cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-12-2017
Ran by ro (16-12-2017 19:21:19)
Running from C:\Users\ro\Documents\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2017-12-08 15:31:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2842588528-1966890766-1193954180-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2842588528-1966890766-1193954180-503 - Limited - Disabled)
Guest (S-1-5-21-2842588528-1966890766-1193954180-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2842588528-1966890766-1193954180-1002 - Limited - Enabled)
ro (S-1-5-21-2842588528-1966890766-1193954180-1000 - Administrator - Enabled) => C:\Users\ro
WDAGUtilityAccount (S-1-5-21-2842588528-1966890766-1193954180-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2842588528-1966890766-1193954180-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 57.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 57.0.2 (x64 fr)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2 - Mozilla)
OpenOffice 4.1.4 (HKLM-x32\...\{EFD59811-3264-427C-AF22-E96E700FAD83}) (Version: 4.14.9787 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SharkScope Desktop 1.56 (HKLM-x32\...\1016-6073-5515-0204) (Version: 1.56 - Barbary Software)
Winamax Installer (HKU\S-1-5-21-2842588528-1966890766-1193954180-1000\...\Winamax Installer 2.0) (Version: 2.0 - Winamax)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {AE793D78-7C9F-46E1-AD18-76571499C841} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {CFB02F26-977D-45BE-8B64-1EBAC65460D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-09 00:39 - 2017-12-09 00:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-09 00:39 - 2017-12-09 00:39 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-12 12:02 - 2017-12-12 12:03 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-12 12:02 - 2017-12-12 12:03 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-12 12:02 - 2017-12-12 12:03 - 024735744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-12 12:02 - 2017-12-12 12:03 - 002551808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-12 12:02 - 2017-12-12 12:03 - 000671744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.10.572.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-12-06 17:24 - 2017-12-06 17:24 - 000102088 _____ () C:\Users\ro\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-11-07 23:34 - 2017-11-25 10:49 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2842588528-1966890766-1193954180-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ro\Pictures\DSCN1083.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{A23F7C78-081A-41CC-BB87-4FC6AE2AB60B}C:\program files (x86)\sharkscope desktop\sharkscopedesktop.exe] => (Allow) C:\program files (x86)\sharkscope desktop\sharkscopedesktop.exe
FirewallRules: [TCP Query User{4B1190F2-8F1C-4C15-B3CD-75BF5DF37320}C:\program files (x86)\sharkscope desktop\sharkscopedesktop.exe] => (Allow) C:\program files (x86)\sharkscope desktop\sharkscopedesktop.exe
FirewallRules: [{72947CCC-F38D-47EC-93BC-A1ED57B0738A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7B85635F-28C7-4F1A-A8B2-B0C9DD97C009}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6B598E89-C9FA-44D3-8753-C33DC496D38D}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{096F9A79-27A4-49A6-9D3B-E29FA84C4A3C}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{C47FE26F-66A2-4B1A-A400-3435267E5ED6}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{34137849-461E-47B3-9B73-D091C327CA1B}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Restore Points =========================

09-12-2017 17:09:03 Windows Update
13-12-2017 15:30:27 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2017 01:44:14 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/16/2017 01:43:57 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (12/16/2017 01:29:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC)
Description: Package microsoft.windowscommunicationsapps_17.8730.21155.0_x64__8wekyb3d8bbwe+microsoft.windowslive.mail was terminated because it took too long to suspend.

Error: (12/16/2017 02:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC)
Description: Package Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (12/16/2017 12:23:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (12/15/2017 11:51:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (12/15/2017 11:50:43 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (5096,G,0) An attempt to open the file "C:\Users\ro\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/15/2017 11:12:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (12/15/2017 10:51:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (12/15/2017 10:40:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ro-PC)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.


System errors:
=============
Error: (12/16/2017 07:06:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/16/2017 07:06:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/16/2017 07:04:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/16/2017 07:04:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Elan Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/16/2017 06:22:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/16/2017 06:22:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

Error: (12/16/2017 06:21:04 PM) (Source: DCOM) (EventID: 10010) (User: ro-PC)
Description: The server Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (12/16/2017 06:17:17 PM) (Source: DCOM) (EventID: 10010) (User: ro-PC)
Description: The server Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (12/16/2017 06:01:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/16/2017 06:01:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-12-16 15:00:59.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2017-12-16 15:00:58.524
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2017-12-16 15:00:48.962
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.

Date: 2017-12-16 15:00:48.079
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 56%
Total physical RAM: 3932.36 MB
Available physical RAM: 1722.7 MB
Total Virtual: 5212.36 MB
Available Virtual: 3017.44 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.66 GB) (Free:258.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F06BDB55)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Publicité


Signaler le contenu de ce document

Publicité