Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08.2024 Ran by utilisateur (09-08-2024 20:52:39) Running from C:\Users\utilisateur\Desktop Microsoft Windows 11 Professionnel Version 23H2 22631.3958 (X64) (2024-02-28 15:11:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrateur (S-1-5-21-3853405136-3853919521-2145737437-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3853405136-3853919521-2145737437-503 - Limited - Disabled) Invité (S-1-5-21-3853405136-3853919521-2145737437-501 - Limited - Disabled) utilisateur (S-1-5-21-3853405136-3853919521-2145737437-1001 - Administrator - Enabled) => C:\Users\utilisateur WDAGUtilityAccount (S-1-5-21-3853405136-3853919521-2145737437-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 24.01 (HKLM-x32\...\{23170F69-40C1-2701-2401-000001000000}) (Version: 24.01.00.0 - Igor Pavlov) 7-Zip 24.01 (x64) (HKLM\...\7-Zip) (Version: 24.01 - Igor Pavlov) Adobe Premiere Pro 2024 (HKLM\...\{5B70FB31-0DB4-424A-86A7-651B3629295A}_is1) (Version: 24.0.0.58 - CyberMania) aescripts + aeplugins (HKLM-x32\...\{B7261D96-BEAD-48FA-BC10-6400E1E87734}) (Version: 1.9.80.0 - aescripts + aeplugins) aescripts + aeplugins components (HKLM-x32\...\{44A79C1B-673F-4061-9CB0-17E555F4993D}) (Version: 1.111.0.0 - aescripts + aeplugins) aescripts + aeplugins desktop apps (HKLM-x32\...\{9b619644-1c34-43b7-8661-9fb174698bbd}) (Version: 1.9.80.0 - aescripts + aeplugins) Hidden Amazon Appstore (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\com.amazon.venezia) (Version: release-60.18.1.0.209322.0_510410 - amazon.com) Avast One (HKLM\...\Avast Antivirus) (Version: 24.7.6124 - Avast Software) AVG Secure Browser (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\AVG Secure Browser) (Version: 127.0.25932.99 - Gen Digital Inc.) Bloxstrap (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\Bloxstrap) (Version: 2.5.4 - pizzaboxer) CapCut (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\CapCut) (Version: 3.8.0.1431 - Bytedance Pte. Ltd.) Coolmuster Android Assistant (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\Coolmuster Android Assistant) (Version: 5.2.30 - Coolmuster) Discord (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\Discord) (Version: 1.0.9039 - Discord Inc.) Everything 1.4.1.1024 (x86) (HKLM-x32\...\Everything) (Version: 1.4.1.1024 - voidtools) Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.15 - Blackmagic Design) Keyboard LEDs (HKLM-x32\...\Keyboard LEDs) (Version: 2.7 - KARPOLAN) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LDPlayer (HKLM-x32\...\LDPlayer9) (Version: 9.0.71 - XUANZHI INTERNATIONAL CO., LIMITED) LibreOffice 7.6.5.2 (HKLM\...\{67E14A7F-871D-4239-9074-F66A9099E128}) (Version: 7.6.5.2 - The Document Foundation) Microsoft .NET Host - 6.0.29 (x64) (HKLM\...\{E7C485FB-3329-43E3-965B-3DE4B863E1D9}) (Version: 48.116.12053 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.29 (x64) (HKLM\...\{724B2734-4B1A-46E2-9333-6D3B83351D02}) (Version: 48.116.12053 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.29 (x64) (HKLM\...\{014E0350-0B29-483B-9252-8780DEBA0856}) (Version: 48.116.12053 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 127.0.2651.86 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 126.0.2592.113 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\OneDriveSetup.exe) (Version: 24.146.0721.0003 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.29 (x64) (HKLM\...\{A0DA3EDD-9C41-491F-A77E-5F90AFDB64B2}) (Version: 48.116.12057 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.29 (x64) (HKLM-x32\...\{54679abd-8ed9-4bd3-8400-7684dd7c6f03}) (Version: 6.0.29.33521 - Microsoft Corporation) Mister Horse Product Manager (HKLM\...\Mister Horse Product Manager_is1) (Version: 2.2.0 - ) Mozilla Firefox (x64 fr) (HKLM\...\Mozilla Firefox 129.0 (x64 fr)) (Version: 129.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 124.0.2 - Mozilla) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.28.0.412 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.28.0.412 - NVIDIA Corporation) NVIDIA Graphics Driver 555.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 555.99 - NVIDIA Corporation) NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.1.2 - OBS Project) Obsidian (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\bd400747-f0c1-5638-a859-982036102edf) (Version: 1.6.5 - Obsidian) OP Auto Clicker (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\OP Auto Clicker_is1) (Version: V4.0 - OP Auto Clicker) Opera GX Stable 109.0.5097.142 (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\Opera GX 109.0.5097.142) (Version: 109.0.5097.142 - Opera Software) Opera Stable 112.0.5197.39 (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\Opera 112.0.5197.39) (Version: 112.0.5197.39 - Opera Software) Python Launcher (HKLM-x32\...\{52ABF617-F7B4-40F9-8197-C7490DAA97A3}) (Version: 3.12.3150.0 - Python Software Foundation) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.9.0229.022700 - Razer Inc.) Roblox (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\com.roblox.client) (Version: 2.625.510 - roblox.com) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.5.2 - Krzysztof Kowalczyk) TeraBox (HKLM-x32\...\TeraBox) (Version: 1.31.0 - Flextech Inc.) Transmission 4.0.5 (a6fe2a64aa) (x64) (HKLM\...\{85F159EB-B0F7-41D2-8BB8-4E310102F63A}) (Version: 4.0.5 - Transmission Project) UE Prerequisites (x64) (HKLM\...\{E171B21A-DA58-432D-A74B-D13B204BA477}) (Version: 1.0.16.0 - Epic Games, Inc.) Hidden UE Prerequisites (x64) (HKLM-x32\...\{aad8a4b2-74da-409d-abb6-79a299008692}) (Version: 1.0.16.0 - Epic Games, Inc.) Hidden USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab) UsbFix Anti-Malware Premium (HKLM-x32\...\Usbfix) (Version: 11.0.5.2 - SOSVirus (SOSVirus.Net)) VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN) WeMod (HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\WeMod) (Version: 9.1.0 - WeMod) WinRAR 7.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.00.0 - win.rar GmbH) WSA PacMan version 1.5.0 (HKLM\...\WSA PacMan_is1) (Version: 1.5.0 - alesimula) Packages: ========= AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt [2024-06-29] (INTEL CORP) [Startup Task] Dev Home (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1601.561.0_x64__8wekyb3d8bbwe [2024-07-17] (Microsoft Corporation) [Startup Task] Dev Home GitHub Extension (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHomeGitHubExtension_0.1600.561.0_x64__8wekyb3d8bbwe [2024-07-19] (Microsoft Corporation) Ink.Handwriting.fr-FR.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.fr-FR.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2024-04-12] (Microsoft Corporation) Ink.Handwriting.fr-FR.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.fr-FR.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2024-04-12] (Microsoft Corporation) Ink.Handwriting.Main.fr-FR.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.fr-FR.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2024-04-12] (Microsoft Corporation) Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2406.5002.0_x64__8wekyb3d8bbwe [2024-07-17] (Microsoft Corporation) [Startup Task] Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.95.0_x64__8wekyb3d8bbwe [2024-07-26] (Microsoft Corporation) MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24071.45.0_x64__cw5n1h2txyewy [2024-08-02] (Microsoft Windows) [Startup Task] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-06-08] (NVIDIA Corp.) Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-08-03] (Microsoft Corporation) [Startup Task] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.327.0_x64__dt26b99r8h8gj [2024-05-17] (Realtek Semiconductor Corp) Sous-système Windows pour Android™ -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2407.40000.0.0_x64__8wekyb3d8bbwe [2024-08-02] (Microsoft Corp.) [Startup Task] Speech Pack - English (Canada) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-CA.1_1.0.7.0_x64__cw5n1h2txyewy [2024-04-28] (Microsoft Windows) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0 [2024-08-04] (Spotify AB) [Startup Task] SynMsiDApp -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynMsiDApp_19005.31005.0.0_x64__807d65c4rvak2 [2024-02-28] (Synaptics Incorporated) TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2024-06-23] (Bytedance Pte. Ltd.) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2429.10.0_x64__cv1g1gvanyjgm [2024-08-02] (WhatsApp Inc.) [Startup Task] WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-12] (Microsoft Corp.) WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-12] (Microsoft Corp.) Windows Feature Experience Pack -> C:\Windows\SystemApps\LKG\MicrosoftWindows.LKG.DesktopSpotlight_cw5n1h2txyewy [2024-07-30] (Microsoft Windows) WinRAR -> C:\Program Files\WinRAR [2024-04-16] (win.rar GmbH) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3853405136-3853919521-2145737437-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\Shell\Open\Command -> C:\Users\utilisateur\AppData\Roaming\TeraBox\terabox.exe (FLEXTECH INC. -> Flextech Inc.) CustomCLSID: HKU\S-1-5-21-3853405136-3853919521-2145737437-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64} -> [TeraBox] => C:\Users\utilisateur\AppData\Roaming\TeraBox\ [0000-00-00 00:00] CustomCLSID: HKU\S-1-5-21-3853405136-3853919521-2145737437-1001_Classes\CLSID\{a398e697-bd60-4066-9498-8488353f3a21}\localserver32 -> C:\Program Files\Maxon\Tools\MxNotify.exe (Maxon Computer GmbH -> ) CustomCLSID: HKU\S-1-5-21-3853405136-3853919521-2145737437-1001_Classes\CLSID\{A725D612-7D72-48B8-857A-4777781F415C}\localserver32 -> C:\Users\utilisateur\AppData\Local\AVG\Browser\Application\127.0.25932.99\notification_helper.exe (AVG Technologies USA, LLC -> Gen Digital Inc.) CustomCLSID: HKU\S-1-5-21-3853405136-3853919521-2145737437-1001_Classes\CLSID\{B43D36BF-EC45-440E-8FDA-E8CDDA458D1C}\InprocServer32 -> C:\Users\utilisateur\AppData\Local\AVG\Browser\Update\1.8.1693.6\psuser_64.dll (AVG Technologies USA, LLC -> Gen Digital Inc.) CustomCLSID: HKU\S-1-5-21-3853405136-3853919521-2145737437-1001_Classes\CLSID\{BEA218D2-6950-497B-9434-61683EC065FE}\InprocServer32 -> C:\Users\utilisateur\AppData\Local\Programs\Python\Launcher\pyshellext.amd64.dll (Python Software Foundation -> Python Software Foundation) CustomCLSID: HKU\S-1-5-21-3853405136-3853919521-2145737437-1001_Classes\CLSID\{C9D22417-34EB-416B-BE82-31D5660097D6}\InprocServer32 -> C:\Users\utilisateur\AppData\Local\AVG\Browser\Update\1.8.1693.6\psuser_64.dll (AVG Technologies USA, LLC -> Gen Digital Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-08-01] (Avast Software s.r.o. -> Gen Digital Inc.) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-08-01] (Avast Software s.r.o. -> Gen Digital Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-01-31] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-08-01] (Avast Software s.r.o. -> Gen Digital Inc.) ContextMenuHandlers1: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\utilisateur\AppData\Roaming\TeraBox\YunShellExt64.dll [2024-08-02] (FLEXTECH INC. -> ) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-08-01] (Avast Software s.r.o. -> Gen Digital Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-01-31] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\utilisateur\AppData\Roaming\TeraBox\YunShellExt64.dll [2024-08-02] (FLEXTECH INC. -> ) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmisi.inf_amd64_1e0c318ff24e26e2\nvshext.dll [2024-06-02] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-01-31] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-08-01] (Avast Software s.r.o. -> Gen Digital Inc.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2024-08-09 20:17 - 2018-04-08 11:10 - 000012800 _____ () [File not signed] C:\Program Files (x86)\USB Disk Security\autotransferpc locales\french.dll 2024-08-09 20:17 - 2013-06-25 14:04 - 000037376 _____ () [File not signed] C:\Program Files (x86)\USB Disk Security\locales\french.dll 2024-08-09 20:17 - 2010-12-08 15:21 - 000753664 _____ (BCGSoft Co Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGPStyle2010Blue150.dll 2024-08-09 20:17 - 2015-01-31 10:08 - 006062080 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGCBPRO1500u80.dll 2024-08-09 20:17 - 2017-08-26 21:51 - 007741952 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\USB Disk Security\BCGCBPRO2000u110.dll 2024-08-09 20:17 - 2017-08-27 16:04 - 000355840 _____ (iMatix Corporation) [File not signed] C:\Program Files (x86)\USB Disk Security\libzmq.dll 2024-08-09 20:17 - 2015-01-31 10:08 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\USB Disk Security\MFC80U.DLL ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://linkzb.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2022-05-07 07:24 - 2024-08-01 01:21 - 000002234 ____R C:\Windows\system32\drivers\etc\hosts 0.0.0.0 virustotal.com 0.0.0.0 www.virustotal.com 0.0.0.0 totalav.com 0.0.0.0 www.totalav.com 0.0.0.0 scanguard.com 0.0.0.0 www.scanguard.com 0.0.0.0 totaladblock.com 0.0.0.0 www.totaladblock.com 0.0.0.0 pcprotect.com 0.0.0.0 www.pcprotect.com 0.0.0.0 mcafee.com 0.0.0.0 www.mcafee.com 0.0.0.0 bitdefender.com 0.0.0.0 www.bitdefender.com 0.0.0.0 us.norton.com 0.0.0.0 www.us.norton.com 0.0.0.0 avg.com 0.0.0.0 www.avg.com 0.0.0.0 malwarebytes.com 0.0.0.0 www.malwarebytes.com 0.0.0.0 pandasecurity.com 0.0.0.0 www.pandasecurity.com 0.0.0.0 avira.com 0.0.0.0 www.avira.com 0.0.0.0 norton.com 0.0.0.0 www.norton.com 0.0.0.0 eset.com 0.0.0.0 www.eset.com 0.0.0.0 zillya.com 0.0.0.0 www.zillya.com 2024-04-21 01:08 - 2024-06-11 03:25 - 000000572 _____ C:\Windows\system32\drivers\etc\hosts.ics 172.30.160.1 Brouhackedme.mshome.net # 2029 6 0 10 1 25 29 772 172.27.48.1 Current-Pc-name.mshome.net # 2029 5 1 28 13 46 25 408 192.168.48.1 DESKTOP-292K2GJ.mshome.net # 2029 4 5 27 19 44 2 964 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. Network Binding: ============= Wi-Fi: Intel(R) Wireless-AC 9462 -> Netwtw08.sys Ethernet: Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30) -> L1C63x64.sys ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3853405136-3853919521-2145737437-1001\...\StartupApproved\Run: => "EpicGamesLauncher" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 01-08-2024 17:35:17 Removed UrbanVPN 02-08-2024 23:27:42 Restore Point Created by FRST 02-08-2024 23:42:26 Restore Point Created by FRST 06-08-2024 15:10:42 Windows Update 09-08-2024 20:47:00 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (08/09/2024 08:50:05 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\USB Disk Security\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2024 08:50:05 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\USB Disk Security\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/09/2024 08:49:36 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Users\utilisateur\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest. Error: (08/09/2024 08:49:36 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Users\utilisateur\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest. Error: (08/09/2024 08:48:42 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Users\utilisateur\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_6ec0f0a887fe525b.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.3672_none_2713b9d173822955.manifest. Error: (08/09/2024 08:47:49 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours.. Error: (08/09/2024 08:47:49 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, Un arrêt système est en cours.] Error: (08/09/2024 08:47:49 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours.. System errors: ============= Error: (08/09/2024 08:47:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error: (08/09/2024 08:47:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error: (08/09/2024 08:47:39 PM) (Source: DCOM) (EventID: 10010) (User: BROUHACKEDME) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (08/09/2024 08:47:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Razer Synapse Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Exécuter le programme de récupération configuré. Error: (08/09/2024 08:47:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Redémarrer le service. Error: (08/09/2024 08:47:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/09/2024 08:47:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avast SecureLine VPN service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Redémarrer le service. Error: (08/09/2024 08:47:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: ================ Date: 2024-07-31 23:58:30 Description: Antivirus Microsoft Defender scan has been stopped before completion. Scan Type: Logiciel anti-programme malveillant Scan Parameters: Analyse rapide Date: 2024-07-30 15:21:14 Description: Antivirus Microsoft Defender has detected potentially unwanted application(PUA). For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Puwaders.C!ml&threatid=242878&enterprise=0 Name: PUA:Win32/Puwaders.C!ml Severity: Faible Category: Logiciel potentiellement non désiré Path: file:_C:\Users\utilisateur\AppData\Roaming\cipher\keys\win86.exe; file:_C:\Windows\System32\Tasks\d2luODY4MDE=->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C816D5CE-A838-492F-90F4-000F9CED6A61}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d2luODY4MDE=; taskscheduler:_C:\Windows\System32\Tasks\d2luODY4MDE= Detection Origin: Ordinateur local Detection Type: Chemin rapide Detection Source: Système Process Name: Unknown Security intelligence Version: AV: 1.415.393.0, AS: 1.415.393.0, NIS: 1.415.393.0 Engine Version: AM: 1.1.24060.5, NIS: 1.1.24060.5 Date: 2024-07-30 13:29:43 Description: Antivirus Microsoft Defender has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/UACBypassExp.T!gen&threatid=2147755449&enterprise=0 Name: Behavior:Win32/UACBypassExp.T!gen Severity: Grave Category: Comportement suspect Path: behavior:_process: C:\Windows\System32\reg.exe, pid:16496:217374045285771; behavior:_process: C:\Windows\System32\reg.exe, pid:5508:217374045285771; regkeyvalue:_HKCU@S-1-5-21-3853405136-3853919521-2145737437-1001\Software\CLASSES\MS-SETTINGS\SHELL\OPEN\COMMAND\\ Detection Origin: Inconnu Detection Type: Concret Detection Source: Système Process Name: Unknown Security intelligence Version: AV: 1.415.393.0, AS: 1.415.393.0, NIS: 1.415.393.0 Engine Version: AM: 1.1.24060.5, NIS: 1.1.24060.5 Date: 2024-07-30 13:29:43 Description: Antivirus Microsoft Defender has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/UACBypassExp.T!gen&threatid=2147755449&enterprise=0 Name: Behavior:Win32/UACBypassExp.T!gen Severity: Grave Category: Comportement suspect Path: behavior:_process: C:\Windows\System32\reg.exe, pid:16496:217374045285771; regkeyvalue:_HKCU@S-1-5-21-3853405136-3853919521-2145737437-1001\Software\CLASSES\MS-SETTINGS\SHELL\OPEN\COMMAND\\ Detection Origin: Inconnu Detection Type: Concret Detection Source: Système Process Name: Unknown Security intelligence Version: AV: 1.415.393.0, AS: 1.415.393.0, NIS: 1.415.393.0 Engine Version: AM: 1.1.24060.5, NIS: 1.1.24060.5 Date: 2024-07-30 13:29:43 Description: Antivirus Microsoft Defender has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/UACBypassExp.T!gen&threatid=2147755449&enterprise=0 Name: Behavior:Win32/UACBypassExp.T!gen Severity: Grave Category: Comportement suspect Path: behavior:_process: C:\Windows\System32\reg.exe, pid:5508:217374045285771; process:_pid:5508,ProcessStart:133668125832558312 Detection Origin: Inconnu Detection Type: Concret Detection Source: Inconnu Process Name: Unknown Security intelligence Version: AV: 1.415.393.0, AS: 1.415.393.0, NIS: 1.415.393.0 Engine Version: AM: 1.1.24060.5, NIS: 1.1.24060.5  CodeIntegrity: =============== Date: 2024-08-09 20:52:17 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2024-08-09 20:49:25 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.24060.7-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2024-08-09 20:49:19 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Users\utilisateur\AppData\Local\Discord\app-1.0.9157\Discord.exe) attempted to load \Device\HarddiskVolume4\ProgramData\obs-studio-hook\graphics-hook64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. E179FIMS.10C 05/22/2019 Motherboard: Micro-Star International Co., Ltd. MS-179F Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz Percentage of memory in use: 72% Total physical RAM: 8038.25 MB Available physical RAM: 2179.48 MB Total Virtual: 19176.9 MB Available Virtual: 12852.32 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.83 GB) (Free:32.16 GB) (Model: KINGSTON RBUSNS8154P3256GJ) NTFS Drive e: (T7 Shield) (Fixed) (Total:931.48 GB) (Free:86.66 GB) (Model: Samsung PSSD T7 Shield SCSI Disk Device) exFAT \\?\Volume{86be39cc-0000-0000-0000-100000000000}\ () (Fixed) (Total:931.51 GB) (Free:931.38 GB) NTFS \\?\Volume{147465bd-9a34-4c55-b093-9f7087bf2a16}\ () (Fixed) (Total:0.53 GB) (Free:0.52 GB) NTFS \\?\Volume{b5dbf0b8-3da4-438e-a013-950a9f64eff2}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 86BE39CC) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (Size: 238.5 GB) (Disk ID: 0FC4D312) Partition: GPT. ========================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: 9555E1F4) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================