Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 25-09-2023 Exécuté par barry (28-09-2023 11:43:16) Exécuté depuis C:\Users\barry\Downloads Microsoft Windows 11 Famille Version 22H2 22621.2361 (X64) (2023-02-12 14:45:25) Mode d'amorçage: Normal ========================================================== ==================== Comptes: ============================= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) Administrateur (S-1-5-21-3680218258-1990516733-2007646127-500 - Administrator - Disabled) barry (S-1-5-21-3680218258-1990516733-2007646127-1001 - Administrator - Enabled) => C:\Users\barry DefaultAccount (S-1-5-21-3680218258-1990516733-2007646127-503 - Limited - Disabled) Invité (S-1-5-21-3680218258-1990516733-2007646127-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3680218258-1990516733-2007646127-504 - Limited - Disabled) ==================== Centre de sécurité ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programmes installés ====================== (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.0.0.571 - Adobe Inc.) Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.371 - Adobe) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.) Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_0) (Version: 25.0 - Adobe Inc.) Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_2) (Version: 27.2 - Adobe Inc.) Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_2) (Version: 22.2.0.183 - Adobe Inc.) Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_7) (Version: 24.7.0.643 - Adobe Inc.) Aero (Beta) (HKLM-x32\...\AERO_0_23_4) (Version: 0.23.4 - Adobe Inc.) Apple Mobile Device Support (HKLM\...\{44325855-D4CA-4994-A27A-39FE50CE6A8E}) (Version: 16.0.0.30 - Apple Inc.) Assistant d’installation de Windows 11 (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.2063 - Microsoft Corporation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Contrôle d’intégrité du PC Windows (HKLM\...\{DB3AADA3-0996-4427-87CC-8BA140012410}) (Version: 3.7.2204.15001 - Microsoft Corporation) Driver Booster 11 (HKLM-x32\...\Driver Booster_is1) (Version: 11.0.0 - IObit) EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.27.0.5540 - Electronic Arts) Hidden EA app (HKLM-x32\...\{643327aa-0d22-4bdd-82a4-d28be9d8fe50}) (Version: 13.27.0.5540 - Electronic Arts) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden Infatica P2B Network (HKLM-x32\...\{043C71DF-992B-4A8C-B584-DE65480802F8}_is1) (Version: 1.0.6.4 - ) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.0.0.13 - IObit) IPTVSmartersPro 1.1.1 (HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\f6c4a7ae-abcb-5b7e-ac53-6c20f026dd0e) (Version: 1.1.1 - WHMCS Smarters) Microsoft .NET Core Host - 3.1.13 (x64) (HKLM\...\{6235E4FE-D062-4518-8C3E-0241C03D6687}) (Version: 24.116.29816 - Microsoft Corporation) Hidden Microsoft .NET Core Host FX Resolver - 3.1.13 (x64) (HKLM\...\{D5B3C7A8-37E1-4451-A0B1-B1ABD1C79E1D}) (Version: 24.116.29816 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.13 (x64) (HKLM\...\{EEC5DD9E-587D-4360-868B-CB5A752A6BD0}) (Version: 24.116.29816 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.16 (x64) (HKLM\...\{1D0AC7F1-2B34-44AF-91F6-88757D768DA7}) (Version: 48.67.58427 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.16 (x64) (HKLM\...\{B8537ACA-B210-4DF5-B928-E41CEB76723D}) (Version: 48.67.58427 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.16 (x64) (HKLM\...\{C71E93D2-B8B4-4858-B2A1-4C967DBC1C5F}) (Version: 48.67.58427 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.43 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.43 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft Office Professionnel Plus 2019 - fr-fr (HKLM\...\ProPlus2019Retail - fr-fr) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\OneDriveSetup.exe) (Version: 23.184.0903.0002 - Microsoft Corporation) Microsoft Project - fr-fr (HKLM\...\ProjectPro2019Retail - fr-fr) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\Teams) (Version: 1.6.00.20776 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation) Microsoft Visio - fr-fr (HKLM\...\VisioPro2019Retail - fr-fr) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.6.2115.31769 - Microsoft Corporation) Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{5E8B524C-99ED-4F58-AC9F-3B05036833A4}) (Version: 3.6.2085.9058 - Microsoft Corporation) Hidden Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{47B3704C-3287-4DFC-B019-CCBF305492B3}) (Version: 3.6.2085.9058 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 3.1.13 (x64) (HKLM\...\{C8DA046B-24D8-4A15-B77E-AFC7F44D1BCA}) (Version: 24.116.29816 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 3.1.13 (x64) (HKLM-x32\...\{df32638d-0722-47cb-b084-3dd851b1146e}) (Version: 3.1.13.29816 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.16 (x64) (HKLM\...\{805626FF-2BC9-4567-A71E-A76A470D000A}) (Version: 48.67.58484 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.16 (x64) (HKLM-x32\...\{8d173101-98c1-4e92-97c6-47c6840745a7}) (Version: 6.0.16.32327 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Node.js (HKLM\...\{D6312B04-7F9E-4651-B8E2-3F35DB2FCFB3}) (Version: 18.16.1 - Node.js Foundation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040C-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) RegRun Reanimator (HKLM-x32\...\UnHackMe Update - Reanimator_is1) (Version: - Greatis Software) SWF.max 2.3 (HKLM-x32\...\SWF.max) (Version: - .max) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.14.0 - Tweaking.com) UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft) UsbDk Runtime Libraries (HKLM\...\{6D4A6ED0-CF41-4615-A4B3-BDA018C3C1CD}) (Version: 1.0.22 - Red Hat, Inc.) uTorrent Web (HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\utweb) (Version: 1.3.0 - Rainberry, Inc.) UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.) VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) Visual Studio Build Tools 2019 (HKLM-x32\...\17053ce8) (Version: 16.11.27 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH) Wondershare Filmora 12 version 12.0.12.1450 (HKLM-x32\...\{E7B9D7E6-D288-4C72-A231-169DCB28DB4B}_is1) (Version: 12.0.12.1450 - RepackSoftware.Com) Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare) Wondershare NativePush(Build 1.0.0.8) (HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\Wondershare NativePush_is1) (Version: - Wondershare Software) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2023-09-27] (Adobe Systems Incorporated) Adobe Express -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeCreativeCloudExpress_2.1.1.0_neutral__ynb6jyjzte8ga [2023-09-28] (Adobe Inc.) Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-09-27] (Adobe Systems Incorporated) AppleInc.iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa [2023-09-27] (Apple Inc.) [Startup Task] AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt [2023-09-27] (INTEL CORP) [Startup Task] Aquile Reader -> C:\Program Files\WindowsApps\21676OptimiliaStudios.AquileReader_1.1.30.0_x64__k42naep6bwmrc [2023-09-27] (Optimilia Studios) Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-27] (Microsoft Corporation) Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2023-09-28] (Meta) HP Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_1.1.134.0_x64__dt26b99r8h8gj [2023-09-27] (Realtek Semiconductor Corp) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.21.0_neutral__8xx8rvfyw5nnt [2023-09-28] (Instagram) Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-09-27] (INTEL CORP) Intel® Unison™ -> C:\Program Files\WindowsApps\AppUp.IntelTechnologyMDE_20.14.5716.0_x64__8j3eq9eme6ctt [2023-09-27] (INTEL CORP) Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1950.4.225.0_x64__8xx8rvfyw5nnt [2023-09-27] (Meta) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-09-27] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-09-27] (Microsoft Corporation) [MS Ad] Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-27] (Microsoft Corp.) Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-28] (Microsoft Corporation) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2023-09-27] (Netflix, Inc.) OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2023-09-27] (Microsoft Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0 [2023-09-27] (Spotify AB) [Startup Task] Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2023-09-27] (Synaptics Incorporated) Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_4.9.7.0_x64__t4vj0pshhgkwm [2023-09-27] (Telegram Messenger LLP) [Startup Task] TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-09-28] (Bytedance Pte. Ltd.) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2337.7.0_x64__cv1g1gvanyjgm [2023-09-27] (WhatsApp Inc.) [Startup Task] Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-28] (Microsoft Corporation) Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.928.502.235_neutral__8wekyb3d8bbwe [2023-09-28] (Microsoft Corporation) WinRAR -> C:\Program Files\WinRAR [2023-09-27] (win.rar GmbH) ==================== Personnalisé CLSID (Avec liste blanche): ============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) CustomCLSID: HKU\S-1-5-21-3680218258-1990516733-2007646127-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\barry\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) CustomCLSID: HKU\S-1-5-21-3680218258-1990516733-2007646127-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\barry\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23199.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3680218258-1990516733-2007646127-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-3680218258-1990516733-2007646127-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\barry\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3680218258-1990516733-2007646127-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Windows -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> ) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-09-12] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> ) ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-09-12] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit) ==================== Codecs (Avec liste blanche) ==================== ==================== Raccourcis & WMI ======================== (Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.) ShortcutWithArgument: C:\Users\barry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1" ==================== Modules chargés (Avec liste blanche) ============= 2020-09-12 00:30 - 2020-09-12 00:30 - 000164352 _____ () [Fichier non signé] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\fr_fr\PDFMaker\PDFMOfficeAddin.FRA 2022-10-04 19:32 - 2022-10-04 19:32 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll 2022-10-04 19:32 - 2022-10-04 19:32 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2022-10-04 19:32 - 2022-10-04 19:32 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll 2022-10-04 19:32 - 2022-10-04 19:32 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\c2r64.dll 2023-01-01 09:26 - 2017-09-14 06:46 - 001012224 _____ (The Qt Company Ltd) [Fichier non signé] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\platforms\qwindows.dll 2023-01-01 09:26 - 2022-04-28 20:21 - 004694016 _____ (The Qt Company Ltd) [Fichier non signé] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Core.dll 2023-01-01 09:26 - 2022-04-28 20:21 - 005032960 _____ (The Qt Company Ltd) [Fichier non signé] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Gui.dll 2023-01-01 09:26 - 2022-04-28 20:21 - 000856064 _____ (The Qt Company Ltd) [Fichier non signé] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Network.dll 2023-01-01 09:26 - 2022-04-28 20:21 - 004483072 _____ (The Qt Company Ltd) [Fichier non signé] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Widgets.dll ==================== Alternate Data Streams (Avec liste blanche) ======== (Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.) AlternateDataStreams: C:\ProgramData:iSpring Solutions [128] AlternateDataStreams: C:\ProgramData:iSpring Suite 8 [128] AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128] AlternateDataStreams: C:\Users\All Users:iSpring Suite 8 [128] AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128] AlternateDataStreams: C:\ProgramData\Application Data:iSpring Suite 8 [128] AlternateDataStreams: C:\Users\barry\Application Data:iSpring Solutions [128] AlternateDataStreams: C:\Users\barry\Application Data:iSpring Suite 8 [128] AlternateDataStreams: C:\Users\barry\AppData\Roaming:iSpring Solutions [128] AlternateDataStreams: C:\Users\barry\AppData\Roaming:iSpring Suite 8 [128] ==================== Mode sans échec (Avec liste blanche) ================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Avec liste blanche) ================= ==================== Internet Explorer (Avec liste blanche) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2023-07-21] (IObit CO., LTD -> IObit) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation) (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.) IE trusted site: HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\sharepoint.com -> hxxps://univmetiers-files.sharepoint.com IE trusted site: HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts contenu: ========================= (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.) 2023-09-27 19:31 - 2023-09-27 19:31 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 2023-06-12 16:26 - 2023-06-13 13:50 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Autres zones =========================== (Actuellement, il n'y a pas de correction automatique pour cette section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SystemRoot%\system32\WBEM;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;C:\Users\barry\AppData\Local\Microsoft\WindowsApps;C:\Windows\System32;C:\Program Files\JetBrains\PyCharm Community Edition 2022.3.2\bin;C:\Users\barry\AppData\Roaming\npm HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\barry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Le Pare-feu est activé. ==================== MSCONFIG/TASK MANAGER éléments désactivés == (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) HKLM\...\StartupApproved\StartupFolder: => "StartRLCMS.lnk" HKLM\...\StartupApproved\Run: => "Restoro" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run32: => "AgentMonitor" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => ".ses" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "(sQQCXUxGy5PXuki.tmp.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "118d9bdb-1974-4d26-86e5-023768298121.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "1360dfef-15e1-4d34-bd86-aa800b14ddfc.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "19d2baaa-0730-4b37-9ad9-eb870a2e3ff3.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "39d52af84fb85bdee697aafa1400b442-{87A94AB0-E370-4cde-98D3-ACC110C5967D}" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "4RcXgfYx8Y3rE8@z.tmp.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "6ab43dc2-0831-40e9-812b-59f867784cc6.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "6dbe3c70-b1ab-4957-b1a0-1bc6e9bdddd6.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "7dfb9533-502f-4423-8f27-e464089d0e52.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "89a00df1-78a5-4ca2-88f1-58973ab8dd56.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "8b167390-6b68-42ce-866b-50bf8a008f31.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "a0147f70-e959-478f-9f8a-e4d2fa6e415f.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "a0bf4a41-1165-4191-9904-63b791ec8f84.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "a4e6bcc3-f17f-40ca-80c7-13416f31e13d.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "adobegc.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "amt3.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "b30143c4-b446-49a0-a3d0-abb826b789fb.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "bc3902d8132f43e3ae086a009979fa88.db.ses" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "{F031F8EC-5E1F-4D46-9524-6F3B853D6632} - OProcSessId.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "{DD7CD27A-ACB4-4024-8173-A94AF8129BA5} - OProcSessId.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "{6ACFBA95-0793-4AF3-A3EA-A19B54734CFD} - OProcSessId.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "{5A21DB1E-E088-48CB-B987-2DF068A67C81} - OProcSessId.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "{57E522F2-D9AD-4B8E-98A8-0EC201517D54} - OProcSessId.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wctD3D7.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wctBB79.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wctB5ED.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wctB11F.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct9BCD.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct95CB.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct91AE.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct8CC8.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct6FC7.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct6700.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct61CC.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct61CB.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct48BC.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct2A74.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct2841.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct10CE.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "usoft.dbd" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "upgrade_sensors" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "trim.txt" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "swtag.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "StructuredQuery.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "StartApps.txt" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "Setup Log 2023-09-22 #001.txt" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "Setup Log 2023-09-20 #004.txt" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "Setup Log 2023-09-20 #003.txt" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "sdresult.db" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "sda0.0.bat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "schtasks_list_45189,5861470486.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "schtasks_45189,5861470486.bat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "sbis.0.bat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "sUpdate.dbd" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "sMarUpdateInfo.dbd" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "s4o.0.bat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "qtsingleapp-reside-c761-1-lockfile" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "qtsingleapp-reside-70f6-4-lockfile" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "qtsingleapp-reside-70f6-1-lockfile" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "PSExt2.dbd" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "PSExt.dbd" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "PDF6C3A.mp3" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "PDF6C3A.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "PDApp.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "OptaneIconOverlay.ico" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "oobelib.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "O$1k!OcrVMcB(4d4.tmp.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "NotifyIconGeneratedAumid_5687173475908505687.png" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "NotifyIconGeneratedAumid_4021035665093359375.png" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "NotifyIconGeneratedAumid_14809229402050155498.png" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "NotifyIconGeneratedAumid_11268499900964543874.png" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "native_push_sensors" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "NGLClient_default.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "NGLClient_Photoshop122.2.0.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "NGLClient_Photoshop1.ngllogcontrolconfig" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "burkrsjoxcdinoumus.exe" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wblvbqjrmvum.exe" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "msedge_installer.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-9924.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-9256.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-9212.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-8816.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-8792.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-8744.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-8672.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-8452.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-8184.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-7368.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-6668.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-6008.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-5828.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-5768.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-5268.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-3888.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-3660.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-3440.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-3348.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-3124.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-3116.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-2804.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-2692.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-2416.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-1968.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-1820.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-1776.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-17264.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-172.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-17172.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-17044.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-16960.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-16936.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-16932.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-1688.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-16840.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-16624.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-16188.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-16128.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-15928.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-15916.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-15616.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-15332.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-15256.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-14800.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-14512.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-14500.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-14464.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-14328.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-14272.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-14112.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-14072.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-14020.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-13784.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-13356.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-13044.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-12924.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-12844.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-12788.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-12712.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-12564.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-12484.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-12172.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-12100.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-1204.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-12032.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-11792.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-11484.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-11308.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-1092.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-1084.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-10648.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-10640.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-10472.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-1032.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "mat-debug-10300.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "jVo)N)0oFnSuL2Q8.tmp.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "InterOP_CCD_Logs.txt" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "HardInfo.txt" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "f9c70651-6f9c-4dd6-b879-0fefed792bc9.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "f3efe0e0-8766-4b80-b9f2-7795e90519d2.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "f3c1608c-2b74-48b7-9e58-71656e3af8d0.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "ea86b752-30ef-4c04-a086-fa37de56a697.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "df15cb03-498e-45e4-b69b-a6a0951d8c52.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "cv_debug.log" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "crash_repo_pref.txt" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "37ca580f-7e94-41ea-bfc4-f0f015bf3257.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "8gP3igjTsNrGxlb(.tmp.dat" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "d2cceed8-b5f8-4caa-a741-0218524275a9.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "f894a4f2-7268-4414-92f3-ff616e93fb59.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "46b2d6cb-d500-4e17-b4d5-b32bf1abd674.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "ae278b25-76eb-4e62-aadb-86c9796d5106.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "NotifyIconGeneratedAumid_13238834794545695966.png" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "qtsingleapp-reside-70f6-2-lockfile" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "qtsingleapp-reside-70f6-3-lockfile" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "~DFF094261C26541E8D.TMP" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "a54e12ed-4ca7-417e-be4f-a13e2beea66e.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "ab77907a-334e-4a61-83ff-7723e382b332.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "ae049594-ba5e-449c-85d6-a6c44f6afe9a.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "e826a8fc-08f4-46fb-9599-66356ef3c8cb.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "MSI1f4ab.LOG" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct89A0.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct91FD.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wct899F.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "wctAE6C.tmp" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "~DFB26137ECFF2A0E2B.TMP" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\StartupFolder: => "~DF3F811680C0AD5854.TMP" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "btweb" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "Bright VPN" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "ProgLauncher" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "utweb" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "Advanced SystemCare" HKU\S-1-5-21-3680218258-1990516733-2007646127-1001\...\StartupApproved\Run: => "LEAJ" ==================== RèglesPare-feu (Avec liste blanche) ================ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Points de restauration ========================= 27-09-2023 19:36:19 Installed Windows 11 Manager ==================== Éléments en erreur du Gestionnaire de périphériques ============ ==================== Erreurs du Journal des événements: ======================== Erreurs Application: ================== Error: (09/28/2023 11:01:12 AM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-AT5QH78) Description: Nom de l’application défaillante SearchHost.exe, version : 623.22800.0.0, horodatage : 0x64dcf450 Nom du module défaillant : twinapi.appcore.dll, version : 10.0.22621.2361, horodatage : 0xa5d112b2 Code d’exception : 0xc000027b Décalage d’erreur : 0x00000000000d0033 ID du processus défaillant : 0x0x25f4 Heure de début de l’application défaillante : 0x0x1d9f1fb173d305c Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll ID de rapport : 44dc523e-417c-4d6b-9480-763e7680c0cd Nom complet du package défaillant : MicrosoftWindows.Client.CBS_1000.22674.1000.0_x64__cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI Error: (09/28/2023 11:01:10 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x8007001f, Un périphérique attaché au système ne fonctionne pas correctement. . Opération : Opération asynchrone en cours d’exécution Contexte : État actuel: DoSnapshotSet Error: (09/28/2023 11:00:58 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé. . Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur. Opération : Données du rédacteur en cours de collecte Contexte : ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220} Nom du rédacteur: System Writer ID d’instance du rédacteur: {5ebce430-bdc8-4e69-a727-cd79afd28704} Error: (09/28/2023 10:04:43 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x8007001f, Un périphérique attaché au système ne fonctionne pas correctement. . Opération : Opération asynchrone en cours d’exécution Contexte : État actuel: DoSnapshotSet Error: (09/28/2023 10:04:30 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé. . Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur. Opération : Données du rédacteur en cours de collecte Contexte : ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220} Nom du rédacteur: System Writer ID d’instance du rédacteur: {4933ad25-ca50-42db-bf68-6e6f0af681bd} Error: (09/28/2023 12:09:09 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: AUTORITE NT) Description: Le fournisseur d’événements mispace a tenté d’inscrire dans l’espace de noms //./root/Microsoft/Windows/Storage/Providers_v2 la requête « select * from SPACES_StorageModificationEvent » dont la classe cible « SPACES_StorageModificationEvent » n’existe pas. La requête sera ignorée. Error: (09/28/2023 12:09:09 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: AUTORITE NT) Description: Le fournisseur d’événements mispace a tenté d’inscrire dans l’espace de noms //./root/Microsoft/Windows/Storage/Providers_v2 la requête « select * from SPACES_StorageHealthStatusChangeEvent » dont la classe cible « SPACES_StorageHealthStatusChangeEvent » n’existe pas. La requête sera ignorée. Error: (09/28/2023 12:09:09 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: AUTORITE NT) Description: Le fournisseur d’événements mispace a tenté d’inscrire dans l’espace de noms //./root/Microsoft/Windows/Storage/Providers_v2 la requête « select * from SPACES_StorageFaultEvent » dont la classe cible « SPACES_StorageFaultEvent » n’existe pas. La requête sera ignorée. Erreurs système: ============= Error: (09/28/2023 11:01:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT) Description: Le module d’extensibilité WLAN s’est arrêté de façon inattendue. Chemin d’accès du module : C:\WINDOWS\system32\Rtlihvs.dll Error: (09/28/2023 11:01:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT) Description: Le module d’extensibilité WLAN s’est arrêté de façon inattendue. Chemin d’accès du module : C:\WINDOWS\system32\Rtlihvs.dll Error: (09/28/2023 11:01:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error: (09/28/2023 11:01:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Service Microsoft Office « Démarrer en un clic » s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service. Error: (09/28/2023 11:01:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Gaming Services s’est terminé de façon inattendue pour la 1ème fois. Error: (09/28/2023 11:01:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Intel(R) Management Engine WMI Provider Registration s’est terminé de façon inattendue pour la 1ème fois. Error: (09/28/2023 11:01:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service MFLocalService s’est terminé de façon inattendue pour la 1ème fois. Error: (09/28/2023 11:01:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Intel(R) Management and Security Application Local Management Service s’est terminé de façon inattendue pour la 1ème fois. Windows Defender: ================ Date: 2023-06-09 07:54:29 Description: Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable. Pour plus d’informations, reportez-vous aux éléments suivants : https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/NSudo!MSR&threatid=2147839617&enterprise=0 Nom : Trojan:Win64/NSudo!MSR ID : 2147839617 Gravité : Grave Catégorie : Cheval de Troie Chemin : file:_F:\Windows\NSudo.exe Origine de la détection : Ordinateur local Type de détection : Concret Source de détection : Protection en temps réel Utilisateur : DESKTOP-AT5QH78\barry Nom du processus : C:\Windows\explorer.exe Version de la veille de sécurité : AV: 1.391.745.0, AS: 1.391.745.0, NIS: 1.391.745.0 Version du moteur : AM: 1.1.23050.3, NIS: 1.1.23050.3 Date: 2023-04-06 18:58:11 Description: Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable. Pour plus d’informations, reportez-vous aux éléments suivants : https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.A!ml&threatid=2147772966&enterprise=0 Nom : Trojan:Script/Phonzy.A!ml ID : 2147772966 Gravité : Grave Catégorie : Cheval de Troie Chemin : file:_F:\Games\WWE 2K15\steam_api64.dll Origine de la détection : Ordinateur local Type de détection : Chemin rapide Source de détection : Protection en temps réel Utilisateur : DESKTOP-AT5QH78\barry Nom du processus : F:\Games\WWE 2K15\WWE2K15Launcher.exe Version de la veille de sécurité : AV: 1.387.163.0, AS: 1.387.163.0, NIS: 1.387.163.0 Version du moteur : AM: 1.1.20200.4, NIS: 1.1.20200.4 Date: 2023-04-06 18:57:32 Description: Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable. Pour plus d’informations, reportez-vous aux éléments suivants : https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.A!ml&threatid=2147772966&enterprise=0 Nom : Trojan:Script/Phonzy.A!ml ID : 2147772966 Gravité : Grave Catégorie : Cheval de Troie Chemin : file:_F:\Games\WWE 2K15\steam_api64.dll Origine de la détection : Ordinateur local Type de détection : Chemin rapide Source de détection : Protection en temps réel Utilisateur : DESKTOP-AT5QH78\barry Nom du processus : F:\Games\WWE 2K15\WWE2K15Launcher.exe Version de la veille de sécurité : AV: 1.387.163.0, AS: 1.387.163.0, NIS: 1.387.163.0 Version du moteur : AM: 1.1.20200.4, NIS: 1.1.20200.4 Date: 2023-04-06 18:57:26 Description: Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable. Pour plus d’informations, reportez-vous aux éléments suivants : https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Phonzy.A!ml&threatid=2147772966&enterprise=0 Nom : Trojan:Script/Phonzy.A!ml ID : 2147772966 Gravité : Grave Catégorie : Cheval de Troie Chemin : file:_F:\Games\WWE 2K15\steam_api64.dll Origine de la détection : Ordinateur local Type de détection : Chemin rapide Source de détection : Protection en temps réel Utilisateur : DESKTOP-AT5QH78\barry Nom du processus : F:\Games\WWE 2K15\WWE2K15_x64.exe Version de la veille de sécurité : AV: 1.387.163.0, AS: 1.387.163.0, NIS: 1.387.163.0 Version du moteur : AM: 1.1.20200.4, NIS: 1.1.20200.4 Event[0] Date: 2023-09-27 16:38:38 Description: La fonctionnalité de protection en temps réel Antivirus Microsoft Defender a rencontré une erreur et échoué. Fonctionnalité : Sur accès Code d’erreur : 0x8007043c Description de l’erreur : Ce service ne peut pas être démarré en mode sans échec Raison : La veille de sécurité contre les logiciels malveillants a cessé de fonctionner pour une raison inconnue. Dans certains cas, le redémarrage du service peut résoudre le problème. Date: 2023-09-27 13:00:20 Description: La fonctionnalité de protection en temps réel Antivirus Microsoft Defender a rencontré une erreur et échoué. Fonctionnalité : Sur accès Code d’erreur : 0x8007043c Description de l’erreur : Ce service ne peut pas être démarré en mode sans échec Raison : La veille de sécurité contre les logiciels malveillants a cessé de fonctionner pour une raison inconnue. Dans certains cas, le redémarrage du service peut résoudre le problème. Date: 2023-09-26 19:41:03 Description: La fonctionnalité de protection en temps réel Antivirus Microsoft Defender a rencontré une erreur et échoué. Fonctionnalité : Sur accès Code d’erreur : 0x8007043c Description de l’erreur : Ce service ne peut pas être démarré en mode sans échec Raison : La veille de sécurité contre les logiciels malveillants a cessé de fonctionner pour une raison inconnue. Dans certains cas, le redémarrage du service peut résoudre le problème. Date: 2023-09-26 19:38:31 Description: Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité et va tenter de rétablir une version précédente. Veille de sécurité tentée : Sauvegarde Code d’erreur : 0x80004004 Description de l’erreur : Opération abandonnée Version de la veille de sécurité : 1.397.1543.0;1.397.1543.0 Version du moteur : 1.1.23080.2005 Date: 2023-09-26 19:38:30 Description: Antivirus Microsoft Defender a rencontré une erreur lors de la mise à jour de la veille de sécurité et va tenter de rétablir une version précédente. Veille de sécurité tentée : Actuelle Code d’erreur : 0x80004004 Description de l’erreur : Opération abandonnée Version de la veille de sécurité : 1.397.1581.0;1.397.1581.0 Version du moteur : 1.1.23080.2005 CodeIntegrity: =============== Date: 2023-09-28 11:04:44 Description: Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0f12908b4ff13ff7\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-09-28 11:01:56 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\Amfltx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Infos Mémoire =========================== BIOS: Insyde F.04 08/02/2018 Carte mère: HP 84A6 Processeur: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz Pourcentage de mémoire utilisée: 42% Mémoire physique - RAM - totale: 12203.1 MB Mémoire physique - RAM - disponible: 7010.06 MB Mémoire virtuelle totale: 19115.1 MB Mémoire virtuelle disponible: 13203.86 MB ==================== Lecteurs ================================ Drive c: () (Fixed) (Total:236.49 GB) (Free:63.53 GB) (Model: SAMSUNG MZALQ256HAJD-000L2) NTFS Drive d: () (Fixed) (Total:0.57 GB) (Free:0.53 GB) (Model: WDC WD5000LPCX-60VHAT0) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecteur)] Drive f: () (Fixed) (Total:464.65 GB) (Free:140.22 GB) (Model: WDC WD5000LPCX-60VHAT0) NTFS \\?\Volume{5d2b767d-9902-4f96-8899-68f056d03491}\ () (Fixed) (Total:0.73 GB) (Free:0.08 GB) NTFS \\?\Volume{0b279a12-bc42-4dc3-859d-d0d1c209a7e5}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.41 GB) NTFS \\?\Volume{29b1ce4c-0000-0000-0000-904d74000000}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS \\?\Volume{bda910a4-f6a6-4671-b69b-48e8be73e688}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Table des partitions ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 29B1CE4C) Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=464.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=561 MB) - (Type=27) ========================================================== Disk: 1 (Size: 238.5 GB) (Disk ID: 8312A375) Partition: GPT. ==================== Fin de Addition.txt =======================