cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
Ran by alariooroo (2015-08-09 18:14:13)
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrateur (S-1-5-21-3177946053-2272163753-275163162-500 - Administrator - Disabled)
alariooroo (S-1-5-21-3177946053-2272163753-275163162-1001 - Administrator - Enabled) => C:\Users\admin
DefaultAccount (S-1-5-21-3177946053-2272163753-275163162-503 - Limited - Disabled)
Invité (S-1-5-21-3177946053-2272163753-275163162-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Clubic Bons Plans (HKU\S-1-5-21-3177946053-2272163753-275163162-1001\...\{5D1237D9-AFBD-4B4E-A617-4CFFF74D638D}_is1) (Version: 1.0 - M6 Web)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Enregistrement utilisateur de Canon MP550 series (HKLM-x32\...\Enregistrement utilisateur de Canon MP550 series) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Orange Inside (HKU\S-1-5-21-3177946053-2272163753-275163162-1001\...\Orange Inside) (Version: V1.4.3.5 - Orange)
Panneau de configuration NVIDIA 353.54 (Version: 353.54 - NVIDIA Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3177946053-2272163753-275163162-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

07-08-2015 10:20:52 Fin de désinfection
09-08-2015 17:59:40 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0096E8DD-EE18-432A-9488-E0B8D87C41EC} - System32\Tasks\{81DEEA71-E9D3-4F22-83BF-531C5179F254} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE" -d C:\Windows\System32 -c -o
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {1641F54C-1E57-4902-AB65-EE2B65E5629D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1D3D099E-EE1E-4907-8BA2-BA8F12D11AA6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation)
Task: {2C97A00A-1C5C-4318-B5CC-8A1A126B77F9} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {3051EBB1-99BC-4B7E-9101-00294BA24BDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {338F9C3D-B2DC-4925-AF4B-7421FCB05D47} - System32\Tasks\{E8D083DB-ECDE-49B3-A680-98E955857460} => pcalua.exe -a "C:\Users\admin\Downloads\abiword-setup-2-9-4 (1).exe" -d C:\Users\admin\Downloads
Task: {354C2AAB-DCEF-45C2-AA50-1F102B5344A7} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4454A8D0-2E4E-4A02-BF67-48DF6A7BFAB4} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {445F5902-F46A-4AFD-8EDC-13F9BB9E8B11} - System32\Tasks\Microsoft\Windows\orangeinside => C:\Users\admin\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [2015-04-22] (Orange)
Task: {5E5515C1-7D87-4904-B9CE-FD29EB2ADB72} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {6DC9B1F3-513D-4265-8C43-222099E32706} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-22] (Google Inc.)
Task: {711EE2F9-A611-4773-AF8E-D4B278A6718D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {744C9FEA-08B7-43E1-A729-0F94647D655C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {77675D73-F453-4E58-9C07-F6D1230E7827} - System32\Tasks\{A158E6AE-95EE-4FB1-B7AA-679BEA1B5807} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7A003965-A297-4DC6-B15B-852D798391E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\Windows\system32\MusNotification.exe [2015-08-07] (Microsoft Corporation)
Task: {7FF9EE70-E04C-4F2C-8C77-DC0B2FF9BEC1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {813D3CFB-3914-47F1-80CE-D80173160ADF} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-08-07] (Microsoft Corporation)
Task: {8CFCF3E6-C59E-46B5-BAB2-90E44247F231} - System32\Tasks\{2AD848AC-7FF2-46B2-AC92-01432F323891} => pcalua.exe -a C:\Users\admin\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=face
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-07] (Microsoft Corporation)
Task: {A162068A-9883-453B-95BC-F6FD279E3BB2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {A364E297-00AD-490D-900E-22AC34598C71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {AC29E64E-3271-47BA-B8F1-914523CF379B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
Task: {B4451359-BBF3-4667-AE81-4312DA76A2F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {B9B36D41-C776-424E-9A13-5387E17A2CEB} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation)
Task: {BA2DEF5F-FC2F-417C-9E42-9BD36EB2CFC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-22] (Google Inc.)
Task: {C2162702-FFEB-48C0-AA5F-2DA3A8887D61} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C70114B4-8F73-4534-ACA8-CCCCC402DE77} - System32\Tasks\{6C749501-8E62-49E4-89B6-8269C4B58538} => pcalua.exe -a D:\Autorun\autorun.exe -d D:\Autorun
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D2401052-A382-42DE-9C79-D1CF3563F654} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {DAF2BAE3-1C5B-4CB5-9F62-0911C031A15A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation)
Task: {E797A6BF-DBB8-435F-8B53-A42D915B2E8A} - System32\Tasks\{4EC1FBD7-2BE7-490B-A6DD-3C1425A6A560} => pcalua.exe -a C:\ProgramData\RandomDealApp\RandomDealApp.exe -c /progname=RandomDealApp /progver=3.4.2 /progpub=RandomDealApp /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-08-07] (Microsoft Corporation)
Task: {FC2405E9-E4D5-4C1D-9DB8-BE3E8C1D8D64} - System32\Tasks\{5B32B03B-1E38-4B2F-AA06-255AEC05879F} => pcalua.exe -a F:\Downloads\all_MediaPlayer.exe -d F:\Downloads
Task: {FD91146D-3C3C-4728-B04D-459008B5587F} - System32\Tasks\{16CC1D26-AE0E-4254-B12F-13737B84EE62} => pcalua.exe -a D:\install.EXE -d D:\ -c /AUTORUN

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => 0x000A0100533DD8BC8603E44AA72DDF4A229795834600D400000000003C000A00200000000014730F000000000513040020200401000000000000000000000000000000000000180043003A005C00570049004E0044004F00570053005C006500780070006C006F007200650072002E0065007800650000000C002F004E004F0055004100430043004800450043004B000000000018004500780070006C006F007200650072005300680065006C006C0055006E0065006C00650076006100740065006400000000000000080003130400000000000000
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-07 09:58 - 2015-08-07 09:58 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-07 09:10 - 2015-07-13 19:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-07 09:58 - 2015-08-07 09:58 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-07 09:58 - 2015-08-07 09:58 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-07 09:58 - 2015-08-07 09:58 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-07 09:58 - 2015-08-07 09:58 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:28 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-07 09:58 - 2015-08-07 09:58 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-07 09:58 - 2015-08-07 09:58 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3177946053-2272163753-275163162-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "InstallerLauncher"
HKLM\...\StartupApproved\Run32: => "Google Desktop Search"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKU\S-1-5-21-3177946053-2272163753-275163162-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-3177946053-2272163753-275163162-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6E037804-9555-4F5A-A2E8-790455F67EFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CFFC29A0-54E7-40CD-95D8-1E154E21EFE1}] => (Allow) C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [{DD5BA98D-6B81-4958-89C5-45E4BC6DD09F}] => (Allow) C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [UDP Query User{4108C07A-F893-4E97-A1CA-EB927A42B630}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{45129501-EF5B-4286-8946-2138FA193528}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D82F359F-4F88-4706-92BC-F5AACF9ECA09}] => (Allow) C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [{3B6A7222-8A33-4D8C-9142-D2E96ED4C3A2}] => (Allow) C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
FirewallRules: [UDP Query User{60371419-FAA3-473E-9D41-9A16B9C59580}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{04D56A88-18F4-497A-BC6B-0F1E6F23B43D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2015 06:03:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante OHub.exe, version : 16.0.6105.2351, horodatage : 0x55c26502
Nom du module défaillant : Mso30Imm.dll, version : 16.0.6014.1000, horodatage : 0x55a5783f
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000012b70
ID du processus défaillant : 0xfd8
Heure de début de l’application défaillante : 0xOHub.exe0
Chemin d’accès de l’application défaillante : OHub.exe1
Chemin d’accès du module défaillant: OHub.exe2
ID de rapport : OHub.exe3
Nom complet du package défaillant : OHub.exe4
ID de l’application relative au package défaillant : OHub.exe5

Error: (08/09/2015 05:59:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.
.

Error: (08/09/2015 05:59:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.


Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {f9726973-99e4-41db-abe9-5bcf37df4886}

Error: (08/09/2015 05:52:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: home)
Description: Échec de l’activation de l’application Microsoft.Getstarted_2.2.7.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca avec l’erreur : -2144927149 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (08/09/2015 05:10:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante OHub.exe, version : 16.0.6105.2351, horodatage : 0x55c26502
Nom du module défaillant : Mso30Imm.dll, version : 16.0.6014.1000, horodatage : 0x55a5783f
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000012b70
ID du processus défaillant : 0x97c
Heure de début de l’application défaillante : 0xOHub.exe0
Chemin d’accès de l’application défaillante : OHub.exe1
Chemin d’accès du module défaillant: OHub.exe2
ID de rapport : OHub.exe3
Nom complet du package défaillant : OHub.exe4
ID de l’application relative au package défaillant : OHub.exe5

Error: (08/09/2015 04:12:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: home)
Description: Échec de l’activation de l’application Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub avec l’erreur : -2147023170 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (08/09/2015 04:12:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: home)
Description: Échec de l’activation de l’application Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub avec l’erreur : -2147023170 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (08/08/2015 11:46:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.
.

Error: (08/08/2015 11:46:33 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.


Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {e2ace754-7b9c-40dc-9252-fcc3db8e0be4}

Error: (08/08/2015 10:51:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante SystemSettingsBroker.exe, version : 10.0.10240.16384, horodatage : 0x559f39c2
Nom du module défaillant : KERNELBASE.dll, version : 10.0.10240.16384, horodatage : 0x559f38c3
Code d’exception : 0xe06d7363
Décalage d’erreur : 0x000000000002a1c8
ID du processus défaillant : 0x144
Heure de début de l’application défaillante : 0xSystemSettingsBroker.exe0
Chemin d’accès de l’application défaillante : SystemSettingsBroker.exe1
Chemin d’accès du module défaillant: SystemSettingsBroker.exe2
ID de rapport : SystemSettingsBroker.exe3
Nom complet du package défaillant : SystemSettingsBroker.exe4
ID de l’application relative au package défaillant : SystemSettingsBroker.exe5


System errors:
=============
Error: (08/09/2015 06:00:36 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Windows Search, mais cette action a échoué en raison de l’erreur suivante :
%%1056

Error: (08/09/2015 06:00:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Hôte de synchronisation_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.

Error: (08/09/2015 06:00:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Programme d’installation pour les modules Windows s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 120000 millisecondes : Redémarrer le service.

Error: (08/09/2015 06:00:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (08/09/2015 06:00:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service MBAMService s’est terminé de façon inattendue pour la 1ème fois.

Error: (08/09/2015 06:00:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service VIA Karaoke digital mixer Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (08/09/2015 06:00:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Machine Debug Manager s’est terminé de façon inattendue pour la 1ème fois.

Error: (08/09/2015 06:00:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service MBAMScheduler s’est terminé de façon inattendue pour la 1ème fois.

Error: (08/09/2015 06:00:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Adobe Acrobat Update Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (08/09/2015 06:00:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Spouleur d’impression s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 5000 millisecondes : Redémarrer le service.


Microsoft Office:
=========================
Error: (08/09/2015 06:03:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OHub.exe16.0.6105.235155c26502Mso30Imm.dll16.0.6014.100055a5783fc00000050000000000012b70fd801d0d2bcdf2f6fc8C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6105.23511.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6105.23511.0_x64__8wekyb3d8bbwe\Mso30Imm.dll8e156fd6-1395-4430-8f5e-f58a3b3fa512Microsoft.MicrosoftOfficeHub_17.6105.23511.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub

Error: (08/09/2015 05:59:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.

Error: (08/09/2015 05:59:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Accès refusé.


Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {f9726973-99e4-41db-abe9-5bcf37df4886}

Error: (08/09/2015 05:52:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: home)
Description: Microsoft.Getstarted_2.2.7.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca-2144927149

Error: (08/09/2015 05:10:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OHub.exe16.0.6105.235155c26502Mso30Imm.dll16.0.6014.100055a5783fc00000050000000000012b7097c01d0d2b56a7ee319C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6105.23511.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6105.23511.0_x64__8wekyb3d8bbwe\Mso30Imm.dllb5ece887-4789-40a9-b47a-96e8b1e8a5baMicrosoft.MicrosoftOfficeHub_17.6105.23511.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub

Error: (08/09/2015 04:12:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: home)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub-2147023170

Error: (08/09/2015 04:12:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: home)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub-2147023170

Error: (08/08/2015 11:46:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.

Error: (08/08/2015 11:46:33 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Accès refusé.


Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {e2ace754-7b9c-40dc-9252-fcc3db8e0be4}

Error: (08/08/2015 10:51:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SystemSettingsBroker.exe10.0.10240.16384559f39c2KERNELBASE.dll10.0.10240.16384559f38c3e06d7363000000000002a1c814401d0d1b658cd0a37C:\Windows\System32\SystemSettingsBroker.exeC:\WINDOWS\system32\KERNELBASE.dll6b1a46cc-4529-43c5-beb2-5265ff634001


CodeIntegrity:
===================================
Date: 2015-08-08 19:26:06.966
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 19:26:06.937
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 19:26:06.913
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 19:26:06.871
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 19:26:06.848
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 19:26:06.825
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 19:26:06.802
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 19:26:06.777
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 19:26:05.842
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 19:26:05.052
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3979.57 MB
Available physical RAM: 2514.5 MB
Total Virtual: 8331.57 MB
Available Virtual: 7009.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:269.66 GB) (Free:204.38 GB) NTFS
Drive e: (Disque local E) (Fixed) (Total:195.31 GB) (Free:194.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 53597B86)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=269.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 MB) - (Type=27)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End of log ============================

Publicité


Signaler le contenu de ce document

Publicité