Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015 Ran by Ali at 2015-06-13 13:21:22 Running from C:\Users\Ali\Desktop\SUPPR VIRUS Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrateur (S-1-5-21-3195047193-392384213-1903880517-500 - Administrator - Disabled) Ali (S-1-5-21-3195047193-392384213-1903880517-1002 - Administrator - Enabled) => C:\Users\Ali Invité (S-1-5-21-3195047193-392384213-1903880517-501 - Limited - Disabled) UpdatusUser (S-1-5-21-3195047193-392384213-1903880517-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.6.142.61624 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.6.142.61624 - Alcor Micro Corp.) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.29 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.) Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.) Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform) Centre Souris et Claviers Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation) Centre Souris et Claviers Microsoft (Version: 2.1.177.0 - Microsoft Corporation) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) CodeBlocks (HKU\S-1-5-21-3195047193-392384213-1903880517-1002\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team) CopyTrans Suite désinstallation uniquement (HKU\S-1-5-21-3195047193-392384213-1903880517-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dota 2 Stream Browser (HKLM-x32\...\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}) (Version: - "") <==== ATTENTION Enregistrement utilisateur de Canon MG3200 series (HKLM-x32\...\Enregistrement utilisateur de Canon MG3200 series) (Version: - Canon Inc.‎) Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Lab Inc.) Free WMA MP3 Converter (HKLM-x32\...\Free WMA MP3 Converter) (Version: - ) Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Greenshot 1.2.4.10 (HKLM\...\Greenshot_is1) (Version: 1.2.4.10 - Greenshot) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professionnel Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft) Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft) Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft) Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Pilote 3D Vision 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation) NVIDIA Pilote graphique 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Panneau de configuration NVIDIA 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink) scilab-5.5.1 (64-bit) (HKLM\...\scilab-5.5.1 (64-bit)_is1) (Version: - Scilab Enterprises) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-040C-1000-0000000FF1CE}_Office15.PROPLUS_{DD51BA84-F589-4939-B5FE-5538B3DCC12E}) (Version: - Microsoft) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Driver Package - ASUS (ATP) Mouse (07/28/2012 1.0.0.108) (HKLM\...\9B634C8DF2662B6B0212BF0B7547894BF2B5359F) (Version: 07/28/2012 1.0.0.108 - ASUS) Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3195047193-392384213-1903880517-1002_Classes\CLSID\{88D969EB-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll (Microsoft Corporation) ==================== Restore Points ========================= 27-05-2015 09:01:58 Windows Update 01-06-2015 19:34:44 Windows Update 05-06-2015 18:56:25 Windows Update 10-06-2015 21:19:54 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2013-12-22 15:53 - 00000853 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {161C15DA-9847-4822-BBDE-A13ED5116D4D} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\Ali\AppData\Roaming\~ywvlamf.exe Task: {27842C8F-E1A3-444B-A70B-08603F6B8164} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {2FB6BAC7-D637-484F-8955-B5889B058934} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {342D4AE5-4EFE-4B65-AFDE-A9921335D969} - System32\Tasks\WIN-statsSystem => C:\Users\Ali\AppData\Local\Microsoft\WinU\~uzluayx.exe Task: {39BEE212-4F46-44A6-BBF7-5802363FEB47} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft) Task: {3CC95634-00AD-412C-BB9F-7EE5B8B29819} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3EB3256E-878D-4176-98DF-AD9C1A8BCA6C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {409AF948-99C4-4C65-BAF3-7ECBC45CC3A3} - System32\Tasks\IcnIzzRQLOQhwvX => C:\Users\Ali\AppData\Roaming\JP4HnIi\yfw7992.exe Task: {41EE857A-17EA-4A6F-8500-9991E7434A99} - System32\Tasks\{709F6462-DDA3-485D-8F9B-07ECCB21A8EA} => pcalua.exe -a C:\Users\Ali\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=tugs Task: {42792BC8-C383-4949-B97E-B966766ED7F8} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {456E0D05-8039-4C9D-921A-B5E1DDCD98B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {5F681F48-CDFD-4958-A291-AF823D3A8904} - System32\Tasks\{31A1ADD7-5C44-475D-8E18-C59982FDA05E} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {604DCEDD-B5A3-45E7-9F93-A0D7C3ECACD2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {64BD23DD-3D49-428C-8608-7C3A9144B753} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {66F0D431-5CF0-4BCE-AB7A-74EBF56E05A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.) Task: {6868653C-F94D-4A6D-AEBF-5DB8799FB1B7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation) Task: {697CC766-418C-4457-A5BA-E91ED7B3078C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {69EE1FB7-5694-4322-A966-56DB1443914B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.) Task: {7DCE0D89-29A5-4167-ADBD-42D2BF8D26EE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {87696FF3-233B-46A7-B660-FE46B4EAFBC9} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS) Task: {95990BEF-82FC-4CC7-B2F4-DB69D098FCDE} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS) Task: {9C0AA36B-E7FC-4D18-81E0-8030D7ACEAA8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-11-26] () Task: {9D871F77-C081-4939-B5B3-5DC6AF6ABAB6} - System32\Tasks\WIN-statsAdmin => C:\Users\Ali\AppData\Local\Microsoft\WinU\~rakbibj.exe <==== ATTENTION Task: {A9005457-FE0E-4456-8DA9-928DA1BE1AA6} - System32\Tasks\eLy4d4fb44boqRZ => C:\Users\Ali\AppData\Roaming\5pAABNa\RLAW9yA.exe Task: {B1711432-C92F-4C36-B86E-9EA4681A6CC8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation) Task: {B8CD762D-03DE-4D66-BE8A-932240D04AE1} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.) Task: {C17A6375-5D79-41A5-AA70-EB0B640E8103} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {C347F1F0-1394-404C-BDD8-DC241F55619B} - System32\Tasks\WIN-fIGbfFfEGCfFGEGbfCfE => C:\Users\Ali\AppData\Roaming\~roxszob.exe Task: {CB06E1B0-7246-499E-945C-7A83B0229387} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\Ali\AppData\Roaming\~mfnnugq.exe Task: {EA982106-BF99-4B90-ABE8-495A3574401F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.) Task: {F7BF5B53-0BFC-454D-AE47-FBBB71EE662C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {FEFB334E-05B2-4878-BFD0-70BDB047FE60} - System32\Tasks\tc7pPdN5lcbE9NW => C:\Users\Ali\AppData\Roaming\sAsIbAj\s6TRfHU.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2012-08-04 11:34 - 2012-08-04 11:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe 2013-06-10 00:25 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2012-09-11 21:54 - 2012-08-16 12:04 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2012-09-11 21:54 - 2012-08-16 12:04 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2012-06-07 15:12 - 2012-06-07 15:12 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2015-06-11 23:03 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll 2015-06-11 23:03 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll 2015-06-11 23:03 - 2015-06-05 20:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll 2012-09-11 21:53 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3195047193-392384213-1903880517-1002\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-3195047193-392384213-1903880517-1002\...\aeriagames.com -> hxxp://aeriagames.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3195047193-392384213-1903880517-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3195047193-392384213-1903880517-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ali\Pictures\asus_002.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3195047193-392384213-1903880517-1002\...\StartupApproved\Run: => "msnmsgr" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{583DEFCA-11B6-4DC2-B2AE-4D0D8D76C724}C:\users\ali\downloads\tinyumbrella-7.04.00.exe] => (Allow) C:\users\ali\downloads\tinyumbrella-7.04.00.exe FirewallRules: [TCP Query User{64D3D24B-15D6-4AB9-8DFC-9E1FE6812435}C:\users\ali\downloads\tinyumbrella-7.04.00.exe] => (Allow) C:\users\ali\downloads\tinyumbrella-7.04.00.exe FirewallRules: [UDP Query User{9BCF3CED-279A-4338-A3DF-7CAC97F2AFCF}C:\users\ali\downloads\tinyumbrella-6.14.00.exe] => (Allow) C:\users\ali\downloads\tinyumbrella-6.14.00.exe FirewallRules: [TCP Query User{38C4CE5B-B598-4B71-9633-B4314E47A895}C:\users\ali\downloads\tinyumbrella-6.14.00.exe] => (Allow) C:\users\ali\downloads\tinyumbrella-6.14.00.exe FirewallRules: [{930F4CF7-EFBC-4738-8760-C04337E5A03C}] => (Allow) C:\Users\Ali\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe FirewallRules: [{2A58ADE9-B2FF-438D-A18C-9E7675E99CBF}] => (Allow) C:\Users\Ali\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe FirewallRules: [{DF651FB9-613F-4F86-B702-FBAC770209E5}] => (Allow) C:\Users\Ali\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe FirewallRules: [UDP Query User{0D238C5E-A921-4500-B493-3E4C3B0F514C}C:\aeriagames\soldierfront\soldierfront.exe] => (Allow) C:\aeriagames\soldierfront\soldierfront.exe FirewallRules: [TCP Query User{93611739-7617-4A89-A5D7-0A178D5C78B4}C:\aeriagames\soldierfront\soldierfront.exe] => (Allow) C:\aeriagames\soldierfront\soldierfront.exe FirewallRules: [UDP Query User{4BEE8007-9D22-42C8-9CEF-6E62EF7C3FB1}C:\users\ali\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ali\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{87C97F58-A7A0-40A5-9830-0EDDA0E43519}C:\users\ali\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\ali\appdata\local\akamai\netsession_win.exe FirewallRules: [{41595B87-5179-4F0E-B587-AA852F0417A8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{E5D40F7B-8CEC-4E6E-A118-564E74B0F339}] => (Allow) LPort=2869 FirewallRules: [{B5C1BB4B-5B2F-4F34-B02C-5A71F0EAD1D7}] => (Allow) LPort=1900 FirewallRules: [{2DBBEE92-53E1-4A8A-8AA7-D442B730B6B6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{CD5DC5D1-BACC-4DA3-A127-25435157A5D3}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{9AD6ADAC-BB37-40FB-A6B6-93B1DB96AAFD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{2645EC07-F6CB-4B4E-95F4-F14DEBE54BFC}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{77C8FBB0-C19A-4808-996B-0B2F10228986}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{47133449-BE9C-4401-91EA-121169C36511}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{F49797F4-FE06-4343-BB19-A9AF6DEFECC1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{674D33E2-1500-414B-9AF2-43710AA9A6EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{26D01C08-6DB4-420C-8E25-07D3475A9F0F}C:\users\ali\appdata\roaming\torntv.com\torntv downloader.exe] => (Block) C:\users\ali\appdata\roaming\torntv.com\torntv downloader.exe FirewallRules: [UDP Query User{C745D57D-8E95-47FB-9946-47A6B2EEE42A}C:\users\ali\appdata\roaming\torntv.com\torntv downloader.exe] => (Block) C:\users\ali\appdata\roaming\torntv.com\torntv downloader.exe FirewallRules: [{C10C8801-9C4A-491D-B4DB-6661EADF43C6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{48F4566D-3627-49BB-BDB1-E356BF7FC029}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{0BF41DF7-9B40-418C-B17E-DD2601A05637}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B3D1951B-D72A-42FE-BD4E-775807D548E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{3A6E44F1-E8B1-4E3B-BD9A-0D003DE1C4F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2015 00:08:16 PM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] Aucune connexion n\x92a pu \xeatre \xe9tablie car l\x92ordinateur cible l\x92a express\xe9ment refus\xe9e.',),)) Error: (06/13/2015 00:08:15 PM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] Aucune connexion n\x92a pu \xeatre \xe9tablie car l\x92ordinateur cible l\x92a express\xe9ment refus\xe9e.',),)) Error: (06/13/2015 00:08:14 PM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] Aucune connexion n\x92a pu \xeatre \xe9tablie car l\x92ordinateur cible l\x92a express\xe9ment refus\xe9e.',),)) Error: (06/13/2015 00:08:13 PM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] Aucune connexion n\x92a pu \xeatre \xe9tablie car l\x92ordinateur cible l\x92a express\xe9ment refus\xe9e.',),)) Error: (06/13/2015 00:08:11 PM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] Aucune connexion n\x92a pu \xeatre \xe9tablie car l\x92ordinateur cible l\x92a express\xe9ment refus\xe9e.',),)) Error: (06/13/2015 00:08:10 PM) (Source: iumsvc) (EventID: 255) (User: ) Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] Aucune connexion n\x92a pu \xeatre \xe9tablie car l\x92ordinateur cible l\x92a express\xe9ment refus\xe9e.',),)) Error: (06/13/2015 11:35:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 43437 Error: (06/13/2015 11:35:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 43437 Error: (06/13/2015 11:35:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/13/2015 11:35:40 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 27906 System errors: ============= Error: (06/13/2015 00:50:18 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT) Description: propres à l’applicationLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORITE NTSystèmeS-1-5-18LocalHost (avec LRPC)Non disponibleNon disponible Error: (06/13/2015 00:47:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Windows Search, mais cette action a échoué en raison de l’erreur suivante : %%1056 Error: (06/13/2015 00:46:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error: (06/13/2015 00:46:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Spouleur d’impression s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 5000 millisecondes : Redémarrer le service. Error: (06/13/2015 00:46:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Intel(R) Capability Licensing Service Interface s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service. Error: (06/13/2015 00:46:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service NVIDIA Update Service Daemon s’est terminé de façon inattendue pour la 1ème fois. Error: (06/13/2015 00:46:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Google Update Service (gupdatem) s’est terminé de façon inattendue pour la 1ème fois. Error: (06/13/2015 00:46:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error: (06/13/2015 00:46:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service iPod Service s’est terminé de façon inattendue pour la 1ème fois. Error: (06/13/2015 00:46:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Intel(R) ME Service s’est terminé de façon inattendue pour la 1ème fois. Microsoft Office: ========================= Error: (01/30/2015 08:26:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 94464 seconds with 1680 seconds of active time. This session ended with a crash. Error: (10/29/2014 03:52:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/02/2014 11:47:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 644052 seconds with 21480 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-06-10 22:42:41.266 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-06-10 21:55:02.963 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-06-10 21:22:16.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-30 03:41:41.241 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-30 03:41:40.741 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-30 03:41:40.375 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-28 15:00:29.011 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-28 15:00:27.263 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-14 23:57:52.304 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-14 23:57:51.842 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 58% Total physical RAM: 3979.71 MB Available physical RAM: 1651.06 MB Total Pagefile: 4747.71 MB Available Pagefile: 1936.87 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:84.87 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:398.18 GB) (Free:397.53 GB) NTFS Drive e: (WALIMA) (CDROM) (Total:2.54 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: F05DB9F1) Partition: GPT Partition Type. ==================== End of log ============================