Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015 Ran by Cino (2015-08-07 18:54:29) Running from C:\Users\Cino\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrateur (S-1-5-21-3831606109-2479305572-1568501551-500 - Administrator - Disabled) Cino (S-1-5-21-3831606109-2479305572-1568501551-1001 - Administrator - Enabled) => C:\Users\Cino DefaultAccount (S-1-5-21-3831606109-2479305572-1568501551-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3831606109-2479305572-1568501551-1000 - Administrator - Disabled) Invité (S-1-5-21-3831606109-2479305572-1568501551-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3831606109-2479305572-1568501551-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts) FIFA 15 Ultimate Team Edition version Update 4 (HKLM-x32\...\FIFA 15 Ultimate Team Edition_is1) (Version: Update 4 - GMT-MAX.ORG) Fraps (HKLM-x32\...\Fraps) (Version: - ) GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.88.0000 - GIGABYTE Technology Co.,Ltd.) GIGABYTE OC_GURU II (x32 Version: 1.88.0000 - GIGABYTE Technology Co.,Ltd.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) MSI Interceptor DS100 Gaming Mouse (HKLM-x32\...\{0554E252-D345-4924-A87E-F1C6242371AB}_is1) (Version: 1.1 - MSI Co., LTD) Origin (HKLM-x32\...\Origin) (Version: 9.6.1.5336 - Electronic Arts, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3831606109-2479305572-1568501551-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Cino\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 05-08-2015 00:39:14 Installed GIGABYTE OC_GURU II 05-08-2015 04:02:36 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 13:04 - 2015-07-10 13:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {07AAEACE-1775-419F-A5DA-FC297765F5F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.) Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {1641F54C-1E57-4902-AB65-EE2B65E5629D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {1D3D099E-EE1E-4907-8BA2-BA8F12D11AA6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation) Task: {2C97A00A-1C5C-4318-B5CC-8A1A126B77F9} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {4454A8D0-2E4E-4A02-BF67-48DF6A7BFAB4} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask Task: {478C8C2C-02EC-44A3-A9E0-8ABF6677EA6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {5E5515C1-7D87-4904-B9CE-FD29EB2ADB72} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {711EE2F9-A611-4773-AF8E-D4B278A6718D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {744C9FEA-08B7-43E1-A729-0F94647D655C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {7A003965-A297-4DC6-B15B-852D798391E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\Windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-15] (Microsoft Corporation) Task: {8E754543-F210-4F6C-A268-684C79BA7BCC} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent Task: {A364E297-00AD-490D-900E-22AC34598C71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation) Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {AC29E64E-3271-47BA-B8F1-914523CF379B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update Task: {B9B36D41-C776-424E-9A13-5387E17A2CEB} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation) Task: {C2162702-FFEB-48C0-AA5F-2DA3A8887D61} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) Task: {D2401052-A382-42DE-9C79-D1CF3563F654} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation Task: {DAF2BAE3-1C5B-4CB5-9F62-0911C031A15A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation) Task: {E3842DBD-3340-4755-82BE-E14F0012D0FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.) Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-07-16] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-08-05 04:06 - 2015-07-15 04:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll 2015-08-05 04:06 - 2015-07-11 03:22 - 00403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll 2015-08-05 03:12 - 2015-08-05 03:12 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe 2015-08-05 00:55 - 2012-04-24 18:42 - 01181544 _____ () C:\Program Files (x86)\MSI Gaming Series\Interceptor DS100\ETGMSrv.exe 2015-08-05 23:09 - 2015-07-30 08:05 - 02498808 _____ () C:\Windows\system32\CoreUIComponents.dll 2015-08-05 23:09 - 2015-07-30 08:05 - 02498808 _____ () C:\Windows\System32\CoreUIComponents.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2015-08-05 00:55 - 2014-03-10 11:43 - 03698176 _____ () C:\Program Files (x86)\MSI Gaming Series\Interceptor DS100\MMon2.exe 2015-07-17 19:34 - 2015-07-17 19:34 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll 2015-08-05 23:09 - 2015-08-02 03:37 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 13:00 - 2015-07-10 18:28 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-05 23:09 - 2015-08-02 03:34 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-05 23:09 - 2015-08-02 03:35 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-08-05 03:12 - 2015-08-07 17:32 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll 2015-08-05 03:12 - 2015-08-05 03:12 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll 2015-08-05 23:45 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-08-05 23:45 - 2015-07-24 01:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll 2015-08-05 23:45 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-08-05 23:45 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-08-05 23:45 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-08-05 23:45 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-08-05 23:45 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-08-05 23:45 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-08-05 23:45 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-08-05 23:45 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-08-05 23:45 - 2015-07-24 01:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-08-05 23:45 - 2015-07-07 22:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll 2015-08-05 00:55 - 2011-01-27 00:53 - 00028160 _____ () C:\Program Files (x86)\MSI Gaming Series\Interceptor DS100\uiHook.dll 2015-08-05 23:45 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-08-05 13:24 - 2015-08-05 13:24 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll 2015-08-05 13:24 - 2015-08-05 13:23 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll 2015-08-05 13:24 - 2015-08-05 13:23 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll 2015-08-05 13:24 - 2015-08-05 13:23 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll 2015-08-05 13:24 - 2015-08-05 13:23 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll 2015-08-05 13:24 - 2015-08-05 13:23 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll 2015-08-05 13:24 - 2015-08-05 13:23 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll 2015-08-05 13:24 - 2015-08-05 13:23 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll 2015-08-05 13:24 - 2015-08-05 13:24 - 00228352 _____ () C:\Program Files (x86)\Origin\mediaservice\wmfengine.dll 2015-08-07 00:44 - 2015-07-31 08:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll 2015-08-07 00:44 - 2015-07-31 08:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll 2015-08-07 00:44 - 2015-07-31 08:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3831606109-2479305572-1568501551-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cino\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\black-cat-blue-eyes.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{908B530E-E16E-4E99-AB82-ED1413B1E676}] => (Allow) C:\Users\Cino\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{02FC48EB-A205-40CF-BE83-F6B0267774FF}] => (Allow) C:\Users\Cino\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FF0417B2-B6D4-4C7F-895C-6D7B1AB739B4}] => (Allow) C:\Users\Cino\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{AF7F4368-50ED-4D18-8C4A-E075ABC696B4}] => (Allow) C:\Users\Cino\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7FB087EE-904F-49E9-A15F-AB421CF70C15}] => (Allow) C:\Users\Cino\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E6A39736-557C-4A19-9B78-198F1C87CB88}] => (Allow) C:\Users\Cino\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E3BA8C84-75AF-45EB-8CCB-574324A68D9F}] => (Allow) C:\Program Files (x86)\GMT-MAX.ORG\FIFA 15 Ultimate Team Edition\fifasetup\fifaconfig.exe FirewallRules: [{2EE8F9E6-3C3D-4A18-934E-15917CCDC7A2}] => (Allow) C:\Program Files (x86)\GMT-MAX.ORG\FIFA 15 Ultimate Team Edition\fifasetup\fifaconfig.exe FirewallRules: [TCP Query User{172EB585-037A-4BCE-B108-3082FCB0196A}C:\program files (x86)\gmt-max.org\fifa 15 ultimate team edition\fifa15.exe] => (Allow) C:\program files (x86)\gmt-max.org\fifa 15 ultimate team edition\fifa15.exe FirewallRules: [UDP Query User{C3730198-6F25-4AD2-81E7-0857BADBE22B}C:\program files (x86)\gmt-max.org\fifa 15 ultimate team edition\fifa15.exe] => (Allow) C:\program files (x86)\gmt-max.org\fifa 15 ultimate team edition\fifa15.exe FirewallRules: [{279BE374-3ACB-48F8-9C7C-F76778AC204C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{AED29AEE-A4C3-44EA-AC31-4B9019343FAD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{305C0461-07A6-49FD-823D-EC479EF5D8D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AC341C31-A10B-4076-BA11-22D4A7F074A2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{9B418FFC-6880-4AE8-8466-11866780A016}C:\program files (x86)\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\counter-strike global offensive\csgo.exe FirewallRules: [UDP Query User{B575180D-A719-4E45-9433-6D97ADB575F9}C:\program files (x86)\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\counter-strike global offensive\csgo.exe FirewallRules: [{CBB8B88F-FF45-484F-BA8F-DB96790DB160}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Contrôleur PCI de communications simplifiées Description: Contrôleur PCI de communications simplifiées Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Contrôleur de bus SM Description: Contrôleur de bus SM Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/07/2015 06:10:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante Service_KMS.exe, version : 0.0.0.0, horodatage : 0x55aef299 Nom du module défaillant : KERNELBASE.dll, version : 10.0.10240.16384, horodatage : 0x559f38c3 Code d’exception : 0xe0434352 Décalage d’erreur : 0x000000000002a1c8 ID du processus défaillant : 0x7f4 Heure de début de l’application défaillante : 0xService_KMS.exe0 Chemin d’accès de l’application défaillante : Service_KMS.exe1 Chemin d’accès du module défaillant: Service_KMS.exe2 ID de rapport : Service_KMS.exe3 Nom complet du package défaillant : Service_KMS.exe4 ID de l’application relative au package défaillant : Service_KMS.exe5 Error: (08/07/2015 06:10:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application : Service_KMS.exe Version du Framework : v4.0.30319 Description : le processus a été arrêté en raison d'une exception non gérée. Informations sur l'exception : System.IO.DirectoryNotFoundException Pile : à System.IO.__Error.WinIOError(Int32, System.String) à System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean) à System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean) à System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean) à System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean) à System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding) à System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding) à Service_KMS.Logging.FileLogger.ᜀ(System.String ByRef) à System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) à System.Threading.ThreadHelper.ThreadStart() Error: (08/07/2015 12:41:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme SpyHunter-Installer.exe version 1.0.323.699 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 894 Heure de début : 01d0d0987c8bae23 Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Users\Cino\Downloads\SpyHunter-Installer.exe ID de rapport : 546c39c1-3c8c-11e5-9bd1-40167e6d71b1 Nom complet du package défaillant : ID de l'application relative au package défaillant : Error: (08/06/2015 10:02:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-43N0NK9) Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (08/06/2015 01:37:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-43N0NK9) Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (08/05/2015 09:30:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-43N0NK9) Description: Échec de l’activation de l’application Microsoft.Windows.Photos_8wekyb3d8bbwe!App avec l’erreur : -2147023170 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (08/05/2015 07:17:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme ShellExperienceHost.exe version 10.0.10240.16401 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : df8 Heure de début : 01d0cfa27885c094 Heure de fin : 4294967295 Chemin d'accès de l'application : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe ID de rapport : c95a6b3d-3b95-11e5-9bcd-40167e6d71b1 Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy ID de l'application relative au package défaillant : App Error: (08/05/2015 07:17:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-43N0NK9) Description: Le package Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy+App a été interrompu, car sa suspension a été trop longue. Error: (08/05/2015 01:01:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-43N0NK9) Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (08/05/2015 01:00:32 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1 ». Assembly dépendant Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. System errors: ============= Error: (08/07/2015 05:32:11 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: AUTORITE NT) Description: 32212256841190880 Error: (08/07/2015 05:32:24 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: L’arrêt système précédant à 02:39:55 le ‎07/‎08/‎2015 n’était pas prévu. Error: (08/07/2015 02:39:55 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: L’arrêt système précédant à 00:55:42 le ‎07/‎08/‎2015 n’était pas prévu. Error: (08/07/2015 02:39:32 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: AUTORITE NT) Description: 32212256841190496 Error: (08/07/2015 12:14:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Accès aux données utilisateur_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service. Error: (08/07/2015 12:14:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Stockage des données utilisateur_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service. Error: (08/07/2015 12:14:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Données de contacts_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service. Error: (08/07/2015 12:14:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Hôte de synchronisation_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service. Error: (08/06/2015 10:02:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-43N0NK9) Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca Error: (08/06/2015 10:02:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Hôte de synchronisation_Session2 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service. Microsoft Office: ========================= Error: (08/07/2015 06:10:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe0.0.0.055aef299KERNELBASE.dll10.0.10240.16384559f38c3e0434352000000000002a1c87f401d0d12646009418C:\Program Files\KMSpico\Service_KMS.exeC:\Windows\system32\KERNELBASE.dll8c68cc08-370d-4e8f-9c10-ed3f1d694b1e Error: (08/07/2015 06:10:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application : Service_KMS.exe Version du Framework : v4.0.30319 Description : le processus a été arrêté en raison d'une exception non gérée. Informations sur l'exception : System.IO.DirectoryNotFoundException Pile : à System.IO.__Error.WinIOError(Int32, System.String) à System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean) à System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean) à System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean) à System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean) à System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding) à System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding) à Service_KMS.Logging.FileLogger.ᜀ(System.String ByRef) à System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) à System.Threading.ThreadHelper.ThreadStart() Error: (08/07/2015 12:41:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SpyHunter-Installer.exe1.0.323.69989401d0d0987c8bae234294967295C:\Users\Cino\Downloads\SpyHunter-Installer.exe546c39c1-3c8c-11e5-9bd1-40167e6d71b1 Error: (08/06/2015 10:02:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-43N0NK9) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 Error: (08/06/2015 01:37:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-43N0NK9) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 Error: (08/05/2015 09:30:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-43N0NK9) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170 Error: (08/05/2015 07:17:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: ShellExperienceHost.exe10.0.10240.16401df801d0cfa27885c0944294967295C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exec95a6b3d-3b95-11e5-9bcd-40167e6d71b1Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp Error: (08/05/2015 07:17:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-43N0NK9) Description: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy+App Error: (08/05/2015 01:01:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-43N0NK9) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 Error: (08/05/2015 01:00:32 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\MFC80U.DLL ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Percentage of memory in use: 27% Total physical RAM: 8097.71 MB Available physical RAM: 5881.05 MB Total Virtual: 10017.71 MB Available Virtual: 7597.25 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.96 GB) (Free:883.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End of log ============================