Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 30-11-2023 02 Exécuté par theot (01-12-2023 11:39:30) Exécuté depuis C:\Users\theot\Downloads Microsoft Windows 11 Famille Version 22H2 22621.2715 (X64) (2023-08-23 13:05:41) Mode d'amorçage: Normal ========================================================== ==================== Comptes: ============================= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) Administrateur (S-1-5-21-1269307599-815623928-429291329-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1269307599-815623928-429291329-503 - Limited - Disabled) Invité (S-1-5-21-1269307599-815623928-429291329-501 - Limited - Disabled) theot (S-1-5-21-1269307599-815623928-429291329-1001 - Administrator - Enabled) => C:\Users\theot WDAGUtilityAccount (S-1-5-21-1269307599-815623928-429291329-504 - Limited - Disabled) ==================== Centre de sécurité ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programmes installés ====================== (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated) Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Inc.) Ankama Launcher 3.10.1 (HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\410fcd79-1be8-5bf1-986e-ea09c55f7edf) (Version: 3.10.1 - Ankama) Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version: - Ubisoft) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach) ASUS PCE-AX1800 Bluetooth Driver (HKLM-x32\...\{F80392A6-68E0-409A-B8B7-D434B204EC71}) (Version: 1.3.14.130 - ASUS) ASUS PCE-AX1800 Dual-Band PCIe Wi-Fi Adapter (HKLM-x32\...\{C180DF90-0CDF-40F3-B9C7-0F36973BBEF7}) (Version: 3.0.1.1203 - ASUS) Audacity 3.3.3 (HKLM\...\Audacity_is1) (Version: 3.3.3 - Audacity Team) blender (HKLM\...\{92BF74A7-0E5F-4774-B711-4914E92EC51B}) (Version: 3.6.0 - Blender Foundation) Corsair iCUE5 Software (HKLM\...\{A9B0B2D7-8C59-4413-A2FB-99EDBE65A608}) (Version: 5.4.98 - Corsair) CurseForge (HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.238.1.1 - Overwolf app) Discord (HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\Discord) (Version: 1.0.9013 - Discord Inc.) Dynamic Application Loader Host Interface Service (HKLM\...\{B8F67CAD-D16A-4AC8-B4F1-3AE8A9FF22F5}) (Version: 1.0.0.0 - Intel Corporation) Hidden Epic Games Launcher (HKLM-x32\...\{80362463-617A-4405-A5C1-EA5974C782BC}) (Version: 1.3.79.0 - Epic Games, Inc.) Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.) f.lux (HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\Flux) (Version: 4.124 - f.lux Software LLC) FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.28.1.0 - COGNOSPHERE PTE. LTD.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.200 - Google LLC) Intel(R) Chipset Device Software (HKLM\...\{22987D97-5A46-4BD9-B1A5-2FFE44201081}) (Version: 10.1.19199.8340 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{e6ecf35a-b1bb-4e59-9d90-4c98fde2ffa8}) (Version: 10.1.19199.8340 - Intel(R) Corporation) Intel(R) Management Engine Components (HKLM\...\{1B2B12B8-AE77-4104-97FE-904274D21B6C}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2230.3.19.0 - Intel Corporation) Intel(R) Management Engine Driver (HKLM\...\{5F953BF8-C54E-4335-B7C9-873508D2CE1A}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) ME WMI Provider (HKLM\...\{2D7D4B84-FDD2-42BC-9B5B-ADAB4E31AC5E}) (Version: 1.0.0.0 - Intel Corporation) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains) Malwarebytes version 4.6.5.293 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.5.293 - Malwarebytes) MasterPlus version 1.9.0 (HKLM-x32\...\{2C3A7142-9B45-4C95-993A-A767C2148583}_is1) (Version: 1.9.0 - ) Microsoft .NET Core Host - 3.1.8 (x64) (HKLM\...\{D375EE6D-18EF-4EC9-8260-555DEB0EE4EC}) (Version: 24.96.29220 - Microsoft Corporation) Hidden Microsoft .NET Core Host FX Resolver - 3.1.8 (x64) (HKLM\...\{907E0A78-B4DF-4E35-9878-FEE2F22B6852}) (Version: 24.96.29220 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.8 (x64) (HKLM\...\{912B84A5-61CC-4308-B244-5C34C2C02899}) (Version: 24.96.29220 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.13 (x64) (HKLM\...\{9511601E-12FF-4972-BF9C-2992F2CA5A32}) (Version: 48.55.52137 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.13 (x64) (HKLM\...\{8CDACE3C-0064-4A17-A02C-49F831D5F73A}) (Version: 48.55.52137 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.13 (x64) (HKLM\...\{5F0DB006-2AE3-4D36-8077-65247FD687D4}) (Version: 48.55.52137 - Microsoft Corporation) Hidden Microsoft ASP.NET Core 6.0.13 - Shared Framework (x64) (HKLM-x32\...\{373915e3-2fa6-41a5-80e3-49fe1115263d}) (Version: 6.0.13.22580 - Microsoft Corporation) Microsoft ASP.NET Core 6.0.13 Shared Framework (x64) (HKLM\...\{A6500837-F3BE-357E-9A21-6A78D098659F}) (Version: 6.0.13.22580 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.72 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.80.0 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM\...\{F3871724-6A58-425C-8E4C-4A54935AA68F}) (Version: 24.96.29220 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM-x32\...\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.13 (x64) (HKLM\...\{8484730A-68A4-4C63-93B4-52628D3B488D}) (Version: 48.55.53270 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.13 (x64) (HKLM-x32\...\{96cf40b0-81d6-43ed-ad0e-611e67899196}) (Version: 6.0.13.32001 - Microsoft Corporation) MuMu Player (HKLM\...\Nemu) (Version: 2.7.23.0 - Netease) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation) NVIDIA Logiciel système PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA Pilote audio HD : 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation) NVIDIA Pilote graphique 537.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.42 - NVIDIA Corporation) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.236.2.2 - Overwolf Ltd.) Proton VPN (HKLM\...\Proton VPN_is1) (Version: 3.2.7 - Proton AG) PureRef (HKLM-x32\...\PureRef) (Version: 1.11.1 - Idyllic Pixel) qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.3 - The qBittorrent project) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.5.18 - Rainmeter) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9430.1 - Realtek Semiconductor Corp.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Twine 2.6.2 (HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\aff064b3-c9ed-5a68-86cc-f57b1a93469d) (Version: 2.6.2 - Chris Klimas) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 93.1 - Ubisoft) UE Prerequisites (x64) (HKLM\...\{90BFD504-ACB6-4FC9-9BA5-964FA4CB76C0}) (Version: 1.0.18.0 - Epic Games, Inc.) Hidden UE Prerequisites (x64) (HKLM-x32\...\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}) (Version: 1.0.18.0 - Epic Games, Inc.) Hidden UJAM 0.4.2 (HKLM\...\cb9258ad-99cf-5f70-9929-e89e2f000533) (Version: 0.4.2 - UJAM Music Technology GmbH) Unity 2022.3.0f1 (HKLM-x32\...\Unity 2022.3.0f1) (Version: 2022.3.0f1 - Unity Technologies ApS) Unity Hub 3.5.0 (HKLM\...\Unity Technologies - Hub) (Version: 3.5.0 - Unity Technologies Inc.) USYNTH 1.2.0 (HKLM\...\5a11f77e-ac4d-4c3d-b9ec-132798189169_is1) (Version: 1.2.0 - UJAM) USYNTH-CORE 1.0.0 (HKLM\...\318c335f-395c-4c32-9d2c-93db8d36f9fd_is1) (Version: 1.0.0 - UJAM) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) WebTorrent (HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\WebTorrent) (Version: 0.24.0 - WebTorrent, LLC) WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH) X-Mouse Button Control 2.20.4 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.20.4 - Highresolution Enterprises) Packages: ========= Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-30] (Microsoft Corp.) Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-11-15] (Microsoft Corporation) Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.3.7.0_x64__8wekyb3d8bbwe [2023-09-12] (Microsoft Studios) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-05-30] (NVIDIA Corp.) Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.1114.0_x64__8wekyb3d8bbwe [2023-11-23] (Microsoft Corporation) Power Automate -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.700.323.0_x64__8wekyb3d8bbwe [2023-11-23] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.39.283.0_x64__dt26b99r8h8gj [2023-10-31] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-05] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0 [2023-11-27] (Spotify AB) [Startup Task] Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-11-15] (Microsoft Corporation) WinRAR -> C:\Program Files\WinRAR [2023-05-29] (win.rar GmbH) ==================== Personnalisé CLSID (Avec liste blanche): ============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) CustomCLSID: HKU\S-1-5-21-1269307599-815623928-429291329-1001_Classes\CLSID\{bdf037d5-d1f4-16de-7c00-9c2204d45001}\localserver32 -> "C:\Program Files\Proton\VPN\v3.0.5\ProtonVPN.exe" -ToastActivated => Pas de fichier ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_97c24e8dfa98e686\nvshext.dll [2023-09-14] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-03-20] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ==================== Codecs (Avec liste blanche) ==================== ==================== Raccourcis & WMI ======================== (Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.) ShortcutWithArgument: C:\Users\theot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Random - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\theot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Théo - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ==================== Modules chargés (Avec liste blanche) ============= 2023-05-28 15:39 - 2023-05-17 20:35 - 000295424 _____ () [Fichier non signé] C:\Program Files (x86)\CoolerMaster\MasterPlus\cm-core-temp.dll 2023-05-28 15:40 - 2023-05-17 20:35 - 000011264 _____ () [Fichier non signé] C:\Program Files (x86)\CoolerMaster\MasterPlus\cm-hook.dll 2023-05-28 15:40 - 2023-05-19 15:45 - 005412864 _____ () [Fichier non signé] C:\Program Files (x86)\CoolerMaster\MasterPlus\CMUOT.dll 2023-05-28 15:40 - 2023-05-17 20:35 - 000014336 _____ () [Fichier non signé] C:\Program Files (x86)\CoolerMaster\MasterPlus\hidapi.dll 2023-05-28 15:39 - 2023-05-19 15:52 - 000190976 _____ () [Fichier non signé] C:\Program Files (x86)\CoolerMaster\MasterPlus\OledDataConvert.dll 2023-05-28 15:39 - 2023-05-17 20:35 - 000060416 _____ (Chicony Electronics Co., Ltd.) [Fichier non signé] C:\Program Files (x86)\CoolerMaster\MasterPlus\audiobox.dll 2023-05-28 15:39 - 2023-05-17 20:35 - 002028032 _____ (CPUID) [Fichier non signé] C:\Program Files (x86)\CoolerMaster\MasterPlus\cpuidsdk.dll 2023-08-27 13:50 - 2023-11-16 11:12 - 000634880 _____ (Microsoft Corporation) [Fichier non signé] C:\WINDOWS\SYSTEM32\gameplatformservices.dll 2023-05-28 15:39 - 2023-05-17 21:01 - 000046080 _____ (OpenLibSys.org) [Fichier non signé] C:\Program Files (x86)\CoolerMaster\MasterPlus\WinRing0.dll ==================== Alternate Data Streams (Avec liste blanche) ======== ==================== Mode sans échec (Avec liste blanche) ================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Avec liste blanche) ================= ==================== Internet Explorer (Avec liste blanche) ========== BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) ==================== Hosts contenu: ========================= (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.) 2022-05-07 06:24 - 2023-11-30 10:25 - 000000878 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 serius.mwbsys.com 0.0.0.0 keystone.mwbsys.com 2023-07-17 20:31 - 2023-07-17 20:31 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Autres zones =========================== (Actuellement, il n'y a pas de correction automatique pour cette section.) HKU\S-1-5-21-1269307599-815623928-429291329-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\theot\Desktop\Img\wallpapers\WPB.png DNS Servers: 10.2.0.1 - 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Le Pare-feu est activé. ==================== MSCONFIG/TASK MANAGER éléments désactivés == (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1269307599-815623928-429291329-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AA78FA1445ACA6BA426004616E7D92D4" ==================== RèglesPare-feu (Avec liste blanche) ================ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) FirewallRules: [{4C8E4EB5-DC1E-4212-80D6-501E66870D84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wandering Village\Windows64\WanderingVillage.exe () [Fichier non signé] FirewallRules: [{F3B26A57-7B43-4BBA-B06A-7E706B27084C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wandering Village\Windows64\WanderingVillage.exe () [Fichier non signé] FirewallRules: [UDP Query User{87F1474C-F97B-46A6-9A9C-09B5A56D01E2}C:\program files\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files\mumu\emulator\nemu\emulatorshell\nemuplayer.exe (NetEase (Hangzhou) Network Co., Ltd -> NetEase, Inc.) FirewallRules: [TCP Query User{EF05D4F3-5E92-4368-8393-47A3791EAFCF}C:\program files\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files\mumu\emulator\nemu\emulatorshell\nemuplayer.exe (NetEase (Hangzhou) Network Co., Ltd -> NetEase, Inc.) FirewallRules: [{7003B86C-5E78-4532-8370-6B7171660F7A}] => (Allow) C:\Program => Pas de fichier FirewallRules: [{70A93109-F74D-4098-B693-835479F02DBC}] => (Allow) C:\Program => Pas de fichier FirewallRules: [{39DB1C3F-0553-481E-AEA8-72A437DA9523}] => (Allow) C:\Program => Pas de fichier FirewallRules: [{F2B56B61-7D0D-4686-BE29-8F8C071E8829}] => (Allow) C:\Program => Pas de fichier FirewallRules: [{1ACD2717-3A9B-44F4-861F-AFDAE21F52A5}] => (Allow) C:\Program => Pas de fichier FirewallRules: [{1C4BC9D3-E31C-4745-9830-5F6E09AFD5BA}] => (Allow) C:\Program => Pas de fichier FirewallRules: [UDP Query User{58BBA039-5B18-4808-A58A-B7B1E54D191D}C:\users\theot\appdata\local\webtorrent\app-0.24.0\webtorrent.exe] => (Allow) C:\users\theot\appdata\local\webtorrent\app-0.24.0\webtorrent.exe (WEBTORRENT, LLC -> WebTorrent) FirewallRules: [TCP Query User{97DA305D-525A-4671-8C36-CA9392BF2766}C:\users\theot\appdata\local\webtorrent\app-0.24.0\webtorrent.exe] => (Allow) C:\users\theot\appdata\local\webtorrent\app-0.24.0\webtorrent.exe (WEBTORRENT, LLC -> WebTorrent) FirewallRules: [{4C1E2F61-82FE-4AC8-9CA2-DC3BBEC405C4}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.) FirewallRules: [UDP Query User{EA3710EF-2C1D-4E14-83A4-BF8C92D982EC}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => Pas de fichier FirewallRules: [TCP Query User{8F66A2D2-BE35-4BDA-B6D8-3B8295669064}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => Pas de fichier FirewallRules: [UDP Query User{D61B7270-85F9-4FF1-9BA6-C3F7FA167359}C:\program files\epic games\ue_5.2\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_5.2\engine\binaries\dotnet\swarmagent.exe => Pas de fichier FirewallRules: [TCP Query User{76E06761-F9E1-4A8D-AA10-EB2DB6FD2D7E}C:\program files\epic games\ue_5.2\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\ue_5.2\engine\binaries\dotnet\swarmagent.exe => Pas de fichier FirewallRules: [{343444C7-8F5D-4C0A-8F9E-446C68B8041C}] => (Allow) E:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Fichier non signé] FirewallRules: [{4CCCBD5A-85FE-46F9-A507-E5343FC01B55}] => (Allow) E:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Fichier non signé] FirewallRules: [{E23A5182-414B-496B-9F59-0ACAC72DB092}] => (Block) C:\Program Files\Unity\Hub\Editor\2022.3.0f1\Editor\Unity.exe (Unity Technologies ApS -> Unity Technologies) FirewallRules: [{04176189-A01E-4D05-A722-1F3688034C69}] => (Allow) C:\Program Files\Unity\Hub\Editor\2022.3.0f1\Editor\Unity.exe (Unity Technologies ApS -> Unity Technologies) FirewallRules: [UDP Query User{C3C9D74D-F838-4048-BD26-B2E4E973E0ED}C:\program files\epic games\ue_5.2\engine\binaries\win64\unrealeditor.exe] => (Allow) C:\program files\epic games\ue_5.2\engine\binaries\win64\unrealeditor.exe => Pas de fichier FirewallRules: [TCP Query User{D5C6C718-7AC7-4E95-8264-2E17E34EFFC7}C:\program files\epic games\ue_5.2\engine\binaries\win64\unrealeditor.exe] => (Allow) C:\program files\epic games\ue_5.2\engine\binaries\win64\unrealeditor.exe => Pas de fichier FirewallRules: [UDP Query User{99026DD9-23E8-4A92-A609-31604810C133}C:\users\theot\appdata\local\unrealengine\common\unrealtrace\bin\0001000d\unrealtraceserver.exe] => (Allow) C:\users\theot\appdata\local\unrealengine\common\unrealtrace\bin\0001000d\unrealtraceserver.exe (Epic Games Inc. -> Epic Games) FirewallRules: [TCP Query User{55D6F8DA-222B-45DD-AB08-14AF56015D04}C:\users\theot\appdata\local\unrealengine\common\unrealtrace\bin\0001000d\unrealtraceserver.exe] => (Allow) C:\users\theot\appdata\local\unrealengine\common\unrealtrace\bin\0001000d\unrealtraceserver.exe (Epic Games Inc. -> Epic Games) FirewallRules: [UDP Query User{13974D51-6966-4F38-A3DE-2C5D2E8FF208}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{676F5746-126B-4649-8628-72A8500CAD6C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{00C70C1F-6387-4F4F-85A6-FD501602EC81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> ) FirewallRules: [{46CB3C06-7161-4129-9C90-9B47B05FE5E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> ) FirewallRules: [{79777287-BE1A-44D3-A223-7D3B913CFEC8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{A6AD0197-D782-4E1D-B05D-EA5CE560B402}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{30CDAEF4-AEEC-4F1C-8549-D97A01714621}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{4EBA5B74-AFFA-4B4B-A462-23FE50F2D1B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [UDP Query User{D3F5F3AC-C44B-49E6-ABD6-A120CD2C433C}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{02CD577D-E2DE-41A3-8D4E-145B903CD747}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{163DE645-4632-4DB7-A279-CC5B0BE434FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{9FA230AF-2F53-4B79-AEFC-1276A315A4B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{361AC043-0C30-4F25-A035-35E5A45950BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{DF4A69A6-C491-46CC-B2BA-FCBA36D000D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{6CA31EDA-DB47-4A11-90FD-FF94C89A100D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{7366949F-41B3-4567-A281-44B5FCF6163C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{3B5A1714-4243-42FE-9516-0C86A9099E2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe => Pas de fichier FirewallRules: [{5A4F61B3-A701-4228-8904-E039977927BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe => Pas de fichier FirewallRules: [TCP Query User{EB5D484E-A4A9-4DD4-BB9A-BF58858582E5}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => Pas de fichier FirewallRules: [UDP Query User{FD2CD7C6-D077-47B7-B3A1-A4B0C6F73C5E}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => Pas de fichier FirewallRules: [{5F3B52BF-F83E-4EC5-AD84-F54FDF0E4C16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dome Keeper\domekeeper.exe (Godot Engine) [Fichier non signé] FirewallRules: [{D70B4FAA-4545-4CD5-B71B-D4BE34274053}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dome Keeper\domekeeper.exe (Godot Engine) [Fichier non signé] FirewallRules: [{1A568EAE-6D3F-4D28-AC87-5FF89297E1C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdoms and Castles\KingdomsAndCastles.exe () [Fichier non signé] FirewallRules: [{7879F2EE-3BA1-4ACC-BF8C-489B97BA754D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdoms and Castles\KingdomsAndCastles.exe () [Fichier non signé] FirewallRules: [{414213C0-9F83-4EA0-B296-A1D5DEB5EFA5}] => (Allow) E:\Jeux Epic Gams\Anno 1800\Bin\Win64\Anno1800.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{B03116BE-2322-4E1D-B934-9E28D1775662}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{6626631B-7E6E-4F3F-BB96-D9A6793A2459}C:\users\theot\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\theot\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe FirewallRules: [UDP Query User{39C6F9A1-44A3-4D4B-8A0B-AFB457762E55}C:\users\theot\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\theot\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe FirewallRules: [{43C0FE2B-DB6A-4784-88C5-93FE7CF99BE6}] => (Allow) E:\Overwolf\0.236.0.11\OverwolfBrowser.exe => Pas de fichier FirewallRules: [{99B68F2A-D024-4687-82F0-F1B86D96B9DD}] => (Allow) E:\Overwolf\0.236.0.11\OverwolfBrowser.exe => Pas de fichier FirewallRules: [{5B979602-2FC8-4A7C-8F7F-40208D032FCD}] => (Block) E:\Overwolf\0.236.0.11\OverwolfBrowser.exe => Pas de fichier FirewallRules: [{DEBAE86E-21B5-4D86-8E17-D78BC0B57101}] => (Block) E:\Overwolf\0.236.0.11\OverwolfBrowser.exe => Pas de fichier FirewallRules: [{CBB67C79-FAF1-40CB-AD56-44FF3B33D110}] => (Allow) E:\Overwolf\0.236.2.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{187F3469-50C7-4131-9791-E6150932A7FC}] => (Allow) E:\Overwolf\0.236.2.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{2394DD6F-772D-47F8-BB2C-E95D6C2C1AA0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{FDB343EC-A6FD-4757-9F2B-215B881434BA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{CE2DC13C-D90D-44DF-AFCB-D62CC156235D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{47335D54-3C20-4FE5-A566-A05CDC07903B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{61525C4F-017A-4A1F-9CD6-3EF129E39057}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3FC19C4F-7AFD-451E-BEE0-37F46872A818}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{48765653-3274-45B6-8981-44B1AE524C08}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{FDFDF977-6BD4-498C-B86C-F466D447613C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{13394A33-E0BE-4073-ACC0-253D3B1F01E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E0FDCC07-D7BE-4E80-B054-833813B3DE4E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F5799DA5-480B-430D-A360-61675D3E00D1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{58B151C3-5C3B-4C8A-AA17-F4015555D56A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D6D824E7-78B3-4CE8-80BF-5B285697EFFD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Points de restauration ========================= 01-12-2023 11:20:34 Windows Update ==================== Éléments en erreur du Gestionnaire de périphériques ============ ==================== Erreurs du Journal des événements: ======================== Erreurs Application: ================== Error: (11/30/2023 03:23:44 PM) (Source: Application Error) (EventID: 1000) (User: BABEV2) Description: Nom de l’application défaillante msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Nom du module défaillant : msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000064939 ID du processus défaillant : 0x0x6ee8 Heure de début de l’application défaillante : 0x0x1da238675fae5a6 Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe Chemin d’accès du module défaillant: C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe ID de rapport : 26d870f5-51f4-4645-a366-59b81cae50bb Nom complet du package défaillant : MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : msteamsupdate Error: (11/30/2023 10:20:57 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . Error: (11/30/2023 10:20:57 AM) (Source: VSS) (EventID: 13) (User: ) Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] Error: (11/27/2023 12:19:52 AM) (Source: Application Error) (EventID: 1000) (User: BABEV2) Description: Nom de l’application défaillante msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Nom du module défaillant : msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000069932 ID du processus défaillant : 0x0x6a20 Heure de début de l’application défaillante : 0x0x1da20bf0e8ec233 Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe Chemin d’accès du module défaillant: C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe ID de rapport : dced84ad-b905-4763-983e-7a7c2130df7e Nom complet du package défaillant : MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : msteamsupdate Error: (11/24/2023 12:44:33 PM) (Source: Application Error) (EventID: 1000) (User: BABEV2) Description: Nom de l’application défaillante msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Nom du module défaillant : msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000069932 ID du processus défaillant : 0x0x4c70 Heure de début de l’application défaillante : 0x0x1da1ecb96a49cd2 Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe Chemin d’accès du module défaillant: C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe ID de rapport : 727cd890-dac8-497f-8427-91ae166c98cb Nom complet du package défaillant : MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : msteamsupdate Error: (11/21/2023 10:46:15 AM) (Source: Application Error) (EventID: 1000) (User: BABEV2) Description: Nom de l’application défaillante msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Nom du module défaillant : msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000069932 ID du processus défaillant : 0x0x8568 Heure de début de l’application défaillante : 0x0x1da1c5f90cc3735 Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe Chemin d’accès du module défaillant: C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe ID de rapport : 5c32c766-5593-4c41-92fd-7bc0a0e0a1e5 Nom complet du package défaillant : MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : msteamsupdate Error: (11/15/2023 05:07:23 PM) (Source: Application Error) (EventID: 1000) (User: BABEV2) Description: Nom de l’application défaillante PhoneExperienceHost.exe, version : 1.23092.151.0, horodatage : 0x653067fb Nom du module défaillant : YourPhone.AppCore.WinRT.dll, version : 1.23092.151.0, horodatage : 0x65415070 Code d’exception : 0xc0000409 Décalage d’erreur : 0x0000000000032b1d ID du processus défaillant : 0x0x2830 Heure de début de l’application défaillante : 0x0x1da179c0f35856d Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23092.151.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe Chemin d’accès du module défaillant: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23092.151.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.WinRT.dll ID de rapport : a673df44-9109-4e85-aa03-2f7c5fb75e2e Nom complet du package défaillant : Microsoft.YourPhone_1.23092.151.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : App Error: (11/15/2023 01:00:08 PM) (Source: Application Error) (EventID: 1000) (User: BABEV2) Description: Nom de l’application défaillante msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Nom du module défaillant : msteamsupdate.exe, version : 23285.3703.2471.4627, horodatage : 0x65385b25 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000069932 ID du processus défaillant : 0x0x16f0 Heure de début de l’application défaillante : 0x0x1da17bb463d261d Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe Chemin d’accès du module défaillant: C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteamsupdate.exe ID de rapport : 22d7dcb6-267f-4e5d-a46a-f1d81e0fe4c7 Nom complet du package défaillant : MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : msteamsupdate Erreurs système: ============= Error: (12/01/2023 11:09:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service NVIDIA LocalSystem Container s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 6000 millisecondes : Redémarrer le service. Error: (12/01/2023 11:09:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service ProtonVPN Service s’est terminé de façon inattendue pour la 1ème fois. Error: (12/01/2023 11:09:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Steam Client Service s’est terminé de façon inattendue pour la 1ème fois. Error: (12/01/2023 11:09:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service CoolerMaster MasterPlus Technology Service s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 5000 millisecondes : Redémarrer le service. Error: (12/01/2023 11:09:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Corsair iCUE Update Service s’est terminé de façon inattendue pour la 1ème fois. Error: (12/01/2023 11:09:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Corsair Service s’est terminé de façon inattendue pour la 1ème fois. Error: (12/01/2023 11:09:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service NVIDIA Display Container LS s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 6000 millisecondes : Redémarrer le service. Error: (12/01/2023 11:09:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Realtek Audio Universal Service s’est terminé de façon inattendue pour la 1ème fois. Windows Defender: ================ Date: 2023-12-01 10:58:50 Description: L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin. ID de l’analyse : {9F248154-646A-4EF0-9AE3-7E8D252CBCC7} Type de l’analyse : Logiciel anti-programme malveillant Paramètres de l’analyse : Analyse rapide Utilisateur : AUTORITE NT\Système Date: 2023-11-29 15:16:33 Description: L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin. ID de l’analyse : {8BF86B29-AA8A-4311-AAED-517BAB24EBE7} Type de l’analyse : Logiciel anti-programme malveillant Paramètres de l’analyse : Analyse rapide Utilisateur : AUTORITE NT\Système Date: 2023-11-28 16:34:01 Description: L’analyse Antivirus Microsoft Defender a été arrêtée avant la fin. ID de l’analyse : {82A39BC4-1055-4499-93DB-9ACB1E57DB43} Type de l’analyse : Logiciel anti-programme malveillant Paramètres de l’analyse : Analyse rapide Utilisateur : AUTORITE NT\Système Date: 2023-11-27 11:57:32 Description: Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable. Pour plus d’informations, reportez-vous aux éléments suivants : https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/CryptInject&threatid=2147727613&enterprise=0 Nom : Trojan:Win64/CryptInject ID : 2147727613 Gravité : Grave Catégorie : Cheval de Troie Chemin : file:_C:\Windows\System32\ServiceInstaller.exe Origine de la détection : Ordinateur local Type de détection : Chemin rapide Source de détection : Protection en temps réel Utilisateur : Babev2\theot Nom du processus : C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe Version de la veille de sécurité : AV: 1.401.1247.0, AS: 1.401.1247.0, NIS: 1.401.1247.0 Version du moteur : AM: 1.1.23100.2009, NIS: 1.1.23100.2009 Date: 2023-11-27 11:57:31 Description: Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable. Pour plus d’informations, reportez-vous aux éléments suivants : https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Casdet!rfn&threatid=2147727512&enterprise=0 Nom : Trojan:Win32/Casdet!rfn ID : 2147727512 Gravité : Grave Catégorie : Cheval de Troie Chemin : file:_C:\Windows\System32\ServiceInstaller.msi; file:_C:\Windows\System32\StartupCheck.vbs Origine de la détection : Ordinateur local Type de détection : Chemin rapide Source de détection : Protection en temps réel Utilisateur : Babev2\theot Nom du processus : C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe Version de la veille de sécurité : AV: 1.401.1247.0, AS: 1.401.1247.0, NIS: 1.401.1247.0 Version du moteur : AM: 1.1.23100.2009, NIS: 1.1.23100.2009  CodeIntegrity: =============== Date: 2023-11-30 11:48:56 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Infos Mémoire =========================== BIOS: American Megatrends International, LLC. 1.08 11/28/2022 Carte mère: ASRock B760 Pro RS Processeur: 12th Gen Intel(R) Core(TM) i7-12700KF Pourcentage de mémoire utilisée: 31% Mémoire physique - RAM - totale: 32602.26 MB Mémoire physique - RAM - disponible: 22243.52 MB Mémoire virtuelle totale: 35802.26 MB Mémoire virtuelle disponible: 22313.18 MB ==================== Lecteurs ================================ Drive c: () (Fixed) (Total:464.97 GB) (Free:227.99 GB) (Model: Samsung SSD 850 EVO 500GB) NTFS Drive d: (Réservé au système) (Fixed) (Total:0.49 GB) (Free:0.45 GB) (Model: ST1000DM003-1SB10C) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecteur)] Drive e: () (Fixed) (Total:930.55 GB) (Free:718.38 GB) (Model: ST1000DM003-1SB10C) NTFS \\?\Volume{ad403959-1038-4f91-a803-15bf4b2ce242}\ () (Fixed) (Total:0.67 GB) (Free:0.07 GB) NTFS \\?\Volume{e3ea8617-0000-0000-0000-80c2e8000000}\ () (Fixed) (Total:0.47 GB) (Free:0.45 GB) NTFS \\?\Volume{35c04e06-d157-46d1-98f4-8345a524e43e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Table des partitions ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: C6C41CA1) Partition: GPT. ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E3EA8617) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=483 MB) - (Type=27) ==================== Fin de Addition.txt =======================