Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Bchiri (12-07-2018 14:38:54)
Running from C:\Users\Bchiri\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-22 07:39:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4091140688-1445887026-1692677957-500 - Administrator - Disabled)
Bchiri (S-1-5-21-4091140688-1445887026-1692677957-1001 - Administrator - Enabled) => C:\Users\Bchiri
DefaultAccount (S-1-5-21-4091140688-1445887026-1692677957-503 - Limited - Disabled)
Guest (S-1-5-21-4091140688-1445887026-1692677957-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4091140688-1445887026-1692677957-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 9 Pro - English, Franחais, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.3.0 - Adobe Systems)
Adobe Acrobat 9.3.0 - CPSID_52073 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_930) (Version: - Adobe Systems Incorporated)
Bananatag for Outlook (HKLM-x32\...\Bananatag.OutlookAddIn) (Version: 2.0.64.0 - Bananatag)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Dell Digital Delivery (HKLM-x32\...\{824A41E2-5C69-421C-8991-5351D7C3E6BF}) (Version: 3.3.1001.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{9074E264-F615-4DDE-969E-1FDBCFEC3FB5}) (Version: 2.2.2.7 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 53.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
FX Junction Bridge (EA) (HKLM-x32\...\FX Junction Bridge (EA)) (Version: - )
FXCM Trading Station Desktop (HKLM-x32\...\FXTS2) (Version: - Forex Capital Markets, LLC ("FXCM LLC"))
FxPro - MetaTrader 4 (HKLM-x32\...\FxPro - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{98970ddc-844d-4ec3-b93e-52f5f693b305}) (Version: 3.10.100.3429 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{9315B8DE-B183-4126-A69E-150B8ABF3690}) (Version: 3.10.100.3429 - Intel Corporation) Hidden
join.me (HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\JoinMe) (Version: 3.9.0.5408 - LogMeIn, Inc.)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9233.1 - Waves Audio Ltd.) Hidden
MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NinjaTrader 8 (HKLM-x32\...\{A8D70A58-ADE5-4C5F-B370-2A7E02891E5E}) (Version: 8.0.14.0 - NinjaTrader, LLC)
OpenVPN 2.3.12-I602 (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.40 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8184 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.15063.11275 - Realtek Semiconductor Corp.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Transcriber 1.5.1 (HKLM-x32\...\Transcriber_is1) (Version: - DGA)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\WhatsApp) (Version: 0.2.9998 - WhatsApp)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
תוכנת Intel® Chipset Device (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4091140688-1445887026-1692677957-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2009-12-21] (Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_842874489af34daa\igfxDTCM.dll [2018-04-03] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2009-12-21] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06AE3776-0332-433B-B523-847E71D3A940} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-10] (Microsoft Corporation)
Task: {07E1522B-94DD-46B2-9E00-9C4664149AAE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0E3F312D-DC2C-4585-A99A-A98EE5063AF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-10] (Microsoft Corporation)
Task: {1A18BD47-C488-41A8-B108-D71520DCFF63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-19] (Google Inc.)
Task: {1D69C20B-2FD8-42CC-B9A5-A4D3A4B6B37F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-19] (Google Inc.)
Task: {2786681B-C821-4FFD-88FA-B5C599E14F9F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {351E7858-50B5-464E-BA5D-0FCF786EC4E5} - System32\Tasks\RimonCrt => C:\RimonCrt\RimonCrt.exe [2018-03-20] ()
Task: {3558C37B-86C1-4B71-BEA4-69E6D7D52517} - System32\Tasks\S-1-5-21-4091140688-1445887026-1692677957-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {3CB2D7A0-D388-46AC-80E5-0609C4571AF2} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-03-20] (DELL)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6EA538EA-53F4-4C1F-9B17-C8E0D3AB9CE9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-02-24] (Intel(R) Corporation)
Task: {8EE5A7CD-3E24-45B8-BA03-F0E8340A555D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {A1D961D1-EFC8-4169-82D5-34FF60D1D09B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-20] (Dropbox, Inc.)
Task: {B566E23E-8F9A-4F18-B13E-81013496BB80} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {CFB505A5-F3A7-4B39-AA6C-69212E7E158C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-10] (Microsoft Corporation)
Task: {DFE30926-045D-497B-9351-AEC5BF7A3483} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E03CB64A-5239-4747-AF05-73D3F5FC8EA9} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-06-30] (Dell Inc.)
Task: {E0BCE477-C43D-4964-89F0-EE2B30938105} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-20] (Dropbox, Inc.)
Task: {F3912609-DFC9-4D2F-B95C-F1D19D02044D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-10] (Microsoft Corporation)
Task: {FBA8723C-2B7B-4EAA-9978-B5ADC92736DC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-99SODBU-Bchiri DESKTOP-99SODBU => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {FCC8B40C-7F67-4F78-BB8E-697DA01F0DF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 02:34 - 2018-04-12 02:34 - 001310208 _____ () c:\windows\system32\FaceProcessor.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000542888 _____ () c:\windows\system32\FaceProcessorCore.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 001348664 _____ () c:\windows\system32\FaceTrackerInternal.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-07-09 13:04 - 2018-07-09 13:04 - 002587968 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1229\libprotobuf.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-12 22:11 - 2018-06-08 11:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-23 13:10 - 2018-05-23 13:11 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 13:10 - 2018-05-23 13:11 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-23 13:10 - 2018-05-23 13:11 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-23 13:10 - 2018-05-23 13:11 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-23 13:10 - 2018-05-23 13:11 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-06-25 21:50 - 2018-06-22 22:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-25 21:50 - 2018-06-22 22:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2017-07-28 13:48 - 2017-07-28 13:48 - 000140664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2018-07-12 10:34 - 2018-07-10 23:49 - 001107648 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-07-12 10:34 - 2018-07-10 23:49 - 002079424 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-05-15 04:00 - 2018-07-10 23:54 - 000021704 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000135656 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 001881816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000111576 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-05-15 04:00 - 2018-07-10 23:49 - 000103392 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000069320 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000080064 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000399832 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-05-15 04:00 - 2018-07-10 23:49 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000043496 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000021472 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000124896 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000114664 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000392392 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000028896 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000024552 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000175584 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000026080 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000024272 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000048616 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000057824 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000022728 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000025296 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000070360 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000026336 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 003866304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000089272 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 001800896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 001960640 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000155856 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000521920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000051400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000043720 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000131264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000220872 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000205512 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000060896 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000056536 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000024040 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000024792 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000028392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000348128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000102088 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000024800 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000026840 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-07-12 10:34 - 2018-07-10 23:52 - 000034528 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-05-15 04:00 - 2018-07-10 23:54 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000181432 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-05-15 04:00 - 2018-07-10 23:54 - 000031952 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000024752 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-07-12 10:34 - 2018-07-10 23:52 - 001638576 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-05-15 04:00 - 2018-07-10 23:54 - 000090840 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000027352 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000547008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000360128 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
2017-12-03 13:02 - 2009-02-27 17:32 - 000020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.fra
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Bchiri\Documents\Torah:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\cirrusinsight.com -> hxxps://cirrusinsight.com
IE trusted site: HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\force.com -> hxxps://force.com
IE trusted site: HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\salesforce.com -> hxxps://salesforce.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-19 00:03 - 2018-05-05 20:54 - 000000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9B430201-3359-4E1E-AAE6-A1F2640DA5DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B1F7CA26-311C-446B-ACC2-BFEA3B94B354}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FFDB26FB-236F-48C6-A7F5-13C3B9BEEDF5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{208B9383-EEC8-40C6-B4E2-CE963B1A8DF8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{C920AED3-E4D3-4732-B960-75AF07E044BE}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [TCP Query User{00DDB732-EA9B-492B-8689-F4024F035DBC}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{D12BC59F-CD81-4C20-BEA2-3EB875AA1EA7}C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{A05C1104-D7F5-48B9-9A0D-EB0E7CCBCB01}C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{5098FE66-7A1D-4583-813B-25A83F624F24}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A2C402E1-FFF0-4B4D-83A6-09B8C07A35C6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CE5408CE-2F04-4074-A2A5-EC9369704A22}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FC2A089B-F234-421C-A494-D6E759C99201}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{89D98F43-3856-4F67-A4B7-72233ABDAD08}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{406A2F0B-1107-41DA-979D-687731930811}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{597E5BD0-314B-4B75-9B78-8A96A5B4C888}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{97D5EC18-4C98-4D35-BD80-DD5EB2BE7900}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{AD5DC62C-2FB2-4A89-A71F-51629C211304}C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{2C8A7640-8CB9-46EB-A5B1-01F983F0583E}C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{680D4BC1-4BF8-4FFA-B1E6-8291052C492F}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [UDP Query User{D43D3C54-DDC8-4F00-B803-9C6ADFF310C5}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [TCP Query User{3AC1239C-B641-4616-8CB0-DD658ABBEFAA}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{CCFF4B49-80E2-4E19-ACFC-4BA8CCD8D114}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [TCP Query User{0A168885-349C-4E18-BADB-E5411935E43B}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{B548945D-3692-4D68-BC0E-67AE3C900D55}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [{854FAAE4-A6DE-403D-A60E-17C0235B0627}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B395859C-C68F-419E-A1E8-CFC667214720}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{836BC635-75B0-446C-83F8-4C44F3F944C4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{A95A0412-82F3-4F2E-81BF-23E3D58E3628}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
20-06-2018 12:45:15 Scheduled Checkpoint
27-06-2018 15:20:37 Scheduled Checkpoint
09-07-2018 01:32:36 Scheduled Checkpoint
10-07-2018 12:34:01 SupportAssist_e4e2c783-7aa4-4f3c-9772-b223759d5526
11-07-2018 16:31:01 Windows Modules Installer
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2018 12:16:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante svchost.exe_SensorService, version : 10.0.17134.1, horodatage : 0xa38b9ab2
Nom du module défaillant : ESENT.dll, version : 10.0.17134.112, horodatage : 0xbce77d42
Code d’exception : 0xc0000602
Décalage d’erreur : 0x0000000000252de2
ID du processus défaillant : 0xc54
Heure de début de l’application défaillante : 0x01d419b4c466769c
Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe
Chemin d’accès du module défaillant: c:\windows\system32\ESENT.dll
ID de rapport : 48d4829c-fc5e-4a2e-b683-de6daae52301
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (07/12/2018 12:16:38 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (3156,G,0) Terminating process due to non-recoverable failure: PV: 10.0.17134.0 SV: 10.0.17134.0 GLE: 0 ERR: -266(bf.cxx:12814): dllentry.cxx(108) (ESENT[10.0.17134.0] RETAIL RTM MBCS). Tag: EnforceTag:InitdEseInstancesOnDllUnload.
Error: (07/12/2018 10:48:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante svchost.exe_SensorService, version : 10.0.17134.1, horodatage : 0xa38b9ab2
Nom du module défaillant : ESENT.dll, version : 10.0.17134.112, horodatage : 0xbce77d42
Code d’exception : 0xc0000602
Décalage d’erreur : 0x0000000000252de2
ID du processus défaillant : 0x1460
Heure de début de l’application défaillante : 0x01d41862dbb41bf9
Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe
Chemin d’accès du module défaillant: c:\windows\system32\ESENT.dll
ID de rapport : 67a9b6ff-4a4a-40fe-b18d-81984a9c7581
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (07/12/2018 10:48:17 AM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (5216,G,0) Terminating process due to non-recoverable failure: PV: 10.0.17134.0 SV: 10.0.17134.0 GLE: 0 ERR: 312(node.cxx:822): dllentry.cxx(108) (ESENT[10.0.17134.0] RETAIL RTM MBCS). Tag: EnforceTag:InitdEseInstancesOnDllUnload.
Error: (07/11/2018 09:48:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante DSAPI.exe, version : 6.0.6992.1229, horodatage : 0x5b356ad0
Nom du module défaillant : ucrtbase.dll, version : 10.0.17134.1, horodatage : 0x587decd7
Code d’exception : 0xc0000409
Décalage d’erreur : 0x000000000006e75e
ID du processus défaillant : 0x2e80
Heure de début de l’application défaillante : 0x01d4186323ba04b6
Chemin d’accès de l’application défaillante : C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1229\DSAPI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\System32\ucrtbase.dll
ID de rapport : cbc9083f-4374-44c3-af08-da9281d07728
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (07/10/2018 06:30:12 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-99SODBU$ via https://INTC-KeyId-6ca9df62a1aae23e0feb7c3f5eb8e61ecac17cb7.microsoftaik.azure.net/templates/Aik/scep :
GetCACaps
Méthode : GET(0ms)
Étape : GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (07/10/2018 06:30:08 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-99SODBU$ via https://INTC-KeyId-6ca9df62a1aae23e0feb7c3f5eb8e61ecac17cb7.microsoftaik.azure.net/templates/Aik/scep :
GetCACaps
Méthode : GET(172ms)
Étape : GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (07/10/2018 05:54:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-99SODBU$ via https://INTC-KeyId-6ca9df62a1aae23e0feb7c3f5eb8e61ecac17cb7.microsoftaik.azure.net/templates/Aik/scep :
GetCACaps
Méthode : GET(94ms)
Étape : GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
System errors:
=============
Error: (07/12/2018 02:35:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-99SODBU)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID DESKTOP-99SODBU\Bchiri de l’utilisateur (S-1-5-21-4091140688-1445887026-1692677957-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 02:35:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:17:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscDataProtection
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:17:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscBrokerManager
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:17:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-99SODBU)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscCloudBackupProvider
et l’APPID
Unavailable
au SID DESKTOP-99SODBU\Bchiri de l’utilisateur (S-1-5-21-4091140688-1445887026-1692677957-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:17:41 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-99SODBU)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID DESKTOP-99SODBU\Bchiri de l’utilisateur (S-1-5-21-4091140688-1445887026-1692677957-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:16:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Dell SupportAssist Remediation s’est terminé de façon inattendue pour la 1ème fois.
Error: (07/12/2018 12:16:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Dell Update Service s’est terminé de façon inattendue pour la 1ème fois.
Windows Defender:
===================================
Date: 2018-07-10 17:40:26.683
Description:
Antivirus Windows Defender a d?tect? un logiciel malveillant ou potentiellement ind?sirable.
Pour plus d’informations, reportez-vous aux ?l?ments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Vigorf.A&threatid=2147714397&enterprise=0
Nom : HackTool:Win32/Vigorf.A
ID : 2147714397
Gravit? : גבוה
Cat?gorie : כלי
Chemin : file:_C:\Users\Bchiri\Downloads\Microsoft Toolkit 2.5.2 Official Torrent\Microsoft Toolkit.exe
Origine de la d?tection : Ordinateur local
Type de d?tection : Chemin rapide
Source de d?tection : Syst?me
Utilisateur : NT AUTHORITY\SYSTEM
Nom du processus : Unknown
Version de la signature : AV: 1.271.767.0, AS: 1.271.767.0, NIS: 1.271.767.0
Version du moteur : AM: 1.1.15100.1, NIS: 1.1.15100.1
Date: 2018-07-10 17:40:22.565
Description:
Antivirus Windows Defender a d?tect? un logiciel malveillant ou potentiellement ind?sirable.
Pour plus d’informations, reportez-vous aux ?l?ments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nom : HackTool:Win32/AutoKMS
ID : 2147685180
Gravit? : גבוה
Cat?gorie : כלי
Chemin : file:_C:\Users\Bchiri\Downloads\Microsoft Toolkit 2.5.2 Official Torrent\Microsoft Toolkit.exe->[SAResource]->[MSILRES:?.?.resources]
Origine de la d?tection : Ordinateur local
Type de d?tection : Concret
Source de d?tection : Protection en temps r?el
Utilisateur : DESKTOP-99SODBU\Bchiri
Nom du processus : C:\Users\Bchiri\Downloads\ZHPCleaner.exe
Version de la signature : AV: 1.271.767.0, AS: 1.271.767.0, NIS: 1.271.767.0
Version du moteur : AM: 1.1.15100.1, NIS: 1.1.15100.1
Date: 2018-07-12 10:58:53.485
Description:
Antivirus Windows Defender a rencontr? une erreur lors d la mise ? jour des signatures.
Nouvelle version de la signature :
Version pr?c?dente de la signature : 1.271.771.0
Source de mise ? jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise ? jour : Complet
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur :
Version pr?c?dente du moteur : 1.1.15100.1
Code d’erreur : 0x80070422
Description de l’erreur : The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Date: 2018-07-12 10:38:10.561
Description:
Antivirus Windows Defender a rencontr? une erreur lors d la mise ? jour des signatures.
Nouvelle version de la signature :
Version pr?c?dente de la signature : 1.271.771.0
Source de mise ? jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise ? jour : Complet
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur :
Version pr?c?dente du moteur : 1.1.15100.1
Code d’erreur : 0x80070422
Description de l’erreur : The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Date: 2018-07-10 18:39:58.957
Description:
Antivirus Windows Defender a rencontr? une erreur lors d la mise ? jour des signatures.
Nouvelle version de la signature :
Version pr?c?dente de la signature : 1.271.771.0
Source de mise ? jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise ? jour : Complet
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur :
Version pr?c?dente du moteur : 1.1.15100.1
Code d’erreur : 0x80070422
Description de l’erreur : The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2018-07-10 15:39:31.279
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-10 15:39:31.273
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 22%
Total physical RAM: 16217.83 MB
Available physical RAM: 12640.77 MB
Total Virtual: 18649.83 MB
Available Virtual: 14577.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:463.5 GB) (Free:376.93 GB) NTFS
Drive d: () (Removable) (Total:29.16 GB) (Free:11.74 GB) FAT32
\\?\Volume{7f428c70-bee2-495a-bc34-7c53b08256f6}\ (WINRETOOLS) (Fixed) (Total:0.46 GB) (Free:0.1 GB) NTFS
\\?\Volume{77ce83a0-ad8f-4cc8-bb84-6f6ab7d57483}\ (Image) (Fixed) (Total:11.28 GB) (Free:0.18 GB) NTFS
\\?\Volume{172c8f85-cdb2-47c4-a7b4-a6bb348bb27f}\ (DELLSUPPORT) (Fixed) (Total:1.09 GB) (Free:0.13 GB) NTFS
\\?\Volume{138e96ac-93d9-4bd7-b018-8fb8b30e589a}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 676865BE)
Partition: GPT.
========================================================
Disk: 1 (Protective MBR) (Size: 29.2 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by Bchiri (12-07-2018 14:38:54)
Running from C:\Users\Bchiri\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-22 07:39:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4091140688-1445887026-1692677957-500 - Administrator - Disabled)
Bchiri (S-1-5-21-4091140688-1445887026-1692677957-1001 - Administrator - Enabled) => C:\Users\Bchiri
DefaultAccount (S-1-5-21-4091140688-1445887026-1692677957-503 - Limited - Disabled)
Guest (S-1-5-21-4091140688-1445887026-1692677957-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4091140688-1445887026-1692677957-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 9 Pro - English, Franחais, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.3.0 - Adobe Systems)
Adobe Acrobat 9.3.0 - CPSID_52073 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_930) (Version: - Adobe Systems Incorporated)
Bananatag for Outlook (HKLM-x32\...\Bananatag.OutlookAddIn) (Version: 2.0.64.0 - Bananatag)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Dell Digital Delivery (HKLM-x32\...\{824A41E2-5C69-421C-8991-5351D7C3E6BF}) (Version: 3.3.1001.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{9074E264-F615-4DDE-969E-1FDBCFEC3FB5}) (Version: 2.2.2.7 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 53.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
FX Junction Bridge (EA) (HKLM-x32\...\FX Junction Bridge (EA)) (Version: - )
FXCM Trading Station Desktop (HKLM-x32\...\FXTS2) (Version: - Forex Capital Markets, LLC ("FXCM LLC"))
FxPro - MetaTrader 4 (HKLM-x32\...\FxPro - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.1.22 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{98970ddc-844d-4ec3-b93e-52f5f693b305}) (Version: 3.10.100.3429 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{9315B8DE-B183-4126-A69E-150B8ABF3690}) (Version: 3.10.100.3429 - Intel Corporation) Hidden
join.me (HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\JoinMe) (Version: 3.9.0.5408 - LogMeIn, Inc.)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9233.1 - Waves Audio Ltd.) Hidden
MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NinjaTrader 8 (HKLM-x32\...\{A8D70A58-ADE5-4C5F-B370-2A7E02891E5E}) (Version: 8.0.14.0 - NinjaTrader, LLC)
OpenVPN 2.3.12-I602 (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.40 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8184 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.15063.11275 - Realtek Semiconductor Corp.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Transcriber 1.5.1 (HKLM-x32\...\Transcriber_is1) (Version: - DGA)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\WhatsApp) (Version: 0.2.9998 - WhatsApp)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
תוכנת Intel® Chipset Device (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4091140688-1445887026-1692677957-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2009-12-21] (Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-10] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_842874489af34daa\igfxDTCM.dll [2018-04-03] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu64.dll [2009-12-21] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06AE3776-0332-433B-B523-847E71D3A940} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-10] (Microsoft Corporation)
Task: {07E1522B-94DD-46B2-9E00-9C4664149AAE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0E3F312D-DC2C-4585-A99A-A98EE5063AF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-10] (Microsoft Corporation)
Task: {1A18BD47-C488-41A8-B108-D71520DCFF63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-19] (Google Inc.)
Task: {1D69C20B-2FD8-42CC-B9A5-A4D3A4B6B37F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-19] (Google Inc.)
Task: {2786681B-C821-4FFD-88FA-B5C599E14F9F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {351E7858-50B5-464E-BA5D-0FCF786EC4E5} - System32\Tasks\RimonCrt => C:\RimonCrt\RimonCrt.exe [2018-03-20] ()
Task: {3558C37B-86C1-4B71-BEA4-69E6D7D52517} - System32\Tasks\S-1-5-21-4091140688-1445887026-1692677957-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {3CB2D7A0-D388-46AC-80E5-0609C4571AF2} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-03-20] (DELL)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6EA538EA-53F4-4C1F-9B17-C8E0D3AB9CE9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-02-24] (Intel(R) Corporation)
Task: {8EE5A7CD-3E24-45B8-BA03-F0E8340A555D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {A1D961D1-EFC8-4169-82D5-34FF60D1D09B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-20] (Dropbox, Inc.)
Task: {B566E23E-8F9A-4F18-B13E-81013496BB80} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {CFB505A5-F3A7-4B39-AA6C-69212E7E158C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-10] (Microsoft Corporation)
Task: {DFE30926-045D-497B-9351-AEC5BF7A3483} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E03CB64A-5239-4747-AF05-73D3F5FC8EA9} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-06-30] (Dell Inc.)
Task: {E0BCE477-C43D-4964-89F0-EE2B30938105} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-20] (Dropbox, Inc.)
Task: {F3912609-DFC9-4D2F-B95C-F1D19D02044D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-07-10] (Microsoft Corporation)
Task: {FBA8723C-2B7B-4EAA-9978-B5ADC92736DC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-99SODBU-Bchiri DESKTOP-99SODBU => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {FCC8B40C-7F67-4F78-BB8E-697DA01F0DF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 02:34 - 2018-04-12 02:34 - 001310208 _____ () c:\windows\system32\FaceProcessor.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000542888 _____ () c:\windows\system32\FaceProcessorCore.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 001348664 _____ () c:\windows\system32\FaceTrackerInternal.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-07-09 13:04 - 2018-07-09 13:04 - 002587968 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1229\libprotobuf.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-12 22:11 - 2018-06-08 11:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-23 13:10 - 2018-05-23 13:11 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 13:10 - 2018-05-23 13:11 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-23 13:10 - 2018-05-23 13:11 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-23 13:10 - 2018-05-23 13:11 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-23 13:10 - 2018-05-23 13:11 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-06-25 21:50 - 2018-06-22 22:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-25 21:50 - 2018-06-22 22:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2017-07-28 13:48 - 2017-07-28 13:48 - 000140664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2018-07-12 10:34 - 2018-07-10 23:49 - 001107648 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-07-12 10:34 - 2018-07-10 23:49 - 002079424 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-05-15 04:00 - 2018-07-10 23:54 - 000021704 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000135656 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 001881816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000111576 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-05-15 04:00 - 2018-07-10 23:49 - 000103392 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000069320 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000080064 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000399832 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-05-15 04:00 - 2018-07-10 23:49 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000043496 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000021472 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000124896 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000114664 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000392392 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000028896 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000024552 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000175584 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000026080 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000024272 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000048616 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000057824 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000022728 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000025296 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000070360 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000026336 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 003866304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000089272 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 001800896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 001960640 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000155856 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000521920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000051400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000043720 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000131264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000220872 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000205512 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000060896 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000056536 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000024040 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000024792 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000022752 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000023768 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000028392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:49 - 000348128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000102088 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000024800 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000026840 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-07-12 10:34 - 2018-07-10 23:52 - 000034528 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:49 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-05-15 04:00 - 2018-07-10 23:54 - 000023776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000181432 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-05-15 04:00 - 2018-07-10 23:54 - 000031952 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:52 - 000024752 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-07-12 10:34 - 2018-07-10 23:52 - 001638576 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-05-15 04:00 - 2018-07-10 23:54 - 000090840 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp35-win32.pyd
2018-05-15 04:00 - 2018-07-10 23:54 - 000027352 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000547008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-07-12 10:34 - 2018-07-10 23:53 - 000360128 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
2017-12-03 13:02 - 2009-02-27 17:32 - 000020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.fra
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Bchiri\Documents\Torah:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\cirrusinsight.com -> hxxps://cirrusinsight.com
IE trusted site: HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\force.com -> hxxps://force.com
IE trusted site: HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\...\salesforce.com -> hxxps://salesforce.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-19 00:03 - 2018-05-05 20:54 - 000000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4091140688-1445887026-1692677957-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9B430201-3359-4E1E-AAE6-A1F2640DA5DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B1F7CA26-311C-446B-ACC2-BFEA3B94B354}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FFDB26FB-236F-48C6-A7F5-13C3B9BEEDF5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{208B9383-EEC8-40C6-B4E2-CE963B1A8DF8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{C920AED3-E4D3-4732-B960-75AF07E044BE}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [TCP Query User{00DDB732-EA9B-492B-8689-F4024F035DBC}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{D12BC59F-CD81-4C20-BEA2-3EB875AA1EA7}C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{A05C1104-D7F5-48B9-9A0D-EB0E7CCBCB01}C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{5098FE66-7A1D-4583-813B-25A83F624F24}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A2C402E1-FFF0-4B4D-83A6-09B8C07A35C6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CE5408CE-2F04-4074-A2A5-EC9369704A22}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FC2A089B-F234-421C-A494-D6E759C99201}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{89D98F43-3856-4F67-A4B7-72233ABDAD08}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{406A2F0B-1107-41DA-979D-687731930811}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{597E5BD0-314B-4B75-9B78-8A96A5B4C888}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{97D5EC18-4C98-4D35-BD80-DD5EB2BE7900}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{AD5DC62C-2FB2-4A89-A71F-51629C211304}C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{2C8A7640-8CB9-46EB-A5B1-01F983F0583E}C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bchiri\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{680D4BC1-4BF8-4FFA-B1E6-8291052C492F}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [UDP Query User{D43D3C54-DDC8-4F00-B803-9C6ADFF310C5}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [TCP Query User{3AC1239C-B641-4616-8CB0-DD658ABBEFAA}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{CCFF4B49-80E2-4E19-ACFC-4BA8CCD8D114}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [TCP Query User{0A168885-349C-4E18-BADB-E5411935E43B}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{B548945D-3692-4D68-BC0E-67AE3C900D55}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [{854FAAE4-A6DE-403D-A60E-17C0235B0627}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B395859C-C68F-419E-A1E8-CFC667214720}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{836BC635-75B0-446C-83F8-4C44F3F944C4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{A95A0412-82F3-4F2E-81BF-23E3D58E3628}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
20-06-2018 12:45:15 Scheduled Checkpoint
27-06-2018 15:20:37 Scheduled Checkpoint
09-07-2018 01:32:36 Scheduled Checkpoint
10-07-2018 12:34:01 SupportAssist_e4e2c783-7aa4-4f3c-9772-b223759d5526
11-07-2018 16:31:01 Windows Modules Installer
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2018 12:16:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante svchost.exe_SensorService, version : 10.0.17134.1, horodatage : 0xa38b9ab2
Nom du module défaillant : ESENT.dll, version : 10.0.17134.112, horodatage : 0xbce77d42
Code d’exception : 0xc0000602
Décalage d’erreur : 0x0000000000252de2
ID du processus défaillant : 0xc54
Heure de début de l’application défaillante : 0x01d419b4c466769c
Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe
Chemin d’accès du module défaillant: c:\windows\system32\ESENT.dll
ID de rapport : 48d4829c-fc5e-4a2e-b683-de6daae52301
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (07/12/2018 12:16:38 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (3156,G,0) Terminating process due to non-recoverable failure: PV: 10.0.17134.0 SV: 10.0.17134.0 GLE: 0 ERR: -266(bf.cxx:12814): dllentry.cxx(108) (ESENT[10.0.17134.0] RETAIL RTM MBCS). Tag: EnforceTag:InitdEseInstancesOnDllUnload.
Error: (07/12/2018 10:48:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante svchost.exe_SensorService, version : 10.0.17134.1, horodatage : 0xa38b9ab2
Nom du module défaillant : ESENT.dll, version : 10.0.17134.112, horodatage : 0xbce77d42
Code d’exception : 0xc0000602
Décalage d’erreur : 0x0000000000252de2
ID du processus défaillant : 0x1460
Heure de début de l’application défaillante : 0x01d41862dbb41bf9
Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe
Chemin d’accès du module défaillant: c:\windows\system32\ESENT.dll
ID de rapport : 67a9b6ff-4a4a-40fe-b18d-81984a9c7581
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (07/12/2018 10:48:17 AM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (5216,G,0) Terminating process due to non-recoverable failure: PV: 10.0.17134.0 SV: 10.0.17134.0 GLE: 0 ERR: 312(node.cxx:822): dllentry.cxx(108) (ESENT[10.0.17134.0] RETAIL RTM MBCS). Tag: EnforceTag:InitdEseInstancesOnDllUnload.
Error: (07/11/2018 09:48:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante DSAPI.exe, version : 6.0.6992.1229, horodatage : 0x5b356ad0
Nom du module défaillant : ucrtbase.dll, version : 10.0.17134.1, horodatage : 0x587decd7
Code d’exception : 0xc0000409
Décalage d’erreur : 0x000000000006e75e
ID du processus défaillant : 0x2e80
Heure de début de l’application défaillante : 0x01d4186323ba04b6
Chemin d’accès de l’application défaillante : C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1229\DSAPI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\System32\ucrtbase.dll
ID de rapport : cbc9083f-4374-44c3-af08-da9281d07728
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (07/10/2018 06:30:12 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-99SODBU$ via https://INTC-KeyId-6ca9df62a1aae23e0feb7c3f5eb8e61ecac17cb7.microsoftaik.azure.net/templates/Aik/scep :
GetCACaps
Méthode : GET(0ms)
Étape : GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (07/10/2018 06:30:08 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-99SODBU$ via https://INTC-KeyId-6ca9df62a1aae23e0feb7c3f5eb8e61ecac17cb7.microsoftaik.azure.net/templates/Aik/scep :
GetCACaps
Méthode : GET(172ms)
Étape : GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (07/10/2018 05:54:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-99SODBU$ via https://INTC-KeyId-6ca9df62a1aae23e0feb7c3f5eb8e61ecac17cb7.microsoftaik.azure.net/templates/Aik/scep :
GetCACaps
Méthode : GET(94ms)
Étape : GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
System errors:
=============
Error: (07/12/2018 02:35:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-99SODBU)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID DESKTOP-99SODBU\Bchiri de l’utilisateur (S-1-5-21-4091140688-1445887026-1692677957-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 02:35:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:17:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscDataProtection
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:17:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscBrokerManager
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:17:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-99SODBU)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscCloudBackupProvider
et l’APPID
Unavailable
au SID DESKTOP-99SODBU\Bchiri de l’utilisateur (S-1-5-21-4091140688-1445887026-1692677957-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:17:41 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-99SODBU)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID DESKTOP-99SODBU\Bchiri de l’utilisateur (S-1-5-21-4091140688-1445887026-1692677957-1001) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (07/12/2018 12:16:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Dell SupportAssist Remediation s’est terminé de façon inattendue pour la 1ème fois.
Error: (07/12/2018 12:16:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Dell Update Service s’est terminé de façon inattendue pour la 1ème fois.
Windows Defender:
===================================
Date: 2018-07-10 17:40:26.683
Description:
Antivirus Windows Defender a d?tect? un logiciel malveillant ou potentiellement ind?sirable.
Pour plus d’informations, reportez-vous aux ?l?ments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Vigorf.A&threatid=2147714397&enterprise=0
Nom : HackTool:Win32/Vigorf.A
ID : 2147714397
Gravit? : גבוה
Cat?gorie : כלי
Chemin : file:_C:\Users\Bchiri\Downloads\Microsoft Toolkit 2.5.2 Official Torrent\Microsoft Toolkit.exe
Origine de la d?tection : Ordinateur local
Type de d?tection : Chemin rapide
Source de d?tection : Syst?me
Utilisateur : NT AUTHORITY\SYSTEM
Nom du processus : Unknown
Version de la signature : AV: 1.271.767.0, AS: 1.271.767.0, NIS: 1.271.767.0
Version du moteur : AM: 1.1.15100.1, NIS: 1.1.15100.1
Date: 2018-07-10 17:40:22.565
Description:
Antivirus Windows Defender a d?tect? un logiciel malveillant ou potentiellement ind?sirable.
Pour plus d’informations, reportez-vous aux ?l?ments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nom : HackTool:Win32/AutoKMS
ID : 2147685180
Gravit? : גבוה
Cat?gorie : כלי
Chemin : file:_C:\Users\Bchiri\Downloads\Microsoft Toolkit 2.5.2 Official Torrent\Microsoft Toolkit.exe->[SAResource]->[MSILRES:?.?.resources]
Origine de la d?tection : Ordinateur local
Type de d?tection : Concret
Source de d?tection : Protection en temps r?el
Utilisateur : DESKTOP-99SODBU\Bchiri
Nom du processus : C:\Users\Bchiri\Downloads\ZHPCleaner.exe
Version de la signature : AV: 1.271.767.0, AS: 1.271.767.0, NIS: 1.271.767.0
Version du moteur : AM: 1.1.15100.1, NIS: 1.1.15100.1
Date: 2018-07-12 10:58:53.485
Description:
Antivirus Windows Defender a rencontr? une erreur lors d la mise ? jour des signatures.
Nouvelle version de la signature :
Version pr?c?dente de la signature : 1.271.771.0
Source de mise ? jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise ? jour : Complet
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur :
Version pr?c?dente du moteur : 1.1.15100.1
Code d’erreur : 0x80070422
Description de l’erreur : The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Date: 2018-07-12 10:38:10.561
Description:
Antivirus Windows Defender a rencontr? une erreur lors d la mise ? jour des signatures.
Nouvelle version de la signature :
Version pr?c?dente de la signature : 1.271.771.0
Source de mise ? jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise ? jour : Complet
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur :
Version pr?c?dente du moteur : 1.1.15100.1
Code d’erreur : 0x80070422
Description de l’erreur : The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Date: 2018-07-10 18:39:58.957
Description:
Antivirus Windows Defender a rencontr? une erreur lors d la mise ? jour des signatures.
Nouvelle version de la signature :
Version pr?c?dente de la signature : 1.271.771.0
Source de mise ? jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise ? jour : Complet
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur :
Version pr?c?dente du moteur : 1.1.15100.1
Code d’erreur : 0x80070422
Description de l’erreur : The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2018-07-10 15:39:31.279
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-07-10 15:39:31.273
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 22%
Total physical RAM: 16217.83 MB
Available physical RAM: 12640.77 MB
Total Virtual: 18649.83 MB
Available Virtual: 14577.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:463.5 GB) (Free:376.93 GB) NTFS
Drive d: () (Removable) (Total:29.16 GB) (Free:11.74 GB) FAT32
\\?\Volume{7f428c70-bee2-495a-bc34-7c53b08256f6}\ (WINRETOOLS) (Fixed) (Total:0.46 GB) (Free:0.1 GB) NTFS
\\?\Volume{77ce83a0-ad8f-4cc8-bb84-6f6ab7d57483}\ (Image) (Fixed) (Total:11.28 GB) (Free:0.18 GB) NTFS
\\?\Volume{172c8f85-cdb2-47c4-a7b4-a6bb348bb27f}\ (DELLSUPPORT) (Fixed) (Total:1.09 GB) (Free:0.13 GB) NTFS
\\?\Volume{138e96ac-93d9-4bd7-b018-8fb8b30e589a}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.42 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 676865BE)
Partition: GPT.
========================================================
Disk: 1 (Protective MBR) (Size: 29.2 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================