Erreur Windows script host et autres - page 2 - Désinfections

Forum Security-X > Désinfections

Erreur Windows script host et autres

<< < (2/5) > >>

chantal11:
Re,

Utilise le site d'hébergement http://security-x.fr/up/ comme indiqué.
Je t'ai indiqué aussi une aide en images pour héberger un rapport http://forum.security-x.fr/cours-et-tutoriels-322/(tutoriel)-impression-d%27ecran-et-hebergement-de-rapport/msg60884/#msg60884

@+

babou24520:
Bonsoir,

Excusez moi j'ai relu votre message et ai suivi les instructions "parcourir .....etc"

babou24520:

Forum | Blog | Upload | Tools SX | Laddy Tools | Parcourir les derniers fichiers uploadés | Quelques stats

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by User (25-05-2018 17:43:46)
Running from C:\Users\User\Downloads
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-15 19:58:34)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3720972687-864130830-563301350-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3720972687-864130830-563301350-503 - Limited - Disabled)
Guest (S-1-5-21-3720972687-864130830-563301350-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3720972687-864130830-563301350-1003 - Limited - Enabled)
User (S-1-5-21-3720972687-864130830-563301350-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-3720972687-864130830-563301350-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Online (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Norton 360 Online (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Online (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Backup and Sync from Google (HKLM\...\{C388B258-2CE7-4CA5-8007-9DEF6DF80787}) (Version: 3.42.9747.1898 - Google, Inc.)
Dell SupportAssist (HKLM\...\{122666A9-2995-4E47-A75E-6423A827B7AF}) (Version: 2.2.0.244 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Étude pour l'amélioration du produit HP ENVY 4500 series (HKLM\...\{CBCCA175-DA19-424B-9D9F-5343140C884F}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
FreeStyle Libre (HKLM-x32\...\FreeStyle Libre 1.0) (Version: 1.0 - Abbott Diabetes Care)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Heredis 11 (HKLM-x32\...\Heredis 11_is1) (Version: - BSD Concept)
HP ENVY 4500 series Aide (HKLM-x32\...\{BAF28CCD-121D-4C6C-B29D-4F7B51B2D1B4}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{1E7FD6C6-0112-4BDA-A488-C6245E105BFB}) (Version: 12.9.18.3 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
K-Lite Codec Pack 13.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.2.0 - KLCP)
Logiciel de base du périphérique HP ENVY 4500 series (HKLM\...\{9A9B64A8-A9E8-4588-B924-D1898D3E6355}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.93 - MediatekWiFi)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3720972687-864130830-563301350-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
Mozilla Firefox 60.0.1 (x64 fr) (HKLM\...\Mozilla Firefox 60.0.1 (x64 fr)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Norton 360 Online (HKLM-x32\...\NGC) (Version: 22.14.0.54 - Symantec Corporation)
Online Games Manager v1.50 (HKLM-x32\...\Online Games Manager) (Version: 1.50.4 - Real Networks, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-21] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\buShell.dll [2018-04-04] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\buShell.dll [2018-04-04] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\buShell.dll [2018-04-04] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\buShell.dll [2018-04-04] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\buShell.dll [2018-04-04] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\buShell.dll [2018-04-04] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\buShell.dll [2018-04-04] (Symantec Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-21] (Google)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\NavShExt.dll [2018-04-04] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\NavShExt.dll [2018-04-04] (Symantec Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-21] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\buShell.dll [2018-04-04] (Symantec Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\NavShExt.dll [2018-04-04] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12602C65-D536-4728-AC0B-273CE629701C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {13792652-A14D-4924-8DAF-B03D800BFE80} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {1D0C82FF-640C-49EF-A9AF-94C1C02C05AF} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {2E56FDF1-E21A-499D-A99F-1427A9669918} - System32\Tasks\S-1-5-21-3720972687-864130830-563301350-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {356099A7-0017-4538-B505-800735020AE0} - System32\Tasks\Norton 360\Norton 360 Online Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\SymErr.exe [2018-04-04] (Symantec Corporation)
Task: {3A50B979-AF1C-4615-8514-4D7105A01976} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2018-04-04] (Symantec Corporation)
Task: {3AB90337-18CA-4C54-BEA2-4203ADC340FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-28] (Google Inc.)
Task: {4B465A02-B0A5-4169-9477-0FF82B6F7F48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-11-21] (HP Inc.)
Task: {5C825989-3326-4E58-AE74-B01EBB63DA8F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7F261C30-D2F0-4571-A381-BC99F417B0B8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-05-03] (Dell Inc.)
Task: {869E75B7-46ED-451C-9D6B-DA9251656545} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {88BD167D-B63D-41FA-B5EF-B00DE9BA728C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {9F07D25F-9135-4A2C-A354-7D5C0D6EA4F6} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-05-24] ()
Task: {A0B8875C-E122-4B2E-97B8-A2624401FF36} - System32\Tasks\Skype => C:\Users\User\AppData\Roaming\Colis-Disponible.vbs
Task: {B2649C5E-DC3C-418A-B201-3E3231363234} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-23] (Microsoft Corporation)
Task: {B9EB6FE2-01A1-4C01-9D34-0A69A2F1D1B2} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {BA8944D7-65C4-4D3B-859B-A19D8B62AF1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-28] (Google Inc.)
Task: {BC2DFF72-AF5D-4EBD-A0EA-8825723A6B56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {BD056948-CACA-4139-9177-35BF62658681} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-23] (Microsoft Corporation)
Task: {C27332CD-F956-493F-8484-CAB3E15A9E90} - System32\Tasks\Norton 360\Norton 360 Online Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\SymErr.exe [2018-04-04] (Symantec Corporation)
Task: {CDE88807-5785-439C-927A-4B278B60005D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {D2E92165-93EF-473A-84EE-19559C57856E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-23] (Microsoft Corporation)
Task: {D5A22D0E-E66E-496D-8D58-C62A6D055782} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-04] (HP Inc.)
Task: {D6DAAB72-B00A-4FC8-8253-CD8CBB4C2363} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {E15E3124-E27F-47B1-8965-C895310AEB6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-11-21] (HP Inc.)
Task: {E580A435-0709-483D-8813-2AEAE5ACF01C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-23] (Microsoft Corporation)
Task: {F864E2D1-D95D-48AD-B772-EB803E346814} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\WSCStub.exe [2018-04-04] (Symantec Corporation)
Task: {FB5294C7-39A9-42BB-A159-493CC9AC83D7} - System32\Tasks\Norton 360\Norton 360 Online Autofix => C:\Program Files (x86)\Norton 360\Engine\22.14.0.54\SymErr.exe [2018-04-04] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-18 21:27 - 2016-01-19 09:16 - 000285184 _____ () C:\Program Files (x86)\FreeStyle Libre\MAS.FreeStyleLibre.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 01:35 - 2018-04-12 18:19 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002068480 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000402432 _____ () C:\Windows\ShellExperiences\PeopleBarContainer.dll
2017-12-18 21:27 - 2016-01-19 09:16 - 000081408 _____ () C:\Program Files (x86)\FreeStyle Libre\MASLaunchClient.FreeStyleLibre.exe
2017-11-30 21:56 - 2014-11-20 18:08 - 001216144 _____ () C:\Program Files (x86)\MediatekWiFi\Common\RaWLAPI.dll
2018-05-03 11:03 - 2018-05-03 11:03 - 001184256 _____ () C:\Users\User\AppData\Local\Facebook\Games\CefSharp.Core.dll
2018-05-03 11:03 - 2018-05-03 11:03 - 071641088 _____ () C:\Users\User\AppData\Local\Facebook\Games\libcef.dll
2018-05-03 11:03 - 2018-05-03 11:03 - 000774656 _____ () C:\Users\User\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3720972687-864130830-563301350-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "errorlog.txt"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-3720972687-864130830-563301350-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3720972687-864130830-563301350-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{52FDB3FF-EC80-4383-8138-E7099AB004A1}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
FirewallRules: [{CDE9C8C6-BA15-4117-98A2-01FDD5C5DB8B}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe
FirewallRules: [{06C13D5B-9569-44EC-A73C-E7937089E1A5}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe
FirewallRules: [{B454F57D-0BE5-468E-9E05-BF6E928B9F09}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{099794BC-9B78-42EE-B917-0456202C4714}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{7027A5EB-08CA-4223-96AD-278A968E1711}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS2304\HPDiagnosticCoreUI.exe
FirewallRules: [{40B65817-4DD8-44F1-83B5-2CF2C59C4C78}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS2304\HPDiagnosticCoreUI.exe
FirewallRules: [{0C80BF7F-14A4-4F47-8192-B5FEC0269EAB}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{3411373B-0320-4B81-A9A3-DF60180F3E93}] => (Allow) LPort=5357
FirewallRules: [{B5B81D09-0771-4DEE-930B-D25EB3070208}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D1E5F78F-B813-41A1-B3BF-D25822894AC3}] => (Allow) C:\Program Files (x86)\AirMyPC\AirMyPC.exe
FirewallRules: [{B999EB72-7756-403A-971E-68E3C530B78B}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerRecover\ApowerRecover.exe
FirewallRules: [{32EF8F39-1565-4F2E-B09F-53E636B9B151}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerRecover\ApowerRecover.exe
FirewallRules: [{1E48F4FF-6455-4183-A3F6-5B6BFDB2997C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-05-2018 22:45:17 Removed DriversCloud.com (64 bits)
19-05-2018 13:06:38 Installed HP Support Solutions Framework

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2018 11:54:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (05/24/2018 06:40:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme Microsoft.Photos.exe version 2018.18031.15820.0 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.

ID de processus : 1204

Heure de début : 01d3f3771e908918

Heure de fin : 4294967295

Chemin d'accès de l'application : C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID de rapport : ee71bedc-cf66-4077-8241-9f2bcd78216c

Nom complet du package défaillant : Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe

ID de l'application relative au package défaillant : App

Error: (05/24/2018 04:40:09 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (05/24/2018 03:01:41 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (05/24/2018 03:01:33 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (05/24/2018 03:01:33 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (05/23/2018 02:11:06 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

Error: (05/22/2018 11:51:05 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: Object reference not set to an instance of an object.

System errors:
=============
Error: (05/25/2018 12:01:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (05/25/2018 12:01:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscDataProtection
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (05/25/2018 12:00:07 AM) (Source: NetBT) (EventID: 4300) (User: )
Description: Le pilote n’a pas pu être créé.

Error: (05/25/2018 12:00:07 AM) (Source: NetBT) (EventID: 4300) (User: )
Description: Le pilote n’a pas pu être créé.

Error: (05/24/2018 11:06:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscDataProtection
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (05/24/2018 11:05:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (05/24/2018 11:03:42 PM) (Source: DCOM) (EventID: 10010) (User: BABOU24520)
Description: Le serveur {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (05/24/2018 05:32:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Windows Defender:
===================================
Date: 2018-05-19 01:57:29.828
Description:
L’analyse Antivirus Windows Defender a été arrêtée avant la fin.
ID de l’analyse : {5477B4FC-D769-46F9-A288-CE7BD82E7220}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : NT AUTHORITY\SYSTEM

Date: 2018-05-16 19:21:12.560
Description:
L’analyse Antivirus Windows Defender a été arrêtée avant la fin.
ID de l’analyse : {E3C80D3F-4FB8-41FF-AC54-60BFFCB26EFC}
Type de l’analyse : Logiciel anti-programme malveillant
Paramètres de l’analyse : Analyse rapide
Utilisateur : BABOU24520\User

Date: 2018-05-16 18:01:54.770
Description:
La fonctionnalité de protection en temps réel Antivirus Windows Defender a rencontré une erreur et échoué.
Fonctionnalité : Analyse du comportement
Code d’erreur : 0x80508023
Description de l’erreur : The program could not find the malware and other potentially unwanted software on this device.
Raison : La protection contre les logiciels malveillants a cessé de fonctionner pour une raison inconnue. Dans certains cas, le redémarrage du service peut résoudre le problème.

Date: 2018-05-16 14:55:13.506
Description:
La fonctionnalité de protection en temps réel Antivirus Windows Defender a rencontré une erreur et échoué.
Fonctionnalité : Analyse du comportement
Code d’erreur : 0x80508023
Description de l’erreur : The program could not find the malware and other potentially unwanted software on this device.
Raison : La protection contre les logiciels malveillants a cessé de fonctionner pour une raison inconnue. Dans certains cas, le redémarrage du service peut résoudre le problème.

CodeIntegrity:
===================================

Date: 2018-05-23 02:48:43.828
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20180522.065\IPSEng64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-22 17:24:15.238
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20180522.063\IPSEng64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-22 02:12:17.253
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20180521.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-19 01:59:05.543
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20180518.061\IPSEng64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-17 02:41:37.574
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20180516.063\IPSEng64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-16 10:19:06.697
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20180515.063\IPSEng64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 80%
Total physical RAM: 3956.61 MB
Available physical RAM: 786.45 MB
Total Virtual: 7912.61 MB
Available Virtual: 2506.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.57 GB) (Free:847.55 GB) NTFS

\\?\Volume{953ad9e2-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{953ad9e2-0000-0000-0000-b0c3e8000000}\ () (Fixed) (Total:0.45 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 953AD9E2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 MB) - (Type=27)

==================== End of Addition.txt ============================

chantal11:
Re,

C'est le lien obtenu que tu dois poster.

Il manque le rapport FRST.txt.

@+

babou24520:
ok voici le lienhttps://up.security-x.fr/file.php?h=R7f86bf0f32a676c5040521438dbad4a4

ainsi que celui du rapport txt :https://up.security-x.fr/file.php?h=R2067e39784055ced14fdfc599584e28f

Navigation

[0] Index des messages

[#] Page suivante

[*] Page précédente

Sortir du mode mobile