Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 02-06-2021 Exécuté par Benjamin (04-06-2021 09:31:58) Exécuté depuis C:\Users\med\Desktop Windows 10 Home Version 2004 19041.985 (X64) (2021-02-01 12:05:38) Mode d'amorçage: Normal ========================================================== ==================== Comptes: ============================= Administrateur (S-1-5-21-1524576055-28628056-1756210282-500 - Administrator - Disabled) Benjamin (S-1-5-21-1524576055-28628056-1756210282-1001 - Administrator - Enabled) => C:\Users\med DefaultAccount (S-1-5-21-1524576055-28628056-1756210282-503 - Limited - Disabled) Invité (S-1-5-21-1524576055-28628056-1756210282-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1524576055-28628056-1756210282-504 - Limited - Disabled) ==================== Centre de sécurité ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58} ==================== Programmes installés ====================== (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.) Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated) Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.4.17510 - Avira Operations GmbH & Co. KG) Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 2.4.0.1962 - Avira Operations GmbH & Co. KG) Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;) Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG) Hidden Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated) ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.2.19322.0 - Acer) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.0.1000 - Intel Corporation) Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation) Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Logiciel pour périphérique à chipset Intel® (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes) Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.14026.20246 - Microsoft Corporation) Microsoft 365 Apps for business - fr-fr (HKLM\...\O365BusinessRetail - fr-fr) (Version: 16.0.14026.20246 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.37 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.37 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1524576055-28628056-1756210282-1001\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1524576055-28628056-1756210282-1001\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.6.0 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden PDF Architect 7 (HKLM-x32\...\PDF Architect 7) (Version: 7.1.13.1755 - pdfforge GmbH) PDF Architect 7 Edit Module (HKLM\...\{BA2C2671-B379-4101-A21C-4C549671FC8D}) (Version: 7.1.14.4969 - pdfforge GmbH) Hidden PDF Architect 7 View Module (HKLM\...\{E947A304-6110-4CFE-98AD-E6909072E87D}) (Version: 7.1.14.4969 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{00010FEF-82A2-497E-983A-7105A0165FA7}) (Version: 4.0.1 - pdfforge GmbH) QUAD-CAPTURE Driver (HKLM\...\RolandRDID0117) (Version: - Roland Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek) Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation) Skype version 8.72 (HKLM-x32\...\Skype_is1) (Version: 8.72 - Skype Technologies S.A.) Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.34161 - Microsoft Corporation) WhatsApp (HKU\S-1-5-21-1524576055-28628056-1756210282-1001\...\WhatsApp) (Version: 2.2119.6 - WhatsApp) WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-1524576055-28628056-1756210282-1001\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.) Packages: ========= Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3024.0_x64__48frkmn4z8aw4 [2020-12-28] (Acer Incorporated) Bureau à distance Microsoft -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1810.0_x64__8wekyb3d8bbwe [2021-03-08] (Microsoft Corporation) Composant additionnel Photos Media Engine -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-28] (Microsoft Corporation) Dame de Pique -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.9.50.0_x64__kx24dqmazqk8j [2021-03-30] (Random Salad Games LLC) Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.14.7.0_x86__q4d96b2w5wcc2 [2021-05-28] (Evernote) Extension Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-15] (Microsoft Corporation) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-12] (HP Inc.) Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-17] (INTEL CORP) Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-26] (Microsoft Studios) [MS Ad] Movie & Audio Studio -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MovieAudioStudio_1.1.4.0_x64__awcgk3qbzve1y [2019-03-27] (MAGIX Software GmbH) PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2020-01-29] (CYBERLINK COM CORP) PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2019-03-27] (CYBERLINK COM CORP) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.158.0_x64__dt26b99r8h8gj [2019-03-27] (Realtek Semiconductor Corp) Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.0.58.0_x64__kx24dqmazqk8j [2021-04-12] (Random Salad Games LLC) Solitaire Français -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-04-12] (Random Salad Games LLC) Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_6.0.63.0_x64__kx24dqmazqk8j [2020-11-17] (Random Salad Games LLC) Traducteur -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2020-01-29] (Microsoft Corporation) ==================== Personnalisé CLSID (Avec liste blanche): ============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) CustomCLSID: HKU\S-1-5-21-1524576055-28628056-1756210282-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0 CustomCLSID: HKU\S-1-5-21-1524576055-28628056-1756210282-1001_Classes\CLSID\{04271989-C4D2-316B-F57E-14FB97501265} -> [CARI] => C:\Users\med\CARI [2021-05-10 11:13] CustomCLSID: HKU\S-1-5-21-1524576055-28628056-1756210282-1001_Classes\CLSID\{04271989-C4D2-5C05-C50F-28CFB2931E65} -> [OneDrive - CARI] => C:\Users\med\OneDrive - CARI [2021-06-02 10:46] CustomCLSID: HKU\S-1-5-21-1524576055-28628056-1756210282-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\med\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1524576055-28628056-1756210282-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\med\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [Fichier non signé] [Fichier en cours d'utilisation] ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers1: [PDFArchitect7_ManagerExt] -> {21989F59-B260-4302-90C3-E51740E03639} => C:\Program Files\PDF Architect 7\context-menu.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH) ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2019-11-19] (pdfforge GmbH -> pdfforge GmbH) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-03] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [Fichier non signé] [Fichier en cours d'utilisation] ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-03] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Avec liste blanche) ==================== ==================== Raccourcis & WMI ======================== ==================== Modules chargés (Avec liste blanche) ============= 2021-02-23 15:07 - 2021-05-25 16:51 - 002552320 _____ () [Fichier non signé] C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll 2021-02-23 15:08 - 2021-05-25 16:51 - 000388608 _____ () [Fichier non signé] C:\Program Files (x86)\Microsoft\Skype for Desktop\swiftshader\libegl.dll 2021-02-23 15:08 - 2021-05-25 16:51 - 002863104 _____ () [Fichier non signé] C:\Program Files (x86)\Microsoft\Skype for Desktop\swiftshader\libglesv2.dll 2018-12-03 23:19 - 2018-12-03 23:19 - 000126976 _____ (Intel Corporation) [Fichier non signé] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll 2020-01-29 17:32 - 2020-01-29 17:32 - 000116736 _____ (pdfforge GmbH) [Fichier non signé] C:\WINDOWS\System32\pdfcmon.dll 2021-04-12 13:34 - 2021-04-12 13:34 - 000913920 _____ (ServiceStack) [Fichier non signé] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\6c292287be71db1b89ac22e2a724e691\ServiceStack.Text.ni.dll 2018-12-10 11:29 - 2018-12-10 11:29 - 000438272 _____ (The curl library, hxxps://curl.haxx.se/) [Fichier non signé] C:\Program Files\PDF Architect 7\libcurl.dll ==================== Alternate Data Streams (Avec liste blanche) ======== ==================== Mode sans échec (Avec liste blanche) ================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Avec liste blanche) ================= ==================== Internet Explorer (Avec liste blanche) ========== HKU\S-1-5-21-1524576055-28628056-1756210282-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE HKU\S-1-5-21-1524576055-28628056-1756210282-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-06-02] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-06-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-02] (Microsoft Corporation -> Microsoft Corporation) (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.) IE trusted site: HKU\S-1-5-21-1524576055-28628056-1756210282-1001\...\sharepoint.com -> hxxps://cariassociation-files.sharepoint.com ==================== Hosts contenu: ========================= (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.) 2018-09-15 09:31 - 2018-09-15 09:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Autres zones =========================== (Actuellement, il n'y a pas de correction automatique pour cette section.) HKU\S-1-5-21-1524576055-28628056-1756210282-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\med\AppData\Roaming\Mozilla\Firefox\Fond d’écran.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Le Pare-feu est activé. ==================== MSCONFIG/TASK MANAGER éléments désactivés == (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter" ==================== RèglesPare-feu (Avec liste blanche) ================ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) FirewallRules: [{A06F3CA6-0A2D-4AA7-8EEA-BEF4142FECD8}] => (Allow) C:\Users\med\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier FirewallRules: [{DCA48DD8-AFE3-4E7D-A024-937DD474B40D}] => (Allow) C:\Users\med\AppData\Roaming\Zoom\bin\airhost.exe => Pas de fichier FirewallRules: [{31C19D35-6BAD-4EBA-B197-8535545F1065}] => (Allow) C:\Users\med\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [UDP Query User{7DA9291E-5225-4C56-80EB-D308B5BECE17}C:\users\med\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\med\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{8DFF9381-7CAB-4808-A102-92FF277ADBDC}C:\users\med\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\med\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{86ED59C0-E131-4516-8051-E6232D7F8196}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Allow) C:\program files (x86)\microsoft office\root\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{FAFBB576-B740-47E4-8E91-4BBAF5E201C8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{67647393-EA0A-400C-8D2C-29E292747AD5}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{EE395078-34B7-40B2-BCBB-46CC6BD52EA8}] => (Allow) C:\Users\med\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{0C018ABA-0659-440E-85FB-F57164E6F02C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E8D6CE80-A099-45A4-B20B-47A90C37FD7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{AB63141C-5969-453B-9FA9-D134F95A3A2C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4B1F4AAB-3D73-4222-8D8B-D8B3A276EE5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DC1B254A-376F-44B8-AF5B-2A0BEE8BD306}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C5888B5E-AE05-4058-A88E-9A03AED2C70C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2475E8EF-2479-4956-8140-9FFF3C5A3042}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8FEEA83B-22E4-4C6A-903F-B25E9E9EC58B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{C1F6DAD3-6B35-422C-937A-E29EA13D04AB}C:\users\med\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\med\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{321C3FC8-9812-44DD-93A4-B95CFF1D2777}C:\users\med\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\med\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A9DE7518-4E92-42BF-843F-49A518987368}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{4CD69696-C357-45A3-97A5-60BA08471F16}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{2E2C979E-59CF-4328-95ED-73B763BC97FD}C:\users\med\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\med\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{380C030D-65B0-47DE-9C80-16B2425ED1D8}C:\users\med\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\med\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B9B15871-A67C-4E7E-BA10-015E59C8A7D8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1E742DDD-8C13-4947-8BBF-6C4355370863}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{6515A08C-031E-4C9E-8960-E631AF6B87F4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{776CEAC8-88E1-4F69-9043-A9980C8918B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A87F46F2-FB43-46B7-BD26-E51B50FCF027}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{082CD82D-89E0-4FA0-A677-8ADFB88FD234}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BE36931A-5C0E-494F-8E84-D6FE4556D587}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{DBBF72CB-E57B-4BE8-9302-BE1E2B39387C}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{39747422-B12A-4A10-AE61-E9DD89D9049B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Points de restauration ========================= 03-06-2021 12:55:33 AdwCleaner_BeforeCleaning_03/06/2021_12:55:33 ==================== Éléments en erreur du Gestionnaire de périphériques ============ ==================== Erreurs du Journal des événements: ======================== Erreurs Application: ================== Error: (06/04/2021 09:24:14 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (06/03/2021 01:07:52 PM) (Source: MsiInstaller) (EventID: 10005) (User: AUTORITE NT) Description: Product: Avira Software Updater -- Please install Avira Connect then run this installer again. Error: (06/03/2021 12:58:18 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: AUTORITE NT) Description: Windows ne peut pas charger la DLL de compteur extensible « C:\WINDOWS\system32\sysmain.dll » (code d'erreur Win32 126). Error: (06/03/2021 12:56:19 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . Error: (06/03/2021 12:56:19 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] Error: (06/03/2021 11:08:52 AM) (Source: MsiInstaller) (EventID: 10005) (User: AUTORITE NT) Description: Product: Avira Software Updater -- Please install Avira Connect then run this installer again. Error: (06/03/2021 09:57:06 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: CARI-OASIS) Description: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy-2147023878 Error: (06/02/2021 03:42:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: AUTORITE NT) Description: Product: Avira Software Updater -- Please install Avira Connect then run this installer again. Erreurs système: ============= Error: (06/03/2021 12:56:16 PM) (Source: DCOM) (EventID: 10010) (User: CARI-OASIS) Description: Le serveur {7966B4D8-4FDC-4126-A10B-39A3209AD251} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/03/2021 12:56:16 PM) (Source: DCOM) (EventID: 10010) (User: CARI-OASIS) Description: Le serveur {7966B4D8-4FDC-4126-A10B-39A3209AD251} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/03/2021 12:56:16 PM) (Source: DCOM) (EventID: 10010) (User: CARI-OASIS) Description: Le serveur {7966B4D8-4FDC-4126-A10B-39A3209AD251} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/03/2021 12:56:16 PM) (Source: DCOM) (EventID: 10010) (User: CARI-OASIS) Description: Le serveur {7966B4D8-4FDC-4126-A10B-39A3209AD251} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/03/2021 12:56:16 PM) (Source: DCOM) (EventID: 10010) (User: CARI-OASIS) Description: Le serveur {7966B4D8-4FDC-4126-A10B-39A3209AD251} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/03/2021 12:56:16 PM) (Source: DCOM) (EventID: 10010) (User: CARI-OASIS) Description: Le serveur {7966B4D8-4FDC-4126-A10B-39A3209AD251} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/03/2021 12:56:16 PM) (Source: DCOM) (EventID: 10010) (User: CARI-OASIS) Description: Le serveur {7966B4D8-4FDC-4126-A10B-39A3209AD251} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/03/2021 12:56:16 PM) (Source: DCOM) (EventID: 10010) (User: CARI-OASIS) Description: Le serveur {7966B4D8-4FDC-4126-A10B-39A3209AD251} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. CodeIntegrity: =============== Date: 2021-06-03 16:51:06 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements. ==================== Infos Mémoire =========================== BIOS: Insyde Corp. V1.01 12/18/2018 Carte mère: KBL Raticate_KL Processeur: Intel(R) Core(TM) i3-7020U CPU @ 2.30GHz Pourcentage de mémoire utilisée: 89% Mémoire physique - RAM - totale: 3971.6 MB Mémoire physique - RAM - disponible: 428.19 MB Mémoire virtuelle totale: 13187.6 MB Mémoire virtuelle disponible: 7158.13 MB ==================== Lecteurs ================================ Drive c: (Acer) (Fixed) (Total:162.85 GB) (Free:97.56 GB) NTFS Drive o: (CARI) (Fixed) (Total:74.51 GB) (Free:65.62 GB) NTFS \\?\Volume{dc6d3ff4-820a-4759-906e-a3b42c0a055b}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.49 GB) NTFS \\?\Volume{f2b390bc-bc61-4461-b443-7a437e599b46}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32 ==================== MBR & Table des partitions ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: C87AA61A) Partition: GPT. ==================== Fin de Addition.txt =======================