Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by usager (10-08-2018 08:15:02)
Running from C:\Users\usager\Desktop
Windows 10 Pro Version 1803 17134.167 (X64) (2018-06-08 12:12:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1825687960-3022857215-1108298767-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1825687960-3022857215-1108298767-503 - Limited - Disabled)
Guest (S-1-5-21-1825687960-3022857215-1108298767-501 - Limited - Disabled)
usager (S-1-5-21-1825687960-3022857215-1108298767-1002 - Administrator - Enabled) => C:\Users\usager
WDAGUtilityAccount (S-1-5-21-1825687960-3022857215-1108298767-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Apple Application Support (32 bits) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
CPUID HWMonitor 1.35 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.35 - CPUID, Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo II (HKU\S-1-5-21-1825687960-3022857215-1108298767-1002\...\Diablo II) (Version: - )
Discord (HKU\S-1-5-21-1825687960-3022857215-1108298767-1002\...\Discord) (Version: 0.0.301 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.)
iTunes (HKLM\...\{A4D80761-AAC2-4DD7-A695-1ABE5196C5A5}) (Version: 12.8.0.150 - Apple Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
K-Lite Codec Pack 13.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1825687960-3022857215-1108298767-1002\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 61.0.2 (x64 fr)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.2 - pdfforge GmbH)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-06-26] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04B54963-4342-45E2-9FBE-AC053606C858} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcTrigger
Task: {0733707B-D295-46FE-8705-E18E44A6D3C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {16028F93-E75E-4326-8871-1950A6ED262B} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-12-20] ()
Task: {1CB08D5D-4C70-4AE3-9D26-BB3280B97AAC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {28545150-896B-4B66-90C3-BFBD14C5C4EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
Task: {37998222-5E50-4A48-88D9-0AC3D719140C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {4227E32A-303C-4A45-AFF0-A9C5C8BC6A69} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {48825839-469A-4CC9-9264-E603C2F6BBAB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {53657101-B440-4115-AFAA-AFEEBAE200B2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {577EC1F6-6BED-4DF1-888E-FFB99CDA6A1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {63C6C255-6AA7-413C-84DE-0057F8B1EA99} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {67C3E190-B3B9-4E53-9375-ACC62951A8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
Task: {8852FCED-A950-4C50-8B16-3832F41C5E31} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
Task: {95C3C90F-39CF-4AD2-B21F-812149491D0A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-30] (Microsoft Corporation)
Task: {BF5F0779-E41C-46AC-B028-90A011E3C4BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-22] (Google Inc.)
Task: {CCF2FE39-6CB8-4408-BFE1-8F4A1A87E08E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-22] (Google Inc.)
Task: {CDEB59FC-D611-45D8-844D-8BBCD31D7CE8} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {DEF95416-5FEA-42C1-ACF9-5275E3824838} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {E0B9D6E4-9E8F-4E8F-8CC5-03963F46FF2A} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1825687960-3022857215-1108298767-1002

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-01-26 13:51 - 2016-11-14 07:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-02 20:22 - 2018-07-12 01:37 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-02-23 02:49 - 2017-02-23 02:49 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 15:56 - 2018-07-06 02:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 16:39 - 2018-07-17 16:41 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 16:39 - 2018-07-17 16:41 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 16:39 - 2018-07-17 16:42 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 16:39 - 2018-07-17 16:41 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 16:39 - 2018-07-17 16:40 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-07-06 02:00 - 2018-07-06 02:00 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2018-06-02 23:11 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\usager\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-06-02 23:11 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\usager\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-06-02 23:11 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\usager\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-06-02 23:11 - 2018-08-03 11:12 - 011303256 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-06-02 23:11 - 2018-07-19 05:51 - 001635160 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-06-02 23:11 - 2018-06-02 23:11 - 000512856 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-06-02 23:11 - 2018-06-30 09:27 - 001648984 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-06-02 23:11 - 2018-08-09 17:26 - 001739608 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
2018-06-02 23:11 - 2018-06-02 23:11 - 002722648 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-06-02 23:11 - 2018-06-02 23:11 - 001910104 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-06-02 23:11 - 2018-06-02 23:11 - 000422744 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-06-02 23:11 - 2018-06-02 23:11 - 000145240 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-06-02 23:13 - 2018-06-02 23:13 - 002760536 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-06-02 23:13 - 2018-06-02 23:13 - 001249112 _____ () \\?\C:\Users\usager\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1825687960-3022857215-1108298767-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1825687960-3022857215-1108298767-1002\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 17:03 - 2017-03-18 17:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1825687960-3022857215-1108298767-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\usager\Desktop\Photos\ninja-scroll-ninja-scroll-26136702-500-375.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{83780D4E-F4C5-421D-B7B5-AEE312CFB120}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{99C3347E-5A98-40CF-8795-B090EF09CB6B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{ECD0DD6F-9393-4157-A8C1-73AD1676C6DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B3630369-3BC0-4CA6-89CD-4C21643F23D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{21E4A7FE-147B-4D1D-A0E1-1C3A7188D7FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{720DF08B-34AB-4E5E-929B-75CDAE1994D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A1FF22D-5E15-4888-BDF8-5D9013AC09A4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{6072F3B7-E8FB-47F6-8575-CFB72BAB3236}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A58E43EC-2017-4091-BCE7-6F152F9972C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6DBECB35-D17D-4152-A674-80B99A07BE2B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9445BE51-AEC4-4041-A45C-1ECD8CF2AEB8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{1B469F4B-887F-483F-9CB9-14B0BC86C57E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{68CF8C01-950E-478D-9B06-17D912011569}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{926FFFCD-3B92-4347-B417-FEC015D9DFE9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{C0D9897C-DB98-455F-AAFC-15FF16C6B3D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{91DB9CA4-B95A-4594-977B-61FF58BC4D9C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{663BEA33-5BDF-41A4-A536-D6191969B851}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FD52F96D-6EF6-4553-B46B-056935DCF15D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6E20F442-C0FF-467A-A804-A9300E9118EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FDEE1AF4-5B6B-46CB-917C-C5C0028EBAEB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{2C00ED54-3946-4744-8B3F-3CB4FBF93787}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{97D13CE2-3BA8-45E9-B0B9-F1CCF96F0DD2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E8D83218-C78B-4004-AE59-F785CBBE027D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7E61260F-E66E-4C14-B337-16CD2C1B87A7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-07-2018 03:04:21 Scheduled Checkpoint
31-07-2018 23:03:42 Windows Modules Installer
02-08-2018 07:03:38 Windows Modules Installer
03-08-2018 13:04:33 Windows Modules Installer
04-08-2018 17:04:07 Windows Modules Installer
06-08-2018 01:03:58 Windows Modules Installer
07-08-2018 15:03:44 Windows Modules Installer
08-08-2018 17:06:23 Windows Modules Installer
09-08-2018 19:03:42 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2018 08:10:07 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-2R99FVN)
Description: httphttp-2147467263

Error: (08/10/2018 08:09:19 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0xC004F074
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/10/2018 08:09:19 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Échec de l’activation des licences (slui.exe) avec le code d’erreur suivant :
hr=0xC004F074
Arguments de la ligne de commande :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/10/2018 08:05:18 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application : Explorer.EXE
Version du Framework : v4.0.30319
Description : le processus a été arrêté en raison d'une exception non gérée.
Informations sur l'exception : code d'exception c0000005, adresse d'exception 00007FFBF545A510

Error: (08/10/2018 07:59:38 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-2R99FVN)
Description: httphttp-2147467263

Error: (08/10/2018 05:05:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme HxOutlook.exe version 16.0.10325.20091 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 27a0

Heure de début : 01d43089407df5f1

Heure de fin : 4294967295

Chemin d'accès de l'application : C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe\HxOutlook.exe

ID de rapport : dc3ea51d-f7e5-4302-a912-72987ebc420c

Nom complet du package défaillant : microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe

ID de l'application relative au package défaillant : microsoft.windowslive.mail

Error: (08/10/2018 04:50:26 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-2R99FVN)
Description: Microsoft.VCLibs.140.00_8wekyb3d8bbwe-2147024893

Error: (08/10/2018 04:50:26 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-2R99FVN)
Description: Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe-2147024893


System errors:
=============
Error: (08/10/2018 08:10:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscBrokerManager
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/10/2018 08:10:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscDataProtection
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/10/2018 08:08:52 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2R99FVN)
Description: Le serveur microsoft.windowscommunicationsapps_16005.10325.20091.0_x64__8wekyb3d8bbwe!microsoft.windowslive.mail ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (08/10/2018 02:59:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscDataProtection
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/10/2018 02:59:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscBrokerManager
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/10/2018 02:59:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscBrokerManager
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/10/2018 02:59:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscBrokerManager
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/09/2018 01:24:05 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2R99FVN)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
et l’APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
au SID DESKTOP-2R99FVN\usager de l’utilisateur (S-1-5-21-1825687960-3022857215-1108298767-1002) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.


Windows Defender:
===================================
Date: 2018-08-10 03:05:02.973
Description:
Antivirus Windows Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0
Nom : HackTool:Win32/AutoKMS!rfn
ID : 2147692752
Gravité : High
Catégorie : Tool
Chemin : file:_C:\Windows\System32\SppExtComObjPatcher.exe
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : NT AUTHORITY\SYSTEM
Nom du processus : C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Version de la signature : AV: 1.273.1136.0, AS: 1.273.1136.0, NIS: 1.273.1136.0
Version du moteur : AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2018-08-10 03:03:54.967
Description:
Antivirus Windows Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0
Nom : HackTool:Win32/AutoKMS!rfn
ID : 2147692752
Gravité : High
Catégorie : Tool
Chemin : file:_C:\Windows\System32\SppExtComObjPatcher.exe
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : NT AUTHORITY\SYSTEM
Nom du processus : C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Version de la signature : AV: 1.273.1136.0, AS: 1.273.1136.0, NIS: 1.273.1136.0
Version du moteur : AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2018-08-10 03:01:47.565
Description:
Antivirus Windows Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS!rfn&threatid=2147692752&enterprise=0
Nom : HackTool:Win32/AutoKMS!rfn
ID : 2147692752
Gravité : High
Catégorie : Tool
Chemin : file:_C:\Windows\System32\SppExtComObjPatcher.exe
Origine de la détection : Ordinateur local
Type de détection : Concret
Source de détection : Protection en temps réel
Utilisateur : NT AUTHORITY\SYSTEM
Nom du processus : C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Version de la signature : AV: 1.273.1136.0, AS: 1.273.1136.0, NIS: 1.273.1136.0
Version du moteur : AM: 1.1.15100.1, NIS: 1.1.15100.1

Date: 2018-08-10 03:00:02.115
Description:
L’analyse Antivirus Windows Defender a été arrêtée avant la fin.
ID de l’analyse : {4BE7FA5E-4EF3-4D2E-B5F3-658B289BC052}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse complète
Utilisateur : DESKTOP-2R99FVN\usager

Date: 2018-08-10 02:59:47.984
Description:
L’analyse Antivirus Windows Defender a été arrêtée avant la fin.
ID de l’analyse : {F9EC59DB-8114-4F90-8F36-6D7239E56D3B}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse complète
Utilisateur : DESKTOP-2R99FVN\usager

Date: 2018-07-10 14:18:53.634
Description:
Antivirus Windows Defender a rencontré une erreur lors d la mise à jour des signatures.
Nouvelle version de la signature :
Version précédente de la signature : 1.271.778.0
Source de mise à jour : Serveur Microsoft Update
Type de signature : Anti-virus
Type de mise à jour : Complet
Utilisateur : NT AUTHORITY\SYSTEM
Version actuelle du moteur :
Version précédente du moteur : 1.1.15000.2
Code d’erreur : 0x80070643
Description de l’erreur : Fatal error during installation.

CodeIntegrity:
===================================

Date: 2018-08-10 08:00:00.375
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-24 22:16:50.154
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-24 22:16:49.056
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-19 10:46:41.571
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-19 10:46:40.377
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-18 03:31:04.430
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 71%
Total physical RAM: 4086.36 MB
Available physical RAM: 1179.53 MB
Total Virtual: 6262.36 MB
Available Virtual: 2689.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.1 GB) (Free:100.3 GB) NTFS

\\?\Volume{0003aeb0-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{0003aeb0-0000-0000-0000-d02525000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 0003AEB0)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=468 MB) - (Type=27)

==================== End of Addition.txt ============================