156138 _____ C:\Windows\system32\perfc007.dat 2024-08-12 09:35 - 2014-11-22 04:01 - 004612652 _____ C:\Windows\system32\PerfStringBackup.INI 2024-08-12 09:35 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf 2024-08-12 09:31 - 2019-01-31 09:36 - 000000000 ____D C:\ProgramData\boost_interprocess 2024-08-12 09:27 - 2013-08-22 17:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2024-08-12 09:27 - 2013-08-22 17:44 - 000559544 _____ C:\Windows\system32\FNTCACHE.DAT 2024-08-12 09:24 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2024-08-12 09:20 - 2013-08-22 18:36 - 000000000 ___RD C:\Windows\ToastData 2024-08-12 09:20 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\SysWOW64\setup 2024-08-12 09:20 - 2013-08-22 18:36 - 000000000 ____D C:\Windows\system32\setup 2024-08-12 09:20 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files\Windows Defender 2024-08-12 09:20 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files\Common Files\System 2024-08-12 09:19 - 2019-03-14 09:04 - 000000000 ____D C:\Windows\system32\MRT 2024-08-12 09:13 - 2019-03-14 09:03 - 194135240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2024-08-12 09:13 - 2013-08-22 18:20 - 000000000 ____D C:\Windows\CbsTemp 2024-08-11 17:25 - 2021-04-28 09:43 - 000000000 ____D C:\Users\Arisoa\AppData\Local\BitTorrentHelper 2024-08-11 10:30 - 2021-08-08 21:33 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-08-11 10:30 - 2021-08-08 21:33 - 000002208 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2024-08-11 10:22 - 2019-01-30 20:39 - 000000000 ____D C:\Program Files\Microsoft Office 2024-08-11 10:22 - 2013-08-22 18:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-08-11 10:22 - 2013-08-22 18:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2024-08-11 09:59 - 2018-12-11 17:30 - 000003474 _____ C:\Windows\system32\Tasks\ASUS Live Update1 2024-08-11 09:59 - 2015-11-25 21:57 - 000003464 _____ C:\Windows\system32\Tasks\ASUS Live Update2 2024-08-11 09:53 - 2013-08-22 16:25 - 000262144 ___SH C:\Windows\system32\config\ELAM 2024-08-11 09:46 - 2021-08-08 21:32 - 000003590 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-08-11 09:46 - 2021-08-08 21:32 - 000003462 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-08-11 09:46 - 2018-12-03 15:32 - 000003798 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2024-08-11 09:46 - 2018-12-03 15:32 - 000003670 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2024-08-11 09:46 - 2018-07-21 21:41 - 000000000 ____D C:\Users\Arisoa\AppData\Local\CrashDumps 2024-08-09 22:40 - 2018-07-12 13:41 - 000000000 ____D C:\Users\Arisoa\AppData\Roaming\vlc 2024-08-07 14:00 - 2019-01-30 22:08 - 000000000 ____D C:\Users\Arisoa\AppData\Local\MSfree Inc 2024-08-07 13:59 - 2022-12-26 18:40 - 000000000 ____D C:\Users\Arisoa\AppData\Roaming\kmsauto 2024-07-28 18:12 - 2018-07-15 12:06 - 000000000 ____D C:\Users\Arisoa\AppData\Roaming\Microsoft\Excel 2024-07-28 18:12 - 2018-07-12 13:17 - 000000000 ____D C:\Users\Arisoa\AppData\Local\Packages ==================== Fichiers à la racine de certains dossiers ======== 2023-01-25 18:46 - 2023-01-25 18:46 - 004714280 _____ (Webroot) C:\ProgramData\10892099165880608879.exe 2018-07-12 13:21 - 2024-08-12 09:39 - 000000126 _____ () C:\Users\Arisoa\AppData\Roaming\sp_data.sys ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) LastRegBack: 2024-04-18 14:11 ==================== Fin de FRST.txt ========================