Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2017
Ran by Patati (17-11-2017 10:02:42)
Running from C:\Users\Patati\Downloads
Windows 10 Pro Version 1703 15063.726 (X64) (2017-08-20 11:25:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2658347705-2479119026-1060964503-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2658347705-2479119026-1060964503-503 - Limited - Disabled)
Guest (S-1-5-21-2658347705-2479119026-1060964503-501 - Limited - Disabled)
Patati (S-1-5-21-2658347705-2479119026-1060964503-1001 - Administrator - Enabled) => C:\Users\Patati
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Application Blizzard (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Application de bureau Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.6.378 - Autodesk)
Applications recommandées Autodesk 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
AutoCAD 2017 - English (HKLM\...\{28B89EEF-0001-0409-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 - Français (French) (HKLM\...\{28B89EEF-0001-040C-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (HKLM\...\{28B89EEF-0001-0409-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - Français (French) (HKLM\...\{28B89EEF-0001-040C-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD 2017 Language Pack - Français (French) (HKLM\...\AutoCAD 2017 - Français (French)) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Discord (HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\HearthstoneDeckTracker) (Version: 1.5.5 - HearthSim)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
KB4023057 (HKLM\...\{2780660F-8532-4E52-A940-25D3EDCC19B8}) (Version: 2.2.0.0 - Microsoft Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mumble 1.2.19 (HKLM-x32\...\{9BCF5203-72BB-4425-A391-83BF298EF376}) (Version: 1.2.19 - Thorvald Natvig)
NVIDIA Graphics Driver 359.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.46 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> D:\Autocad\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Patati\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> D:\Autocad\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Patati\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Patati\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Autocad\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-07] (Autodesk)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E36F30F-1D77-4A2E-ABB4-285FB69111F7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {1120DB2F-5DA1-48D9-8365-0080AEC80796} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {238FF0E4-A322-4949-A3F8-6157E56E6272} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-06] (Microsoft Corporation)
Task: {33953645-1C9A-46D2-A9C2-CE48C6159763} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-17] (AVAST Software)
Task: {56FC1CE0-59EA-405B-8EA4-E11C2D5CA877} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {6C7FAD8E-93C1-4220-968B-0EEE7184B215} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {7859DA9D-681F-4A20-A314-67AFC17D4CCA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {7937185D-5307-4438-83B8-2E50A1004F87} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
Task: {95E0DCCF-848F-4C73-85E0-0F5CFD0619E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-06] (Microsoft Corporation)
Task: {AA6FA157-CFD1-46C7-B5CB-2620A7606F76} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {DA5914F3-AC3F-4ED0-933A-B3137051C662} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-11-10] (Realtek Semiconductor)
Task: {DDC562AE-E174-440C-91CF-878831377F48} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {EA7AACB7-F8C6-455E-982B-30143A0B5C54} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {EF166756-E6E3-4BE2-A8F7-0E061A4F1272} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {FA9E200B-FE63-4F96-A91E-4E253389A945} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-08-20 12:19 - 2016-08-01 13:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-10-14 10:07 - 2005-04-22 05:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-28 12:56 - 2017-11-06 12:04 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-30 20:57 - 2016-11-30 20:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-11-12 00:25 - 2017-11-12 00:26 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-12 00:25 - 2017-11-12 00:26 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-12 00:25 - 2017-11-12 00:26 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-07 18:04 - 2017-11-07 18:05 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-18 21:59 - 2017-03-19 03:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-14 10:07 - 2009-02-27 15:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\StartupApproved\Run: => "Discord"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5E3B1450-F710-4242-B807-AEDEFCE68F05}] => (Allow) C:\Users\Patati\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{62CAE1D6-77CC-42B3-AB09-7159F7EC1453}] => (Allow) C:\Users\Patati\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{53F18F5A-AD5F-43A8-959B-C96657A85B3E}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D0380A4B-EF15-4293-9E8F-1FB005921B05}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{BA244F3A-EF4D-4B0D-81CB-FA960192B8B6}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{0F127D80-3FF9-440E-9CE8-3FE31307887F}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [UDP Query User{907C9834-64D9-4404-AEFE-1884D75987C8}D:\blizzard app\hearthstone\hearthstone.exe] => (Allow) D:\blizzard app\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{57B43249-7A7F-415A-AE07-F8EDEEAF5D14}D:\blizzard app\hearthstone\hearthstone.exe] => (Allow) D:\blizzard app\hearthstone\hearthstone.exe
FirewallRules: [{55DCF0DA-F264-46F7-865F-B833363CCC5B}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DE94CF18-3284-48C8-9394-874C93D01256}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EB9CDC03-E918-4B66-9E3D-DBF42D77FC91}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{DB44D2F4-7749-464E-9171-4C41CCEB30EC}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{B6F482EC-ECC9-4ABF-A0A7-4DBA32C18124}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{68D7610A-5BA5-4D67-BDA4-FE1C9CDC533F}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{1C42C7AB-4960-4017-9811-D64BC0839829}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F129CCEB-6450-4333-999A-19DCA86E4B95}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AF1CF0BF-6462-4368-92BA-1DCA9F3570C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{30B01BEE-92B8-4D97-9B6C-0C44FE0103C3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F0ACF022-A9A9-4A77-9D08-663765D50421}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{E9D2D824-A4DE-4197-9BE7-0D7DB553B403}D:\blizzard app\overwatch\overwatch.exe] => (Allow) D:\blizzard app\overwatch\overwatch.exe
FirewallRules: [UDP Query User{079180C9-0A1C-48E9-9695-54545B8F8AE4}D:\blizzard app\overwatch\overwatch.exe] => (Allow) D:\blizzard app\overwatch\overwatch.exe
FirewallRules: [TCP Query User{4C03C0F3-2A78-4946-B3F7-8AD738EC54AF}D:\mt2 guabina\metin2guabina2017\mark\metin2client.exe] => (Allow) D:\mt2 guabina\metin2guabina2017\mark\metin2client.exe
FirewallRules: [UDP Query User{C6B7A3D7-EFF1-4EB2-A555-710FCD6E9B74}D:\mt2 guabina\metin2guabina2017\mark\metin2client.exe] => (Allow) D:\mt2 guabina\metin2guabina2017\mark\metin2client.exe
FirewallRules: [TCP Query User{6EAF49C6-B9CD-49A6-99DC-B71257254BF8}D:\mt2 guabina\metin2guabina2017\windows8.exe] => (Allow) D:\mt2 guabina\metin2guabina2017\windows8.exe
FirewallRules: [UDP Query User{880117F8-D0B6-45D5-B71B-DCD678F1A962}D:\mt2 guabina\metin2guabina2017\windows8.exe] => (Allow) D:\mt2 guabina\metin2guabina2017\windows8.exe
FirewallRules: [{121CFB56-76CC-4036-A0F9-2365E2E36142}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13c\FAXRX.EXE
FirewallRules: [{1DAB7552-4793-4A51-8873-05A93A9D703E}] => (Allow) LPort=54925
FirewallRules: [{DB129484-7FDD-435B-98BE-AD8048FAAE60}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{86B7DB23-988D-4DA1-8407-A40A48534076}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{33F5F1B8-97C3-4ACF-9622-0B590AE8D864}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/17/2017 04:37:40 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007232B
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/17/2017 04:37:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007232B
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (11/17/2017 04:36:58 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest ». Erreur dans le fichier de manifeste ou de stratégie « C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL » à la ligne 1.
L’identité de composant trouvé dans le manifeste ne correspond pas à celle du composant demandé.
La référence est UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La définition est UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/17/2017 04:36:39 AM) (Source: KMS-QAD) (EventID: 1001) (User: )
Description: Event-ID 1001
Error: (11/17/2017 04:33:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll ».
Assembly dépendant Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/17/2017 03:20:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007232B
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
Error: (11/17/2017 03:19:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007139F
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/16/2017 08:10:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007232B
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error: (11/16/2017 08:07:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007139F
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/16/2017 06:37:00 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest ». Erreur dans le fichier de manifeste ou de stratégie « C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL » à la ligne 1.
L’identité de composant trouvé dans le manifeste ne correspond pas à celle du composant demandé.
La référence est UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La définition est UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Utilisez sxstrace.exe pour un diagnostic détaillé.
System errors:
=============
Error: (11/17/2017 05:35:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (11/17/2017 04:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Microsoft Office Click-to-Run Service s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Restart the service.
Error: (11/17/2017 04:49:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Adobe Acrobat Update Service s’est terminé de façon inattendue pour la 1ème fois.
Error: (11/17/2017 04:49:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Autodesk Desktop App Service s’est terminé de façon inattendue pour la 1ème fois.
Error: (11/17/2017 04:37:03 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (11/17/2017 04:36:46 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (11/17/2017 04:36:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (11/17/2017 04:36:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (11/17/2017 04:36:42 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (11/17/2017 04:36:39 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
CodeIntegrity:
===================================
Date: 2017-11-17 04:09:39.379
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-17 04:09:30.074
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-17 04:09:29.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-16 02:04:41.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-30 23:22:05.588
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-22 19:29:55.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-14 13:39:26.531
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-11 08:46:47.524
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-09-25 11:27:21.758
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-09-19 19:52:11.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 8074.91 MB
Available physical RAM: 4777.32 MB
Total Virtual: 9354.91 MB
Available Virtual: 5924.15 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.87 GB) (Free:71.7 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:748.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: DF0FE13E)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=903 MB) - (Type=27)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: DF0FE13F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by Patati (17-11-2017 10:02:42)
Running from C:\Users\Patati\Downloads
Windows 10 Pro Version 1703 15063.726 (X64) (2017-08-20 11:25:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2658347705-2479119026-1060964503-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2658347705-2479119026-1060964503-503 - Limited - Disabled)
Guest (S-1-5-21-2658347705-2479119026-1060964503-501 - Limited - Disabled)
Patati (S-1-5-21-2658347705-2479119026-1060964503-1001 - Administrator - Enabled) => C:\Users\Patati
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACA & MEP 2017 Object Enabler (HKLM\...\{28B89EEF-0004-0000-5102-CF3F3A09B77D}) (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-0001-0000-3102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Application Blizzard (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Application de bureau Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.6.378 - Autodesk)
Applications recommandées Autodesk 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
AutoCAD 2017 - English (HKLM\...\{28B89EEF-0001-0409-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 - Français (French) (HKLM\...\{28B89EEF-0001-040C-2102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (HKLM\...\{28B89EEF-0001-0000-0102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (HKLM\...\{28B89EEF-0001-0409-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - Français (French) (HKLM\...\{28B89EEF-0001-040C-1102-CF3F3A09B77D}) (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD 2017 Language Pack - Français (French) (HKLM\...\AutoCAD 2017 - Français (French)) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
BitTorrent (HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Discord (HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\HearthstoneDeckTracker) (Version: 1.5.5 - HearthSim)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
KB4023057 (HKLM\...\{2780660F-8532-4E52-A940-25D3EDCC19B8}) (Version: 2.2.0.0 - Microsoft Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mumble 1.2.19 (HKLM-x32\...\{9BCF5203-72BB-4425-A391-83BF298EF376}) (Version: 1.2.19 - Thorvald Natvig)
NVIDIA Graphics Driver 359.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.46 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> D:\Autocad\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Patati\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> D:\Autocad\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Patati\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Patati\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2658347705-2479119026-1060964503-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Autocad\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-07] (Autodesk)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E36F30F-1D77-4A2E-ABB4-285FB69111F7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {1120DB2F-5DA1-48D9-8365-0080AEC80796} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {238FF0E4-A322-4949-A3F8-6157E56E6272} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-06] (Microsoft Corporation)
Task: {33953645-1C9A-46D2-A9C2-CE48C6159763} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-17] (AVAST Software)
Task: {56FC1CE0-59EA-405B-8EA4-E11C2D5CA877} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {6C7FAD8E-93C1-4220-968B-0EEE7184B215} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {7859DA9D-681F-4A20-A314-67AFC17D4CCA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {7937185D-5307-4438-83B8-2E50A1004F87} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
Task: {95E0DCCF-848F-4C73-85E0-0F5CFD0619E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-06] (Microsoft Corporation)
Task: {AA6FA157-CFD1-46C7-B5CB-2620A7606F76} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {DA5914F3-AC3F-4ED0-933A-B3137051C662} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-11-10] (Realtek Semiconductor)
Task: {DDC562AE-E174-440C-91CF-878831377F48} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {EA7AACB7-F8C6-455E-982B-30143A0B5C54} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {EF166756-E6E3-4BE2-A8F7-0E061A4F1272} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {FA9E200B-FE63-4F96-A91E-4E253389A945} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-08-20 12:19 - 2016-08-01 13:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-10-14 10:07 - 2005-04-22 05:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-28 12:56 - 2017-11-06 12:04 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-30 20:57 - 2016-11-30 20:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-11-12 00:25 - 2017-11-12 00:26 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-12 00:25 - 2017-11-12 00:26 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-12 00:25 - 2017-11-12 00:26 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-07 18:04 - 2017-11-07 18:05 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-18 21:59 - 2017-03-19 03:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-17 04:32 - 2017-11-17 04:32 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-14 10:07 - 2009-02-27 15:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2658347705-2479119026-1060964503-1001\...\StartupApproved\Run: => "Discord"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5E3B1450-F710-4242-B807-AEDEFCE68F05}] => (Allow) C:\Users\Patati\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{62CAE1D6-77CC-42B3-AB09-7159F7EC1453}] => (Allow) C:\Users\Patati\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{53F18F5A-AD5F-43A8-959B-C96657A85B3E}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D0380A4B-EF15-4293-9E8F-1FB005921B05}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{BA244F3A-EF4D-4B0D-81CB-FA960192B8B6}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{0F127D80-3FF9-440E-9CE8-3FE31307887F}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [UDP Query User{907C9834-64D9-4404-AEFE-1884D75987C8}D:\blizzard app\hearthstone\hearthstone.exe] => (Allow) D:\blizzard app\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{57B43249-7A7F-415A-AE07-F8EDEEAF5D14}D:\blizzard app\hearthstone\hearthstone.exe] => (Allow) D:\blizzard app\hearthstone\hearthstone.exe
FirewallRules: [{55DCF0DA-F264-46F7-865F-B833363CCC5B}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DE94CF18-3284-48C8-9394-874C93D01256}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EB9CDC03-E918-4B66-9E3D-DBF42D77FC91}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{DB44D2F4-7749-464E-9171-4C41CCEB30EC}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{B6F482EC-ECC9-4ABF-A0A7-4DBA32C18124}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{68D7610A-5BA5-4D67-BDA4-FE1C9CDC533F}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{1C42C7AB-4960-4017-9811-D64BC0839829}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F129CCEB-6450-4333-999A-19DCA86E4B95}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{AF1CF0BF-6462-4368-92BA-1DCA9F3570C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{30B01BEE-92B8-4D97-9B6C-0C44FE0103C3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F0ACF022-A9A9-4A77-9D08-663765D50421}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{E9D2D824-A4DE-4197-9BE7-0D7DB553B403}D:\blizzard app\overwatch\overwatch.exe] => (Allow) D:\blizzard app\overwatch\overwatch.exe
FirewallRules: [UDP Query User{079180C9-0A1C-48E9-9695-54545B8F8AE4}D:\blizzard app\overwatch\overwatch.exe] => (Allow) D:\blizzard app\overwatch\overwatch.exe
FirewallRules: [TCP Query User{4C03C0F3-2A78-4946-B3F7-8AD738EC54AF}D:\mt2 guabina\metin2guabina2017\mark\metin2client.exe] => (Allow) D:\mt2 guabina\metin2guabina2017\mark\metin2client.exe
FirewallRules: [UDP Query User{C6B7A3D7-EFF1-4EB2-A555-710FCD6E9B74}D:\mt2 guabina\metin2guabina2017\mark\metin2client.exe] => (Allow) D:\mt2 guabina\metin2guabina2017\mark\metin2client.exe
FirewallRules: [TCP Query User{6EAF49C6-B9CD-49A6-99DC-B71257254BF8}D:\mt2 guabina\metin2guabina2017\windows8.exe] => (Allow) D:\mt2 guabina\metin2guabina2017\windows8.exe
FirewallRules: [UDP Query User{880117F8-D0B6-45D5-B71B-DCD678F1A962}D:\mt2 guabina\metin2guabina2017\windows8.exe] => (Allow) D:\mt2 guabina\metin2guabina2017\windows8.exe
FirewallRules: [{121CFB56-76CC-4036-A0F9-2365E2E36142}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13c\FAXRX.EXE
FirewallRules: [{1DAB7552-4793-4A51-8873-05A93A9D703E}] => (Allow) LPort=54925
FirewallRules: [{DB129484-7FDD-435B-98BE-AD8048FAAE60}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{86B7DB23-988D-4DA1-8407-A40A48534076}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{33F5F1B8-97C3-4ACF-9622-0B590AE8D864}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/17/2017 04:37:40 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007232B
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/17/2017 04:37:37 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007232B
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (11/17/2017 04:36:58 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest ». Erreur dans le fichier de manifeste ou de stratégie « C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL » à la ligne 1.
L’identité de composant trouvé dans le manifeste ne correspond pas à celle du composant demandé.
La référence est UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La définition est UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/17/2017 04:36:39 AM) (Source: KMS-QAD) (EventID: 1001) (User: )
Description: Event-ID 1001
Error: (11/17/2017 04:33:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll ».
Assembly dépendant Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.
Error: (11/17/2017 03:20:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007232B
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
Error: (11/17/2017 03:19:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007139F
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/16/2017 08:10:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007232B
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
Error: (11/16/2017 08:07:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0x8007139F
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/16/2017 06:37:00 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest ». Erreur dans le fichier de manifeste ou de stratégie « C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL » à la ligne 1.
L’identité de composant trouvé dans le manifeste ne correspond pas à celle du composant demandé.
La référence est UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La définition est UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Utilisez sxstrace.exe pour un diagnostic détaillé.
System errors:
=============
Error: (11/17/2017 05:35:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (11/17/2017 04:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Microsoft Office Click-to-Run Service s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Restart the service.
Error: (11/17/2017 04:49:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Adobe Acrobat Update Service s’est terminé de façon inattendue pour la 1ème fois.
Error: (11/17/2017 04:49:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Autodesk Desktop App Service s’est terminé de façon inattendue pour la 1ème fois.
Error: (11/17/2017 04:37:03 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (11/17/2017 04:36:46 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (11/17/2017 04:36:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (11/17/2017 04:36:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (11/17/2017 04:36:42 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (11/17/2017 04:36:39 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
CodeIntegrity:
===================================
Date: 2017-11-17 04:09:39.379
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-17 04:09:30.074
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-17 04:09:29.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-16 02:04:41.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-30 23:22:05.588
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-22 19:29:55.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-14 13:39:26.531
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-11 08:46:47.524
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-09-25 11:27:21.758
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-09-19 19:52:11.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 8074.91 MB
Available physical RAM: 4777.32 MB
Total Virtual: 9354.91 MB
Available Virtual: 5924.15 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.87 GB) (Free:71.7 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:748.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: DF0FE13E)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=903 MB) - (Type=27)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: DF0FE13F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================