Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by Holidea (15-05-2017 10:09:09)
Running from C:\Users\Holidea\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-04 10:04:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1237337697-2235402892-2061835607-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1237337697-2235402892-2061835607-503 - Limited - Disabled)
Guest (S-1-5-21-1237337697-2235402892-2061835607-501 - Limited - Disabled)
Holidea (S-1-5-21-1237337697-2235402892-2061835607-1001 - Administrator - Enabled) => C:\Users\Holidea
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Assistant Mise à niveau de Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17346 - Microsoft Corporation)
Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Belgium e-ID middleware 4.1.10 (build 1698) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A71698}) (Version: 4.1.1698 - Belgian Government)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse)
FortiClient (HKLM\...\{B5E0B33F-91D4-408B-BE40-46BCA75F3914}) (Version: 5.4.0.0780 - Fortinet Inc)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60825 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.60825 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 fr)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 fr)) (Version: 45.8.0 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Office Timeline (HKLM-x32\...\{DF5FA41E-B8BD-4C04-AC56-1B3FE70C6A04}) (Version: 3.13.0 - Office Timeline)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{1686CF99-0F26-4297-9204-7202ABDF9A7C}) (Version: 13.0.14.1720 - SAP)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Fedict SmartCard (08/08/2015 4.1.5) (HKLM\...\9F46F7AB1E3B1B5F5482EA8D97F401B04FBF7958) (Version: 08/08/2015 4.1.5 - Fedict)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6CB226C69644}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {120B2B55-7940-44C6-988A-6CFE0B9B20ED} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-04-28] (Microsoft Corporation)
Task: {1490EC5D-623F-431D-898A-9D9F53CCD7D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {158D4237-1BB0-4173-9052-06298E2B94D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {2A1CD424-65E1-45E7-918B-1E53AE46DF73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {3113566B-53D4-4A3E-833C-D5721E796241} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {3AD41B19-BB81-464E-8404-E3A19E40D2AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {3EF9F995-1717-490B-A057-3AB8D68BADDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {4C5D6EEF-2F95-42F4-8E5F-86C4D6E69DD3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software)
Task: {6166D7F8-678F-4024-A4E6-0634BF1C06D6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {7224DF53-AB75-42E8-AFF8-0DAE48899A48} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {784EB57C-2716-4FE0-850C-7323306A1EB8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {A8350AAB-BDDB-44F1-BE41-6F2E171D8610} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {AC13F8AD-63BA-4E0C-99D3-1442B7EA1590} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-28] (AVAST Software)
Task: {BE0F2390-A170-437F-8CFE-4C4372EE80A3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {C460D7A1-8882-4C0F-B2C5-DC940A2540C9} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-PS28JVB-Holidea => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C864F100-21B2-4F48-9533-FA0F85D73832} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-12] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\SwingNET.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://192.168.178.10/servico -nomerge
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-11 10:25 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-11 10:25 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-04 12:15 - 2016-08-04 12:15 - 00959168 _____ () C:\Users\Holidea\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2017-03-31 10:36 - 2016-10-25 10:57 - 00491184 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-16 13:24 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 11:40 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 11:41 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 11:41 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 11:41 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-11 10:25 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-11 10:25 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2017-03-09 02:16 - 00112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-31 10:36 - 2016-10-25 10:57 - 31723696 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-05-09 09:52 - 2017-05-09 10:23 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 09:52 - 2017-05-09 10:23 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 09:52 - 2017-05-09 10:23 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 09:52 - 2017-05-09 10:23 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-14 09:54 - 2017-03-14 09:55 - 03879424 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-05-10 09:19 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-10 09:19 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-05 09:18 - 2017-05-05 09:19 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-06 09:13 - 2016-06-06 09:13 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2015-10-06 12:08 - 2015-10-06 12:08 - 00552978 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-10 17:14 - 2017-05-10 17:14 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-31 10:36 - 2017-03-14 09:31 - 52051544 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-05-12 21:14 - 2017-05-12 21:14 - 00098816 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32api.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00110080 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\pywintypes27.dll
2017-05-12 21:14 - 2017-05-12 21:14 - 00364544 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\pythoncom27.dll
2017-05-12 21:14 - 2017-05-12 21:14 - 00320512 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32com.shell.shell.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00914432 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_hashlib.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 01176576 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._core_.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00806400 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._gdi_.pyd
2017-05-12 21:15 - 2017-05-12 21:15 - 00816128 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._windows_.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 01067008 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._controls_.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00733184 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._misc_.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00682496 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\pysqlite2._sqlite.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00088064 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_ctypes.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00686080 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\unicodedata.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00119808 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32file.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00108544 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32security.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00007168 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\hashobjs_ext.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00017920 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\thumbnails_ext.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00088064 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\usb_ext.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00012800 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\common.time34.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00018432 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32event.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00167936 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32gui.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00046080 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_socket.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 01303552 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_ssl.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00128512 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_elementtree.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00127488 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\pyexpat.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00038912 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32inet.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00036864 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_psutil_windows.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00524248 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\windows._lib_cacheinvalidation.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00011264 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32crypt.pyd
2017-05-12 21:15 - 2017-05-12 21:15 - 00123392 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._wizard.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00077312 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._html2.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00027648 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_multiprocessing.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00020480 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_yappi.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00035840 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32process.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00078848 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._animate.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00024064 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32pipe.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00010240 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\select.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00025600 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32pdh.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00017408 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32profile.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00022528 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32ts.pyd
2017-03-31 10:47 - 2017-01-25 21:07 - 00118272 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-03-31 10:46 - 2017-01-25 21:07 - 00214528 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-03-31 10:45 - 2017-01-25 21:06 - 00117248 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-03-31 10:47 - 2017-01-25 21:07 - 00125952 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-31 10:46 - 2017-03-14 09:35 - 00099416 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-03-31 10:47 - 2017-01-25 21:07 - 00086528 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-06 14:15 - 2017-05-12 20:55 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 217.112.180.1 - 217.112.180.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{939A16EC-F90D-4441-8EA1-B57FB1BB45D5}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe
FirewallRules: [{13E66770-2921-41F2-89E4-708E1873746B}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe
FirewallRules: [{951AD3F5-661E-4A91-8F1B-B9957B7A8B40}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe
FirewallRules: [{760B31C6-03AA-440B-B748-6E965E173794}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
FirewallRules: [{4BD3FB33-BE8C-433D-AB1C-EAC1EE0CA48A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE6765D2-7D63-43D0-9060-1DF6FD66FA72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31CE30DB-8074-4D2B-8998-F3C258C0B463}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F729758-B794-48D3-83ED-E9CD2636F257}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6F0B8EB-891B-49FA-866D-27BBF32B6E52}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7EA81650-77B4-4AE9-837F-99E8D7423C50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C830A31A-97DB-47CE-BA88-791337DD9E64}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5BBB4DA3-BD48-4373-BE5E-2E829798D958}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{55644BED-BF22-4641-BE83-835F25C529DA}] => (Allow) LPort=2869
FirewallRules: [{A09EB565-4F11-4868-A44A-DE02C5AFD086}] => (Allow) LPort=1900
FirewallRules: [{EE0EE36F-A21C-49B3-BCFE-9C3A1F7E2E78}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E82764B8-E78B-4497-8E75-2AADB8DF4F8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E73B404A-9F83-48AE-9257-11BBE8B462E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2B241952-4EC7-4FD1-8F4B-8DBFE6B7266C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6143D92E-B4C3-48BB-9E10-08EF80978812}C:\users\holidea\downloads\wap300n_win_setup_v1.3.0.0\wap300n_v1.3.0.0_20130702\setup.exe] => (Allow) C:\users\holidea\downloads\wap300n_win_setup_v1.3.0.0\wap300n_v1.3.0.0_20130702\setup.exe
FirewallRules: [UDP Query User{8BF93752-FB7C-4BEB-B671-2E18BC54BB7F}C:\users\holidea\downloads\wap300n_win_setup_v1.3.0.0\wap300n_v1.3.0.0_20130702\setup.exe] => (Allow) C:\users\holidea\downloads\wap300n_win_setup_v1.3.0.0\wap300n_v1.3.0.0_20130702\setup.exe
FirewallRules: [TCP Query User{69757EB8-47AF-49EF-A3B6-15FAA6FB2399}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [UDP Query User{35B9DCC8-F496-4FA5-9F2F-A09CA4763D99}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{699E05FC-652C-416B-9336-284B249E1041}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B11FEFB0-4721-4B07-A5C3-C0E60C5A6267}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
12-05-2017 16:07:36 Removed Composants de sécurité Isabel.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2017 09:09:48 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: DESKTOP-PS28JVB)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe1018
Error: (05/12/2017 08:56:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (05/12/2017 08:54:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/12/2017 04:08:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/12/2017 03:56:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (05/12/2017 03:56:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamservice.exe, version : 3.1.0.479, horodatage : 0x58f6af02
Nom du module défaillant : mbamservice.exe, version : 3.1.0.479, horodatage : 0x58f6af02
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000048a86
ID du processus défaillant : 0xbcc
Heure de début de l’application défaillante : 0x01d2cb0d3878ead3
Chemin d’accès de l’application défaillante : C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Chemin d’accès du module défaillant: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
ID de rapport : 90d47837-f69e-49e8-b397-87dd8206af64
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (05/12/2017 03:54:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/12/2017 03:51:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante SDUpdSvc.exe, version : 2.5.44.79, horodatage : 0x57e24e33
Nom du module défaillant : rtl150.bpl, version : 15.0.3953.35171, horodatage : 0x4cca139f
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000a116
ID du processus défaillant : 0x2690
Heure de début de l’application défaillante : 0x01d2cb100e682352
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
Chemin d’accès du module défaillant: C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl
ID de rapport : db94d560-9a5f-4efd-9891-d2dcfcf26e3e
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (05/12/2017 02:10:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur.
Error: (05/12/2017 01:07:46 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: NT AUTHORITY)
Description: Impossible de redémarrer l’application ou le service « Spybot-S&D 2 Security Center Service ».
System errors:
=============
Error: (05/12/2017 09:20:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 09:17:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Le service Delivery Optimization est en attente de démarrage.
Error: (05/12/2017 09:13:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 09:13:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 09:13:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
et l’APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 09:10:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 08:53:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Restart the service.
Error: (05/12/2017 08:53:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service Microsoft Office « Démarrer en un clic » s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Restart the service.
Error: (05/12/2017 08:53:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service TeamViewer 11 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 2000 millisecondes : Restart the service.
Error: (05/12/2017 08:53:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service SynTPEnh Caller Service s’est terminé de façon inattendue pour la 1ème fois.
CodeIntegrity:
===================================
Date: 2017-05-12 13:46:18.019
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:46:18.015
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:42:22.927
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:42:22.924
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:42:22.921
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:42:22.917
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:33:53.848
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:33:53.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:33:13.079
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:33:13.075
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 8073.3 MB
Available physical RAM: 4533.48 MB
Total Virtual: 10633.3 MB
Available Virtual: 6314.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:416.35 GB) (Free:290.9 GB) NTFS
Drive d: () (Fixed) (Total:48.83 GB) (Free:44.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C1E39A8F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=500 MB) - (Type=27)
==================== End of Addition.txt ============================
Ran by Holidea (15-05-2017 10:09:09)
Running from C:\Users\Holidea\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-04 10:04:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1237337697-2235402892-2061835607-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1237337697-2235402892-2061835607-503 - Limited - Disabled)
Guest (S-1-5-21-1237337697-2235402892-2061835607-501 - Limited - Disabled)
Holidea (S-1-5-21-1237337697-2235402892-2061835607-1001 - Administrator - Enabled) => C:\Users\Holidea
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Assistant Mise à niveau de Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17346 - Microsoft Corporation)
Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Belgium e-ID middleware 4.1.10 (build 1698) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A71698}) (Version: 4.1.1698 - Belgian Government)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse)
FortiClient (HKLM\...\{B5E0B33F-91D4-408B-BE40-46BCA75F3914}) (Version: 5.4.0.0780 - Fortinet Inc)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60825 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.60825 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 fr)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 fr)) (Version: 45.8.0 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Office Timeline (HKLM-x32\...\{DF5FA41E-B8BD-4C04-AC56-1B3FE70C6A04}) (Version: 3.13.0 - Office Timeline)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{1686CF99-0F26-4297-9204-7202ABDF9A7C}) (Version: 13.0.14.1720 - SAP)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Fedict SmartCard (08/08/2015 4.1.5) (HKLM\...\9F46F7AB1E3B1B5F5482EA8D97F401B04FBF7958) (Version: 08/08/2015 4.1.5 - Fedict)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6CB226C69644}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {120B2B55-7940-44C6-988A-6CFE0B9B20ED} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-04-28] (Microsoft Corporation)
Task: {1490EC5D-623F-431D-898A-9D9F53CCD7D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {158D4237-1BB0-4173-9052-06298E2B94D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {2A1CD424-65E1-45E7-918B-1E53AE46DF73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {3113566B-53D4-4A3E-833C-D5721E796241} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {3AD41B19-BB81-464E-8404-E3A19E40D2AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {3EF9F995-1717-490B-A057-3AB8D68BADDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {4C5D6EEF-2F95-42F4-8E5F-86C4D6E69DD3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software)
Task: {6166D7F8-678F-4024-A4E6-0634BF1C06D6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {7224DF53-AB75-42E8-AFF8-0DAE48899A48} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {784EB57C-2716-4FE0-850C-7323306A1EB8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {A8350AAB-BDDB-44F1-BE41-6F2E171D8610} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-28] (Microsoft Corporation)
Task: {AC13F8AD-63BA-4E0C-99D3-1442B7EA1590} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-28] (AVAST Software)
Task: {BE0F2390-A170-437F-8CFE-4C4372EE80A3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {C460D7A1-8882-4C0F-B2C5-DC940A2540C9} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-PS28JVB-Holidea => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {C864F100-21B2-4F48-9533-FA0F85D73832} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-12] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\SwingNET.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://192.168.178.10/servico -nomerge
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-11 10:25 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-11 10:25 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-04 12:15 - 2016-08-04 12:15 - 00959168 _____ () C:\Users\Holidea\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2017-03-31 10:36 - 2016-10-25 10:57 - 00491184 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-16 13:24 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 11:40 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 11:41 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 11:41 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 11:41 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-11 10:25 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-11 10:25 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2017-03-09 02:16 - 00112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-31 10:36 - 2016-10-25 10:57 - 31723696 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-05-09 09:52 - 2017-05-09 10:23 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 09:52 - 2017-05-09 10:23 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 09:52 - 2017-05-09 10:23 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 09:52 - 2017-05-09 10:23 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-14 09:54 - 2017-03-14 09:55 - 03879424 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-05-10 09:19 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-10 09:19 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-05 09:18 - 2017-05-05 09:19 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-06 09:13 - 2016-06-06 09:13 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 09:18 - 2017-05-05 09:19 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2015-10-06 12:08 - 2015-10-06 12:08 - 00552978 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-10 17:14 - 2017-05-10 17:14 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-10 17:15 - 2017-05-10 17:15 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-31 10:36 - 2017-03-14 09:31 - 52051544 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-05-12 21:14 - 2017-05-12 21:14 - 00098816 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32api.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00110080 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\pywintypes27.dll
2017-05-12 21:14 - 2017-05-12 21:14 - 00364544 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\pythoncom27.dll
2017-05-12 21:14 - 2017-05-12 21:14 - 00320512 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32com.shell.shell.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00914432 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_hashlib.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 01176576 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._core_.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00806400 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._gdi_.pyd
2017-05-12 21:15 - 2017-05-12 21:15 - 00816128 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._windows_.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 01067008 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._controls_.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00733184 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._misc_.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00682496 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\pysqlite2._sqlite.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00088064 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_ctypes.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00686080 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\unicodedata.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00119808 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32file.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00108544 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32security.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00007168 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\hashobjs_ext.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00017920 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\thumbnails_ext.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00088064 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\usb_ext.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00012800 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\common.time34.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00018432 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32event.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00167936 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32gui.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00046080 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_socket.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 01303552 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_ssl.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00128512 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_elementtree.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00127488 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\pyexpat.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00038912 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32inet.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00036864 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_psutil_windows.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00524248 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\windows._lib_cacheinvalidation.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00011264 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32crypt.pyd
2017-05-12 21:15 - 2017-05-12 21:15 - 00123392 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._wizard.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00077312 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._html2.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00027648 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_multiprocessing.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00020480 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\_yappi.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00035840 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32process.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00078848 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\wx._animate.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00024064 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32pipe.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00010240 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\select.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00025600 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32pdh.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00017408 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32profile.pyd
2017-05-12 21:14 - 2017-05-12 21:14 - 00022528 ____R () C:\Users\Holidea\AppData\Local\Temp\_MEI61922\win32ts.pyd
2017-03-31 10:47 - 2017-01-25 21:07 - 00118272 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-03-31 10:46 - 2017-01-25 21:07 - 00214528 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-03-31 10:45 - 2017-01-25 21:06 - 00117248 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-03-31 10:47 - 2017-01-25 21:07 - 00125952 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-31 10:46 - 2017-03-14 09:35 - 00099416 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-03-31 10:47 - 2017-01-25 21:07 - 00086528 ____N () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-06 14:15 - 2017-05-12 20:55 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1237337697-2235402892-2061835607-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 217.112.180.1 - 217.112.180.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{939A16EC-F90D-4441-8EA1-B57FB1BB45D5}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe
FirewallRules: [{13E66770-2921-41F2-89E4-708E1873746B}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe
FirewallRules: [{951AD3F5-661E-4A91-8F1B-B9957B7A8B40}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe
FirewallRules: [{760B31C6-03AA-440B-B748-6E965E173794}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
FirewallRules: [{4BD3FB33-BE8C-433D-AB1C-EAC1EE0CA48A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE6765D2-7D63-43D0-9060-1DF6FD66FA72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31CE30DB-8074-4D2B-8998-F3C258C0B463}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F729758-B794-48D3-83ED-E9CD2636F257}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6F0B8EB-891B-49FA-866D-27BBF32B6E52}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7EA81650-77B4-4AE9-837F-99E8D7423C50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C830A31A-97DB-47CE-BA88-791337DD9E64}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5BBB4DA3-BD48-4373-BE5E-2E829798D958}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{55644BED-BF22-4641-BE83-835F25C529DA}] => (Allow) LPort=2869
FirewallRules: [{A09EB565-4F11-4868-A44A-DE02C5AFD086}] => (Allow) LPort=1900
FirewallRules: [{EE0EE36F-A21C-49B3-BCFE-9C3A1F7E2E78}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E82764B8-E78B-4497-8E75-2AADB8DF4F8D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E73B404A-9F83-48AE-9257-11BBE8B462E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2B241952-4EC7-4FD1-8F4B-8DBFE6B7266C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6143D92E-B4C3-48BB-9E10-08EF80978812}C:\users\holidea\downloads\wap300n_win_setup_v1.3.0.0\wap300n_v1.3.0.0_20130702\setup.exe] => (Allow) C:\users\holidea\downloads\wap300n_win_setup_v1.3.0.0\wap300n_v1.3.0.0_20130702\setup.exe
FirewallRules: [UDP Query User{8BF93752-FB7C-4BEB-B671-2E18BC54BB7F}C:\users\holidea\downloads\wap300n_win_setup_v1.3.0.0\wap300n_v1.3.0.0_20130702\setup.exe] => (Allow) C:\users\holidea\downloads\wap300n_win_setup_v1.3.0.0\wap300n_v1.3.0.0_20130702\setup.exe
FirewallRules: [TCP Query User{69757EB8-47AF-49EF-A3B6-15FAA6FB2399}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [UDP Query User{35B9DCC8-F496-4FA5-9F2F-A09CA4763D99}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{699E05FC-652C-416B-9336-284B249E1041}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B11FEFB0-4721-4B07-A5C3-C0E60C5A6267}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
12-05-2017 16:07:36 Removed Composants de sécurité Isabel.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2017 09:09:48 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: DESKTOP-PS28JVB)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe1018
Error: (05/12/2017 08:56:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (05/12/2017 08:54:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/12/2017 04:08:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/12/2017 03:56:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (05/12/2017 03:56:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante mbamservice.exe, version : 3.1.0.479, horodatage : 0x58f6af02
Nom du module défaillant : mbamservice.exe, version : 3.1.0.479, horodatage : 0x58f6af02
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000048a86
ID du processus défaillant : 0xbcc
Heure de début de l’application défaillante : 0x01d2cb0d3878ead3
Chemin d’accès de l’application défaillante : C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Chemin d’accès du module défaillant: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
ID de rapport : 90d47837-f69e-49e8-b397-87dd8206af64
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (05/12/2017 03:54:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (05/12/2017 03:51:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante SDUpdSvc.exe, version : 2.5.44.79, horodatage : 0x57e24e33
Nom du module défaillant : rtl150.bpl, version : 15.0.3953.35171, horodatage : 0x4cca139f
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000a116
ID du processus défaillant : 0x2690
Heure de début de l’application défaillante : 0x01d2cb100e682352
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
Chemin d’accès du module défaillant: C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl
ID de rapport : db94d560-9a5f-4efd-9891-d2dcfcf26e3e
Nom complet du package défaillant :
ID de l’application relative au package défaillant :
Error: (05/12/2017 02:10:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur.
Error: (05/12/2017 01:07:46 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: NT AUTHORITY)
Description: Impossible de redémarrer l’application ou le service « Spybot-S&D 2 Security Center Service ».
System errors:
=============
Error: (05/12/2017 09:20:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 09:17:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Le service Delivery Optimization est en attente de démarrage.
Error: (05/12/2017 09:13:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 09:13:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 09:13:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
et l’APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 09:10:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (05/12/2017 08:53:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Restart the service.
Error: (05/12/2017 08:53:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service Microsoft Office « Démarrer en un clic » s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Restart the service.
Error: (05/12/2017 08:53:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service TeamViewer 11 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 2000 millisecondes : Restart the service.
Error: (05/12/2017 08:53:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service SynTPEnh Caller Service s’est terminé de façon inattendue pour la 1ème fois.
CodeIntegrity:
===================================
Date: 2017-05-12 13:46:18.019
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:46:18.015
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:42:22.927
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:42:22.924
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:42:22.921
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:42:22.917
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:33:53.848
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:33:53.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:33:13.079
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-12 13:33:13.075
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 8073.3 MB
Available physical RAM: 4533.48 MB
Total Virtual: 10633.3 MB
Available Virtual: 6314.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:416.35 GB) (Free:290.9 GB) NTFS
Drive d: () (Fixed) (Total:48.83 GB) (Free:44.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C1E39A8F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=500 MB) - (Type=27)
==================== End of Addition.txt ============================