Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x86) Version: 05-04-2021
Exécuté par Administrateur (administrateur) sur DESKTOP-FG66P4J (06-04-2021 07:41:08)
Exécuté depuis C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop
Profils chargés: Administrateur
Platform: Microsoft Windows 10 Famille Version 1803 17134.1069 (X86) Langue: Français (France)
Navigateur par défaut: FF
Mode d'amorçage: Normal

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

() [Fichier non signé] C:\Program Files\Shrink Pic\shrink_pic.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avast Software s.r.o. -> Avast Software) C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files\Common Files\AVG\Overseer\overseer.exe
(CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.exe
(CyberGhost S.R.L. -> CyberGhost S.R.L.) C:\Program Files\CyberGhost 8\Dashboard.Service.exe
(Huawei Software Technologies Co., LTD. -> ) C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlrmdr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.1063_none_67d5bc36b10849d5\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Nero AG -> Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe

==================== Registre (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [kbdsprt] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [Revivalist] => "C:\Program Files\Gair\Insult.exe" ndarwndarwndarwndar.ndardndardndarendar.ndarpndarwndar/ndarf2s0s2s0s0ndary1y2f2fshtndarm1GBTd1SQNndarNG5TGsrgTHndar9
HKLM\...\Run: [Trans] => "C:\Program Files\ake\Bully.exe" ndarwndarwndarwndar.ndardndardndarendar.ndarpndarwndar/ndarf2s0s2s0s0ndary1y2f2fshtndarm1GBTd1SQNndarNG5TGsrgTHndar9
HKLM\...\Run: [Vapid] => "C:\Program Files\Thrombin\Insult.exe" ndarwndarwndarwndar.ndardndardndarendar.ndarpndarwndar/ndarf2s0s2s0s0ndary1y2f2fshtndarm1GBTd1SQNndarNG5TGsrgTHndar9
HKLM\...\Policies\Explorer: [AllowOnlineTips] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1378693236-4243323802-1797189373-1001\...\Run: [Spotify] => C:\Users\famille\AppData\Roaming\Spotify\Spotify.exe [24453008 2018-09-01] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1378693236-4243323802-1797189373-1001\...\Run: [Spotify Web Helper] => C:\Users\famille\AppData\Roaming\Spotify\SpotifyWebHelper.exe [774544 2018-08-26] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1378693236-4243323802-1797189373-500\...\Run: [Spotify] => C:\Users\famille\AppData\Roaming\Spotify\Spotify.exe [24453008 2018-09-01] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1378693236-4243323802-1797189373-500\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1378693236-4243323802-1797189373-500\...\Run: [Weathering] => "C:\Program Files\Gair\Insult.exe" ndarwndarwndarwndar.ndardndardndarendar.ndarpndarwndar/ndarf2s0s2s0s0ndary1y2f2fshtndarm1GBTd1SQNndarNG5TGsrgTHndar9
HKU\S-1-5-21-1378693236-4243323802-1797189373-500\...\Run: [Machel] => "C:\Program Files\ake\Bully.exe" ndarwndarwndarwndar.ndardndardndarendar.ndarpndarwndar/ndarf2s0s2s0s0ndary1y2f2fshtndarm1GBTd1SQNndarNG5TGsrgTHndar9
HKU\S-1-5-21-1378693236-4243323802-1797189373-500\...\Run: [Mullin] => "C:\Program Files\Thrombin\Insult.exe" ndarwndarwndarwndar.ndardndardndarendar.ndarpndarwndar/ndarf2s0s2s0s0ndary1y2f2fshtndarm1GBTd1SQNndarNG5TGsrgTHndar9
HKU\S-1-5-21-1378693236-4243323802-1797189373-500\...\Run: [petree] => "C:\Program Files\Gair\Insult.exe" ndarwndarwndarwndar.ndardndardndarendar.ndarpndarwndar/ndarf2s0s2s0s0ndary1y2f2fshtndarm1GBTd1SQNndarNG5TGsrgTHndar9
HKU\S-1-5-21-1378693236-4243323802-1797189373-500\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1378693236-4243323802-1797189373-500\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 8\Dashboard.exe [1146096 2021-03-01] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
HKLM\...\Windows NT x86\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\W32X86\hpzpplhn.dll [89600 2007-05-23] (Hewlett-Packard Corporation) [Fichier non signé]
HKLM\...\Print\Monitors\IppMon: C:\WINDOWS\system32\IPPMon.dll [178688 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [30720 2007-05-23] (Hewlett-Packard Company) [Fichier non signé]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{49cd2afd-8679-48a5-90ab-e7044bee2465}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{49cd2afd-8679-48a5-90ab-e7044bee2465}.sdb [2018-06-27]
Startup: C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk [2017-06-24]
ShortcutTarget: GigaTribe.lnk -> C:\Program Files\GigaTribe\gigatribe.exe (Gigatribe -> Gigatribe)
Startup: C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lasorda.lnk [2020-01-22]
ShortcutTarget: lasorda.lnk -> C:\Program Files\Gair\Insult.exe (Pas de fichier)
Startup: C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lasordalasorda.lnk [2020-01-22]
ShortcutTarget: lasordalasorda.lnk -> C:\Program Files\ake\Bully.exe (Pas de fichier)
Startup: C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-11-05]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shrink Pic.lnk [2017-03-01]
ShortcutTarget: Shrink Pic.lnk -> C:\Program Files\Shrink Pic\shrink_pic.exe () [Fichier non signé]
Startup: C:\Users\famille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shrink Pic.lnk [2017-03-01]
ShortcutTarget: Shrink Pic.lnk -> C:\Program Files\Shrink Pic\shrink_pic.exe () [Fichier non signé]
Startup: C:\Users\Huet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-10-28]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Tâches planifiées (Avec liste blanche) ============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {010C0C57-1DA3-4328-98BE-D8E2EE14F2B1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18223472 2021-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {01A42DD3-02AA-4F7C-92C4-F96BE33D7883} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {02689721-FD4A-4864-A34E-63ACDBE6AA88} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-11-01] (Adobe Inc. -> Adobe)
Task: {03C383F8-A3E8-4B5E-9692-BC56CD4DE16C} - System32\Tasks\varna-mendesvarna-mendes => C:\Program Files\ake\Bully.exe
Task: {1E9E856B-FF14-4E37-94A9-897F42A727E8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {24859B42-04C2-4F74-97AC-2A9D248755E8} - System32\Tasks\Mozilla\Firefox Default Browser Agent 9DED23DF4360B491 => C:\Program Files\mozilla firefox\default-browser-agent.exe [642544 2021-04-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {38E38F5E-46C6-4D12-AC1A-4E6D0B06E8D5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1550048 2021-03-18] (Avast Software s.r.o. -> Avast Software)
Task: {3E13C961-33C9-48C2-A18E-A0274687652B} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1378693236-4243323802-1797189373-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [1303800 2021-03-17] (Mega Limited -> Mega Limited)
Task: {3F59E4EF-1ADF-4237-8BAA-338FB9281D3C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {438A3B91-668C-47F6-B7E8-8438F0EEB8CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [4004296 2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F471D58-7613-4507-8C9F-C871C3C330E9} - System32\Tasks\chastity_bhagwanchastity_bhagwan => C:\Program Files\Thrombin\Insult.exe
Task: {75ECF12A-74F1-407B-AC66-AE47AD3B0422} - System32\Tasks\clings tokenclings token => C:\Program Files\Thrombin\Bully.exe
Task: {774A6D60-AAED-4427-BA71-B86D1E72FFBE} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {9272E48F-592B-4E7D-9867-D6F2CE7E823E} - System32\Tasks\kirt_injunctionskirt_injunctions => C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Local\Bully.exe
Task: {977C7AC7-B605-4F30-8ADA-F8463DE3088F} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1378693236-4243323802-1797189373-1002 => C:\ProgramData\MEGAsync\MEGAupdater.exe [1303800 2021-03-17] (Mega Limited -> Mega Limited)
Task: {9A3CADD6-E50A-4D32-822E-3495A82B8242} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18223472 2021-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0F7B976-A159-44C2-8258-E21FD23678E2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [353080 2021-03-08] (Microsoft Windows -> Microsoft Corporation)
Task: {A43E3E0A-5095-432E-B2FA-A9360803B1D1} - System32\Tasks\stockholm inexcusable cockedstockholm inexcusable cocked => C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Local\Insult.exe
Task: {A65C9495-17B1-44A6-B275-D53135364E35} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {A6CA3B08-560D-4999-A915-D2D41AE7EFD9} - System32\Tasks\orionorion => C:\Program Files\Gair\Insult.exe
Task: {B43C149F-787B-4096-9E56-0E2DEFD1D4EA} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [353080 2021-03-08] (Microsoft Windows -> Microsoft Corporation)
Task: {C0A23824-5E4F-4DC9-B477-EC380B22D4D3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [114024 2021-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2CBB8B6-B6A4-4EDB-83AB-1DC1E4ECA5A6} - System32\Tasks\rebuttingrebutting => C:\Program Files\paymer\paymer.exe
Task: {C65C028D-7B30-41C6-AD24-EAC508BCE903} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {C895087C-315B-4A58-9170-82393D6CBA16} - System32\Tasks\HPCustParticipation HP DeskJet 3700 series => C:\Program Files\HP\HP DeskJet 3700 series\Bin\HPCustPartic.exe [4423816 2018-04-06] (Hewlett Packard -> HP Inc.)
Task: {E028530B-9452-4F0C-83AB-6C27D5F631D0} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1378693236-4243323802-1797189373-500 => C:\ProgramData\MEGAsync\MEGAupdater.exe [1303800 2021-03-17] (Mega Limited -> Mega Limited)
Task: {E584F0DC-D8D3-40B4-9CFD-4F7446E0D307} - \AdvancedWindowsManager -> Pas de fichier <==== ATTENTION
Task: {FD0F4867-953F-468A-BDD8-9518F2C67C21} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1581824 2021-03-18] (AVG Technologies USA, LLC -> AVG Technologies)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5faf928f-ec51-4f53-95ab-e6e1cd783aae}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8ed04e18-3eb4-4c24-8ab5-f66a6e4377b8}: [DhcpNameServer] 192.168.42.129
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
DownloadDir: D:\TRISTAN\Logiciels

FireFox:
========
FF DefaultProfile: astrg3am.default-1523873100599
FF ProfilePath: C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Mozilla\Firefox\Profiles\t22qpjhd.default-release-1606921411677 [2021-04-06]
FF ProfilePath: C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Mozilla\Firefox\Profiles\1fiaxcvf.default-beta [2021-04-05]
FF ProfilePath: C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Mozilla\Firefox\Profiles\astrg3am.default-1523873100599 [2021-04-05]
FF Homepage: Mozilla\Firefox\Profiles\astrg3am.default-1523873100599 -> file:///C:/ProgramData/AppxeetouQs/ff.HP
FF Extension: (SeLite SQLite Connections Manager) - C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Mozilla\Firefox\Profiles\astrg3am.default-1523873100599\Extensions\sqlite-connection-manager@selite.googlecode.com.xpi [2018-06-16]
FF Extension: (Google Translator for Firefox) - C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Mozilla\Firefox\Profiles\astrg3am.default-1523873100599\Extensions\translator@zoli.bod.xpi [2020-02-25]
FF SearchPlugin: C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\Mozilla\Firefox\Profiles\astrg3am.default-1523873100599\searchplugins\bing-lavasoft-ff59.xml [2018-10-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-11-01] (Adobe Inc. -> )
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Pas de fichier]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Pas de fichier]
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\Program Files\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2016-02-29] (Nero AG -> Nero AG)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)

==================== Services (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 AGMService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [217088 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7343472 2021-03-14] (Microsoft Corporation -> Microsoft Corporation)
R2 CyberGhost8Service; C:\Program Files\CyberGhost 8\Dashboard.Service.exe [65776 2021-03-01] (CyberGhost S.R.L. -> CyberGhost S.R.L.)
R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2017-07-26] (Huawei Software Technologies Co., LTD. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5959136 2021-04-03] (Malwarebytes Inc -> Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [792944 2016-01-28] (Nero AG -> Nero AG)
R2 unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [297240 2019-12-20] (Reason Software Company Inc. -> Reason Software Company Inc.)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3624312 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [86408 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [107624 2018-12-13] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Pilotes (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [10070016 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [290304 2015-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [Fichier non signé]
S3 athr; C:\WINDOWS\System32\drivers\athwn.sys [3228672 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
S3 camdrv41; C:\WINDOWS\system32\DRIVERS\camdrv41.sys [1347584 2007-04-23] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [163800 2021-04-03] (Malwarebytes Inc -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [15360 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [199680 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [48272 2018-11-27] (Martin Malik - REALiX -> REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [184048 2021-04-03] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [17360 2021-04-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [160872 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [66656 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [213936 2021-04-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [126688 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] () [Fichier non signé]
S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [31232 2014-05-24] (USBHostDriver(Test003) -> QUALCOMM Incorporated)
S3 qcusbnet; C:\WINDOWS\System32\drivers\qcusbnet.sys [366136 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [216632 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [33280 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [504832 2018-04-11] (Microsoft Windows -> Realtek)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [23040 2016-04-21] (The OpenVPN Project) [Fichier non signé]
S3 UrsSynopsys; C:\WINDOWS\System32\drivers\urssynopsys.sys [21920 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [173216 2017-10-18] (Oracle Corporation -> Oracle Corporation)
R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [575184 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37448 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [271776 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [30208 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [189952 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; pas de ImagePath
U4 ekrn; pas de ImagePath

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois (créés) (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2021-04-06 07:41 - 2021-04-06 07:41 - 000025506 _____ C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\FRST.txt
2021-04-06 07:39 - 2021-04-06 07:39 - 002011136 _____ (Farbar) C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\FRST.exe
2021-04-06 07:36 - 2021-04-06 07:36 - 000160872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-06 07:36 - 2021-04-06 07:36 - 000126688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-06 07:36 - 2021-04-06 07:36 - 000066656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-05 07:45 - 2021-04-05 07:45 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-04-05 07:45 - 2021-04-05 07:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-04-05 07:45 - 2021-04-05 07:45 - 000000000 ____D C:\Program Files\VS Revo Group
2021-04-05 07:45 - 2020-10-14 04:43 - 000033280 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2021-04-05 07:44 - 2021-04-03 13:36 - 016509944 _____ (VS Revo Group ) C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\RevoUninProSetup.exe
2021-04-03 16:48 - 2021-04-03 16:49 - 000000000 ____D C:\Users\Huet\AppData\Roaming\Deezloader Remix
2021-04-03 11:40 - 2021-04-03 11:47 - 000000060 _____ C:\x91j7gd
2021-04-03 11:29 - 2021-04-06 07:41 - 000000000 ____D C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\LocalLow\IGDump
2021-04-03 11:20 - 2021-04-03 16:48 - 000213936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-03 11:20 - 2021-04-03 11:20 - 000184048 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-03 11:20 - 2021-04-03 11:20 - 000163800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2021-04-03 11:20 - 2021-04-03 11:20 - 000017360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-04-03 11:20 - 2021-04-03 11:20 - 000001996 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-04-03 11:20 - 2021-04-03 11:20 - 000000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2021-04-03 11:20 - 2021-04-03 11:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-03 11:19 - 2021-04-03 11:19 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-03 11:09 - 2021-04-03 10:00 - 008534696 _____ (Malwarebytes) C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\2.adwcleaner_8.2.exe
2021-04-03 10:46 - 2021-04-03 13:24 - 000000000 ____D C:\ProgramData\AppxeetouQ
2021-04-03 10:46 - 2021-04-03 10:46 - 000030536 _____ C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\ZHPCleaner (R).html
2021-04-03 10:46 - 2021-04-03 10:46 - 000019025 _____ C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\ZHPCleaner (R).txt
2021-04-03 10:31 - 2021-04-03 10:31 - 000031069 _____ C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\ZHPCleaner (S).html
2021-04-03 10:31 - 2021-04-03 10:31 - 000018931 _____ C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\ZHPCleaner (S).txt
2021-04-03 10:04 - 2021-04-03 10:05 - 000000949 _____ C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\ZHPCleaner.lnk
2021-04-03 10:03 - 2021-04-03 10:00 - 003325592 _____ (Nicolas Coolman) C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\1.ZHPCleaner.exe
2021-03-23 00:13 - 2021-04-03 09:29 - 000000000 ____D C:\Program Files\ruxim
2021-03-18 07:57 - 2021-04-03 16:47 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== Un mois (modifiés) ==================

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2021-04-06 07:41 - 2018-12-12 12:21 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-06 07:41 - 2018-05-18 13:04 - 000000000 ____D C:\FRST
2021-04-06 07:41 - 2017-03-22 17:27 - 000000000 ____D C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\LocalLow\Mozilla
2021-04-06 07:40 - 2018-09-12 08:06 - 001766590 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-06 07:40 - 2018-04-12 07:12 - 000789716 _____ C:\WINDOWS\system32\perfh00C.dat
2021-04-06 07:40 - 2018-04-12 07:12 - 000149286 _____ C:\WINDOWS\system32\perfc00C.dat
2021-04-06 07:40 - 2018-04-11 22:31 - 000000000 ____D C:\WINDOWS\INF
2021-04-06 07:36 - 2018-09-12 08:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-05 17:27 - 2016-09-24 10:57 - 000008192 __RSH C:\BOOTSECT.BAK
2021-04-05 17:24 - 2015-10-30 08:22 - 000413738 __RSH C:\bootmgr
2021-04-05 17:24 - 2015-10-30 08:22 - 000000001 ___SH C:\BOOTNXT
2021-04-05 16:28 - 2016-09-26 14:37 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2021-04-05 09:02 - 2018-04-11 14:45 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-04-05 09:00 - 2018-09-12 07:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-05 08:43 - 2018-04-11 22:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-05 07:50 - 2016-09-24 14:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-05 07:41 - 2016-09-24 14:57 - 127268096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-03 17:13 - 2017-09-01 09:32 - 000000000 ____D C:\Users\Huet\AppData\LocalLow\Mozilla
2021-04-03 16:47 - 2017-10-26 10:38 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2021-04-03 13:27 - 2020-12-02 17:03 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-03 13:24 - 2020-01-22 22:33 - 000000000 ___HD C:\Program Files\grog
2021-04-03 13:24 - 2020-01-22 22:33 - 000000000 ____D C:\Program Files\Preambles
2021-04-03 11:52 - 2018-12-15 11:13 - 000000000 ____D C:\Program Files\YouTube By Click
2021-04-03 11:52 - 2018-09-12 12:09 - 000001417 _____ C:\Users\famille\Desktop\Microsoft Edge.lnk
2021-04-03 11:52 - 2018-09-12 07:57 - 000000000 ____D C:\Users\Huet
2021-04-03 11:52 - 2018-09-12 07:57 - 000000000 ____D C:\Users\famille
2021-04-03 11:52 - 2018-05-17 17:06 - 000000000 ____D C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\ZHP0
2021-04-03 11:52 - 2016-09-29 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSpeedy
2021-04-03 11:30 - 2020-01-22 22:33 - 000000000 ____D C:\Program Files\paymer
2021-04-03 11:20 - 2018-04-11 22:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-03 11:12 - 2018-12-06 23:08 - 000000000 ____D C:\ProgramData\rvlkl
2021-04-03 11:08 - 2018-04-11 22:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-04-03 10:46 - 2018-05-17 17:43 - 000000000 ____D C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\ZHP
2021-04-03 09:49 - 2016-09-27 17:39 - 000000000 ____D C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\vlc
2021-04-03 09:27 - 2020-12-02 16:42 - 000001030 _____ C:\Users\Administrateur.DESKTOP-FG66P4J\Desktop\CyberGhost 8.lnk
2021-03-23 00:16 - 2018-12-16 19:01 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-23 00:13 - 2017-09-30 10:36 - 000000000 ____D C:\Program Files\rempl
2021-03-23 00:09 - 2017-02-14 17:57 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-23 00:09 - 2016-11-25 18:12 - 000000000 ____D C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Roaming\FileZilla
2021-03-18 07:50 - 2018-04-11 22:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-17 21:57 - 2019-10-04 11:06 - 000003510 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-03-17 21:57 - 2018-04-22 20:18 - 000000000 ____D C:\ProgramData\MEGAsync
2021-03-17 21:56 - 2020-12-02 16:42 - 000000000 ____D C:\Program Files\CyberGhost 8

==================== Fichiers à la racine de certains dossiers ========

2019-12-10 18:29 - 2019-12-10 18:29 - 000000010 _____ () C:\Program Files\Exc1
2019-12-10 18:29 - 2019-12-10 18:29 - 000000034 _____ () C:\Program Files\Exc2
2019-12-10 18:29 - 2019-12-10 18:29 - 000000127 _____ () C:\Program Files\Ext
2019-12-10 18:29 - 2019-12-10 18:29 - 002701760 _____ () C:\Program Files\MisAJour.exe
2019-12-10 18:28 - 2019-12-10 18:28 - 025482960 _____ () C:\Program Files\supprimer-doublonsSupprimerLesDOUBLONS.exe
2019-12-10 23:29 - 2019-12-10 23:29 - 000000604 ____H () C:\Program Files\_43_S
2018-10-22 06:28 - 2018-10-22 06:28 - 000000000 _____ () C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Local\oobelibMkey.log
2016-11-21 18:15 - 2021-02-14 14:16 - 000000128 _____ () C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Local\PUTTY.RND
2017-04-01 22:03 - 2017-04-01 22:03 - 000000017 _____ () C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Local\resmon.resmoncfg
2018-04-23 07:50 - 2018-04-23 07:50 - 000000003 _____ () C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Local\wbem.ini
2018-05-12 20:15 - 2018-05-16 10:49 - 000024496 _____ () C:\Users\Administrateur.DESKTOP-FG66P4J\AppData\Local\ZHPCquarantine.jpg

==================== SigCheck ============================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

==================== Fin de FRST.txt ========================