Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 03-08-2016 Exécuté par rapha (2018-11-02 18:54:47) Exécuté depuis C:\Users\rapha\Downloads Windows 10 Home Version 1803 (X64) (2018-10-28 12:36:22) Mode d'amorçage: Normal ========================================================== ==================== Comptes: ============================= Administrateur (S-1-5-21-2279163811-486590336-219774335-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2279163811-486590336-219774335-503 - Limited - Disabled) Invité (S-1-5-21-2279163811-486590336-219774335-501 - Limited - Disabled) rapha (S-1-5-21-2279163811-486590336-219774335-1001 - Administrator - Enabled) => C:\Users\rapha WDAGUtilityAccount (S-1-5-21-2279163811-486590336-219774335-504 - Limited - Disabled) ==================== Centre de sécurité ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8} AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programmes installés ====================== (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.) AdGuard (HKLM-x32\...\{61fb8e5f-dbdc-4481-bdee-fc580ad25a97}) (Version: 6.4.1814.4903 - Adguard Software Ltd) AdGuard (x32 Version: 6.4.1814.4903 - Adguard Software Ltd) Hidden Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated) IObit Malware Fighter 6 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 6.3 - IObit) Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Kaspersky Free (x32 Version: 19.0.0.1088 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Kaspersky Secure Connection (x32 Version: 19.0.0.1088 - Kaspersky Lab) Hidden Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-2279163811-486590336-219774335-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation) Mozilla Firefox 63.0 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0 (x64 en-US)) (Version: 63.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0 - Mozilla) Panneau de configuration NVIDIA 382.05 (Version: 382.05 - NVIDIA Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7954 - Realtek Semiconductor Corp.) SpyShelter Premium 11.2 (HKLM\...\Spyshelter_is1) (Version: 11.2 - Datpol) ==================== Personnalisé CLSID (Avec liste blanche): ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) CustomCLSID: HKU\S-1-5-21-2279163811-486590336-219774335-1001_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\localserver32 -> C:\Users\rapha\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2279163811-486590336-219774335-1001_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\localserver32 -> C:\Users\rapha\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2279163811-486590336-219774335-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\rapha\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2279163811-486590336-219774335-1001_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\localserver32 -> C:\Users\rapha\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2279163811-486590336-219774335-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\rapha\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2279163811-486590336-219774335-1001_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\localserver32 -> C:\Users\rapha\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileCoAuth.exe (Microsoft Corporation) ==================== Tâches planifiées (Avec liste blanche) ============= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {0D2CC257-CC56-41EC-B8A0-325430593755} - System32\Tasks\Microsoft\Windows\USB\Usb-Notifications Task: {11FD2C46-7924-42FF-BECB-17055F1908A6} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession Task: {15B4E460-A99D-4330-9028-D94CF984A483} - System32\Tasks\Microsoft\Windows\SMB\UninstallSMB1ServerTask => powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" Task: {1F1FA02E-D4EE-4092-856A-58868BA04565} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand Task: {29C83479-B886-41D8-817C-9D4345D587E8} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation Task: {29ED27F7-B35A-42C5-A162-3EEF65754B3C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback Task: {36C18466-7B24-47F5-BFF6-195B9750ABC9} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => C:\Windows\System32\UNP\UpdateNotificationMgr.exe [2018-07-15] (Microsoft Corporation) Task: {3ADEFDD9-3F34-42CF-B640-F7636158157D} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange Task: {46BE6519-C277-4618-A822-37EDC90389FC} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates Task: {5FA55072-C996-44DE-9638-2C81D1D68B4F} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2018-04-12] (Microsoft Corporation) Task: {6259EBD3-3F2D-4CC9-A603-7BC81E75844E} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task Task: {63A76B8C-9378-4B97-BA46-4CC38BBF82AA} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates Task: {68CD8004-BAAA-460D-A5D4-98982F560CCF} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2018-07-11] (Microsoft Corporation) Task: {69091829-AA18-4B3D-ADFD-D1F6CB2B1B09} - System32\Tasks\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask Task: {7243DED8-4CF7-4006-B348-C3D45A761ACB} - System32\Tasks\Microsoft\Windows\EDP\StorageCardEncryption Task Task: {72A52543-6161-4346-9C79-C2A152618FC8} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance Task: {7FB3A1EF-0959-4955-8C28-8BE82B412822} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] () Task: {81AC25FA-8421-4FB4-9A0D-509A37412F0C} - System32\Tasks\Microsoft\Windows\PushToInstall\Registration => Sc.exe start pushtoinstall registration Task: {8940D615-30C9-418E-A2CF-2A5A5218C552} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand Task: {8CD22648-1DA3-4B41-8B64-4E45C6876F51} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources Task: {8D196D40-C5B5-4715-AFBA-C9D16A940AD2} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2018-04-12] (Microsoft Corporation) Task: {914E69FD-8803-468D-9D2F-257E7B0B526A} - System32\Tasks\Microsoft\Windows\Printing\EduPrintProv => C:\Windows\system32\eduprintprov.exe [2018-04-12] (Microsoft Corporation) Task: {9A905A74-63E4-4E95-BD43-CC2D857187E8} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\ClipRenew.exe [2018-04-12] (Microsoft Corporation) Task: {9F577F45-5B71-44E2-A79C-FA87AD514DC3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2279163811-486590336-219774335-1001 => C:\Users\rapha\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [2018-10-28] (Microsoft Corporation) Task: {A3579EEF-A93F-4159-A6AC-7AF944B4AC5B} - System32\Tasks\Microsoft\Windows\DirectX\DXGIAdapterCache => C:\Windows\system32\dxgiadaptercache.exe [2018-04-12] (Microsoft Corporation) Task: {A4A63700-B186-4EDD-B6EF-ACC335B4187A} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry Task: {A5B57F43-D47A-4691-B80F-44381EF0041A} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2018-04-12] (Microsoft Corporation) Task: {AA0E91B6-BCDE-415D-836F-9641E149EB30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {AB53A075-EF06-404B-AB89-E49E7416D077} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense Task: {AFA4E362-9BC9-4516-B08D-4C6D8CAFE435} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange Task: {B2CC5144-AB88-4FD7-B232-63DA1872FA1E} - System32\Tasks\Microsoft\Windows\Chkdsk\SyspartRepair => C:\Windows\system32\bcdboot.exe [2018-04-12] (Microsoft Corporation) Task: {BEFD4011-9E84-4514-9E58-8DF23CE28CAA} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task Task: {C2973923-B5ED-43DC-A26A-A92211B2515C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask Task: {C61688A0-6F8B-4604-AECD-553955DCA0CE} - System32\Tasks\Microsoft\Windows\SMB\UninstallSMB1ClientTask => powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" Task: {CD59335B-148D-4F71-9E20-8F74A7BB9B8D} - System32\Tasks\Microsoft\Windows\EDP\EDP Inaccessible Credentials Task Task: {CDB1234B-893A-475D-938C-AC66FF201EF9} - System32\Tasks\Microsoft\Windows\PushToInstall\LoginCheck => Sc.exe start pushtoinstall login Task: {D7A36CB1-BF64-4528-A502-A2808705FDEE} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdates Task: {D88CC3B1-8023-4AEE-9E82-8B277210418F} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged Task: {DC9E6E0E-E540-4DD4-B34D-5D7E0500ADBE} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\ClipRenew.exe [2018-04-12] (Microsoft Corporation) Task: {E0191166-497C-4E80-8BB8-DA7A0FE4E870} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh Task: {E09E5F85-F4DE-4583-9F7F-C120AAA0C759} - System32\Tasks\Microsoft\Windows\Speech\HeadsetButtonPress => C:\Windows\system32\speech_onecore\common\SpeechRuntime.exe [2018-07-11] (Microsoft Corporation) Task: {E419CBCC-E76A-42C2-B3B2-6C2C31190301} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask Task: {E97E3BF9-8396-498B-8AEB-699643A46A6A} - System32\Tasks\Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh Task: {EDA5CF63-3B89-4721-A4AC-26A2B6EFCD18} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdatesAsUser Task: {EFAA6A76-A304-4882-B964-6A553F9E62D6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2018-04-12] (Microsoft Corporation) Task: {FBB68133-D062-4F7B-A8DE-CD762AD9B54B} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2018-07-11] (Microsoft Corporation) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Raccourcis ============================= (Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.) ==================== Modules chargés (Avec liste blanche) ============== 2018-10-29 17:49 - 2018-10-18 09:44 - 02695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-10-29 17:49 - 2018-10-18 09:44 - 02821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 00491744 ____N () C:\Windows\System32\InputHost.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 00472064 ____N () C:\Windows\ShellExperiences\TileControl.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 02759168 ____N () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 00491744 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 00491744 ____N () C:\WINDOWS\SYSTEM32\InputHost.dll 2018-10-10 19:09 - 2018-09-20 04:38 - 02185728 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-10-28 14:01 - 2018-10-28 14:01 - 00009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll 2018-10-28 14:01 - 2018-10-28 14:01 - 00060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll 2018-10-28 14:01 - 2018-10-28 14:02 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll 2018-10-28 14:01 - 2018-10-28 14:01 - 10978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll 2018-10-28 14:01 - 2018-10-28 14:02 - 02810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll 2018-10-28 14:01 - 2018-10-28 14:01 - 00685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-10-28 14:01 - 2018-10-28 14:02 - 00183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 2018-04-12 00:34 - 2018-04-12 00:34 - 00491744 ____N () C:\WINDOWS\system32\InputHost.dll 2018-10-22 17:06 - 2018-10-22 17:06 - 02115944 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL 2018-10-22 17:06 - 2018-10-22 17:06 - 00168808 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL 2017-03-15 18:08 - 2017-03-15 18:08 - 00732672 _____ () C:\Program Files (x86)\Adguard\brolib32.dll 2018-10-28 16:01 - 2018-05-14 15:45 - 00152848 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll 2018-10-28 16:01 - 2018-01-22 19:00 - 00442128 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl 2018-10-28 16:01 - 2018-01-22 19:00 - 00210704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl 2018-10-28 16:01 - 2018-01-22 19:00 - 00059664 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl ==================== Alternate Data Streams (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.) AlternateDataStreams: C:\Users\rapha\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118] ==================== Mode sans échec (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1" ==================== Association (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.) ==================== Internet Explorer sites de confiance/sensibles =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.) ==================== Hosts contenu: =============================== (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.) 2018-10-28 13:15 - 2018-10-28 13:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Autres zones ============================ (Actuellement, il n'y a pas de correction automatique pour cette section.) HKU\S-1-5-21-2279163811-486590336-219774335-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Le Pare-feu est activé. ==================== MSCONFIG/TASK MANAGER éléments désactivés == (Actuellement, il n'y a pas de correction automatique pour cette section.) ==================== RèglesPare-feu (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe FirewallRules: [{A4B4D7A7-43DA-4C89-BE60-0CA66D57120D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{7CB3EA58-EB77-468F-834E-1E763C629B49}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{988F4EBB-30AC-4968-A3FE-26C0BB337D2A}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe ==================== Points de restauration ========================= 29-10-2018 06:00:38 Windows Update ==================== Éléments en erreur du Gestionnaire de périphériques ============= ==================== Erreurs du Journal des événements: ========================= Erreurs Application: ================== Error: (10/29/2018 05:57:17 AM) (Source: Adguard) (EventID: 0) (User: ) Description: Switching logger to invalid state because of System.ObjectDisposedException: Impossible d'accéder à un fichier fermé. Source: mscorlib Stack trace: à System.IO.__Error.FileNotOpen() à System.IO.FileStream.get_Length() à Microsoft.VisualBasic.Logging.FileLogTraceListener.ResourcesAvailable(Int64 newEntrySize) à Microsoft.VisualBasic.Logging.FileLogTraceListener.WriteLine(String message) à Adguard.Commons.Utils.Logger.TraceLine(TraceLevel level, String message) Error: (10/28/2018 06:37:19 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (10/28/2018 06:37:18 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (10/28/2018 02:06:09 PM) (Source: MsiInstaller) (EventID: 1023) (User: AUTORITE NT) Description: Produit : Kaspersky Free - La mise à jour ‘KIS 2019 MP0 family (Patch c)’ n’a pas pu être installée. Code d’erreur 1603. Des informations supplémentaires sont disponibles dans le fichier journal C:\WINDOWS\TEMP\MSIdc9da.LOG. Error: (10/28/2018 01:51:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante SystemSettings.exe, version : 10.0.17134.112, horodatage : 0x2a3c4e62 Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.17134.81, horodatage : 0x4f4899f8 Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000006a4e02 ID du processus défaillant : 0x1bb4 Heure de début de l’application défaillante : 0xSystemSettings.exe0 Chemin d’accès de l’application défaillante : SystemSettings.exe1 Chemin d’accès du module défaillant: SystemSettings.exe2 ID de rapport : SystemSettings.exe3 Nom complet du package défaillant : SystemSettings.exe4 ID de l’application relative au package défaillant : SystemSettings.exe5 Error: (10/28/2018 01:36:49 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Erreur lors de la mise à jour du statut Windows Defender vers SECURITY_PRODUCT_STATE_ON. Error: (10/28/2018 01:36:49 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Erreur lors de la mise à jour du statut Windows Defender vers SECURITY_PRODUCT_STATE_ON. Erreurs système: ============= Error: (11/02/2018 06:42:55 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT) Description: propres à l’applicationLocalExécutionWindows.SecurityCenter.WscBrokerManagerNon disponibleAUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible Error: (11/02/2018 06:42:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGMAVL) Description: propres à l’applicationLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}DESKTOP-MBGMAVLraphaS-1-5-21-2279163811-486590336-219774335-1001LocalHost (avec LRPC)Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewyS-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 Error: (11/01/2018 08:07:53 PM) (Source: DCOM) (EventID: 10010) (User: AUTORITE NT) Description: {924DC564-16A6-42EB-929A-9A61FA7DA06F} Error: (11/01/2018 08:07:53 PM) (Source: DCOM) (EventID: 10010) (User: AUTORITE NT) Description: {924DC564-16A6-42EB-929A-9A61FA7DA06F} Error: (11/01/2018 11:36:50 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGMAVL) Description: propres à l’applicationLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}DESKTOP-MBGMAVLraphaS-1-5-21-2279163811-486590336-219774335-1001LocalHost (avec LRPC)Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewyS-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 Error: (11/01/2018 11:36:45 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGMAVL) Description: propres à l’applicationLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}DESKTOP-MBGMAVLraphaS-1-5-21-2279163811-486590336-219774335-1001LocalHost (avec LRPC)Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewyS-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 Error: (11/01/2018 11:36:32 AM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT) Description: propres à l’applicationLocalExécutionWindows.SecurityCenter.WscBrokerManagerNon disponibleAUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible Error: (11/01/2018 11:36:27 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGMAVL) Description: propres à l’applicationLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}DESKTOP-MBGMAVLraphaS-1-5-21-2279163811-486590336-219774335-1001LocalHost (avec LRPC)Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewyS-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 Error: (11/01/2018 11:36:11 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGMAVL) Description: propres à l’applicationLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}DESKTOP-MBGMAVLraphaS-1-5-21-2279163811-486590336-219774335-1001LocalHost (avec LRPC)Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewyS-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 Error: (11/01/2018 11:35:59 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MBGMAVL) Description: propres à l’applicationLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}DESKTOP-MBGMAVLraphaS-1-5-21-2279163811-486590336-219774335-1001LocalHost (avec LRPC)Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewyS-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 CodeIntegrity: =================================== Date: 2018-11-02 18:40:34.400 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\TVMonitor.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-11-01 11:54:33.165 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-11-01 11:54:33.165 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-11-01 11:33:30.471 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\TVMonitor.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-10-31 06:07:43.460 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-31 06:07:43.460 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-31 06:00:00.527 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\TVMonitor.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-10-30 07:23:37.677 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-30 07:23:37.677 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-30 07:12:43.902 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\TVMonitor.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Infos Mémoire =========================== Processeur: Intel(R) Core(TM) i3-7100 CPU @ 3.90GHz Pourcentage de mémoire utilisée: 39% Mémoire physique - RAM - totale: 8148.46 MB Mémoire physique - RAM - disponible: 4915.61 MB Mémoire virtuelle totale: 10068.46 MB Mémoire virtuelle disponible: 6379.98 MB ==================== Lecteurs ================================ Drive c: (Acer) (Fixed) (Total:465.2 GB) (Free:294.92 GB) NTFS Drive d: (DATA) (Fixed) (Total:465.2 GB) (Free:326.69 GB) NTFS ==================== MBR & Table des partitions ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 4E131614) Partition: GPT. ==================== Fin de Addition.txt ============================