cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by mohamed (10-04-2017 20:01:29)
Running from C:\Users\mohamed\Desktop
Windows 10 Home Single Language Version 1607 (X64) (2017-04-08 19:24:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1269088884-2991484980-774938323-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1269088884-2991484980-774938323-503 - Limited - Disabled)
Guest (S-1-5-21-1269088884-2991484980-774938323-501 - Limited - Disabled)
mohamed (S-1-5-21-1269088884-2991484980-774938323-1001 - Administrator - Enabled) => C:\Users\mohamed

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{A14A2A00-D5CB-867E-8C03-8108DC2702D7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Google Chrome (HKLM-x32\...\{F9FA265F-947B-3778-A67B-57AC6862C8E1}) (Version: 57.0.2987.133 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{DD21DBC9-2A74-44DA-A543-B1F4AF3ABFCA}) (Version: 1.1.8.1 - HP)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1269088884-2991484980-774938323-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-GB)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.48 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.64 - REALTEK Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.62308 - TeamViewer)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1269088884-2991484980-774938323-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A292B658D14F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1269088884-2991484980-774938323-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {008B0D7F-3153-42CE-ABBD-727B89FE3437} - System32\Tasks\Reerverentclkak Builder => C:\Program Files (x86)\Dermupy\xchesaty.exe [2017-04-09] (Glarysoft Ltd)
Task: {067B3B7C-9B04-4C94-983D-CAC0AD644FE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {06B30AFD-F544-4D65-9634-E0ADD251DCE0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-11] (Dropbox, Inc.)
Task: {2BEE68C7-1D4A-4430-B7B1-EB9ECF87B41B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-11] (Google Inc.)
Task: {40E623E4-2213-449E-A22A-2EC75986EA6C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {5E04656B-C27A-4588-ACAA-2C2DB762C0E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-24] (HP Inc.)
Task: {62716D5B-3F55-4E56-B299-0485D984B318} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {63D9C499-7D31-400C-9207-095194C04C0A} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-QK7OEJRJ-mohamed => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {8201559B-460D-49D0-A95E-17D01566D149} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {84B201FB-8DD2-4F07-9ABF-89F0C4E72591} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {876E7EBB-6255-42A6-A94E-EA05176FE63B} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe
Task: {8FCC4ECF-D955-4590-8DB3-854A4EB88713} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-QK7OEJRJ-mohamed LAPTOP-QK7OEJRJ => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {A63F22BB-3C7F-4A67-9137-0FC5CC51DA83} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {A781B199-D2F6-4F4D-A142-9FC579ADFAFF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B132CEF2-768D-479F-9B5D-EC469F17246F} - System32\Tasks\HPCeeScheduleFormohamed => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B4C33D85-68DB-4C53-A5CB-6333344DB562} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-11] (Dropbox, Inc.)
Task: {C0D631F0-A4DC-41F5-B0FB-CEC12A7B408B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DCDBFAC7-7273-4B8E-9AFE-E556A5DA2A0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {E7F769C2-935E-43B1-9A31-C58271A0FBA2} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2015-07-20] ()
Task: {EE2EF79F-DF70-4ED7-A3D9-BB05D866E1B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {EEF18338-485E-4605-963F-DB1A740500C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {F0AC660B-9262-4489-A572-FC82DA369042} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
Task: {F6C60F95-C977-4EF7-8440-68E0670675CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {FFC7BD91-C2EC-4BA4-9886-04696436C6F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-11] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormohamed.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\mohamed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TripAdvisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cnnb&s=TripAdvisor_W10_taskbar&tp=Taskbar

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 14:42 - 2016-07-16 14:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-09 01:32 - 2017-03-04 10:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-18 15:47 - 2015-11-19 18:44 - 00127192 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2016-02-18 16:03 - 2014-04-14 21:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-04-09 01:32 - 2017-03-04 10:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-11-21 01:35 - 2016-11-21 01:35 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-04-09 01:31 - 2017-03-04 09:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-04-09 01:31 - 2017-03-04 09:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-04-09 01:31 - 2017-03-04 09:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-09 01:31 - 2017-03-04 09:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-09 01:31 - 2017-03-04 09:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-09 01:32 - 2017-03-04 09:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-22 19:32 - 2016-05-22 19:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-06-03 03:36 - 2016-06-03 03:36 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-06-08 00:41 - 2016-06-08 00:41 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1269088884-2991484980-774938323-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "StartCCC"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2822E5CC-4514-4B10-8F62-96FABA91C092}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{47C87C08-DBD2-48C9-AED7-252A72C32F58}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B4806F36-BBB1-40CB-8B9D-2AB477A5288A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{03518143-C856-45AB-A9FF-093966EA88E0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{1B757C88-06CF-40E3-94F7-0B00640D4664}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{BB7D2231-10E6-4AFA-850D-19FED3AFF5C2}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [{DE9E4DAC-EB4F-4041-8C3D-BB7F42A270BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{561395D7-E115-4C5B-A07B-2F648F6C7F45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E86DA7E-9054-4939-8B08-7A1AF49B5045}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{66D2F4EE-1129-4CEB-A332-70ABFA667C8C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{681BE6C3-F0D4-4416-9DB8-EFCA00878C3F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DA59EED5-97D5-477C-BF85-983003FAECB8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{57889914-5DDD-450C-A462-B06ED37FD9D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{75C3CDDF-865F-4298-8DE7-025BBF134909}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{900401D1-C982-4577-B2C6-6C2B24069B43}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{491BC0F0-24E9-423D-B6B7-B2022265F648}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{38793CE7-2E01-49E0-B9D7-65235544245F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{ACFAFCF6-706E-4F30-8755-F58CF7081A67}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{5F1A2FF9-EAE5-481F-BC73-4D1D618F6C17}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{38D5BD8F-2DC3-4122-A802-90BAF606BE99}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E554698-BBB0-4472-8B63-FB88B7A1DFC8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DBF90A47-5D92-4E3F-A966-5F71548A5A35}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{40CD9294-F8D6-4A32-8FEF-04A49581FB7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE530389-B8B5-4088-A27D-D2687AE99114}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{A7EB79E4-E6CC-48A1-BCCF-71E079E52896}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7C9448A5-E037-4941-9520-1DBF6E6A69CA}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{22271BCF-D006-434C-9459-CBBF00FF2FFE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{FBCF5827-36E9-4176-8254-2503D4F0E19B}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EA22F04B-684A-4290-AB3D-782E336BF781}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{42446EEE-CF8B-4DCD-8BA9-568FB7D36C73}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6EBFF90C-66DE-4ABB-9A31-F06CC944E0ED}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2017 06:10:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\SysWOW64\rundll32.exe mbar.dll Start /z ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x80070005).

Error: (04/10/2017 06:10:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\SysWOW64\rundll32.exe mbar.dll Start /z ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x80070005).

Error: (04/10/2017 05:26:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 52.0.2.6291, time stamp: 0x58d41a2d
Faulting module name: mozglue.dll, version: 52.0.2.6291, time stamp: 0x58d41a1f
Exception code: 0x80000003
Fault offset: 0x0000f73b
Faulting process ID: 0x1fc
Faulting application start time: 0x01d2b202da1c48ac
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report ID: 19613a28-7f17-462c-91b2-8725af64411d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/10/2017 05:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe CEF Helper.exe, version: 3.7.0.271, time stamp: 0x57515883
Faulting module name: libcef.dll, version: 3.2171.2069.0, time stamp: 0x551bdc44
Exception code: 0xc0000005
Fault offset: 0x00444106
Faulting process ID: 0x42c
Faulting application start time: 0x01d2b1fe843ade90
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
Report ID: 32f92e19-3b61-43b9-852b-26ca39984fec
Faulting package full name:
Faulting package-relative application ID:

Error: (04/10/2017 05:26:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ctfmon.exe, version: 10.0.14393.0, time stamp: 0x57899148
Faulting module name: InputService.dll, version: 10.0.14393.953, time stamp: 0x58ba5875
Exception code: 0xc0000005
Fault offset: 0x00057f66
Faulting process ID: 0x96c
Faulting application start time: 0x01d2b202e70cfb93
Faulting application path: C:\WINDOWS\SysWOW64\ctfmon.exe
Faulting module path: C:\WINDOWS\system32\InputService.dll
Report ID: fd6f1cf5-65f8-4a76-8cc4-d2e28548f59a
Faulting package full name:
Faulting package-relative application ID:

Error: (04/10/2017 04:28:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPWMISVC.exe, version: 1.3.4.0, time stamp: 0x54e2a903
Faulting module name: OLEAUT32.dll, version: 10.0.14393.447, time stamp: 0x5819c2b5
Exception code: 0xc0000005
Fault offset: 0x0001bf74
Faulting process ID: 0xad4
Faulting application start time: 0x01d2b1fe33ff1700
Faulting application path: c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
Faulting module path: C:\WINDOWS\System32\OLEAUT32.dll
Report ID: c51c4006-8822-44aa-b1cd-59aedb4bf78c
Faulting package full name:
Faulting package-relative application ID:

Error: (04/10/2017 03:41:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-QK7OEJRJ)
Description: Activation of application Microsoft.Getstarted_3.11.3.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/10/2017 03:12:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-QK7OEJRJ)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147024726 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/10/2017 02:38:45 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_app_start_app_in_active_user_session FILE: rsrc_app.c LINE: 328 TIME: 2448285 ms

Unable to start capture program. Error = 170

Error: (04/10/2017 02:29:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\mohamed\Downloads\Programs\esetsmartinstaller_fra.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.


System errors:
=============
Error: (04/10/2017 06:47:58 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/10/2017 06:33:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/10/2017 06:33:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecureLine service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/10/2017 06:33:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/10/2017 06:32:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/10/2017 06:16:46 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-QK7OEJRJ)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user LAPTOP-QK7OEJRJ\mohamed SID (S-1-5-21-1269088884-2991484980-774938323-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11606.1001.39.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (04/10/2017 06:14:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/10/2017 06:14:39 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/10/2017 06:13:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/10/2017 06:13:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecureLine service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
Date: 2017-04-10 14:58:17.704
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-10 14:58:17.444
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-09 01:54:02.215
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 38%
Total physical RAM: 8090.91 MB
Available physical RAM: 4963.01 MB
Total Virtual: 10010.91 MB
Available Virtual: 6973.72 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:299.15 GB) (Free:226.02 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:14.05 GB) (Free:1.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (New Volume) (Fixed) (Total:922.39 GB) (Free:695.59 GB) NTFS
Drive g: () (Fixed) (Total:300 GB) (Free:299.87 GB) NTFS
Drive h: () (Fixed) (Total:325.61 GB) (Free:325.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 9BE4F380)

Partition: GPT.

==================== End of Addition.txt ============================

Publicité


Signaler le contenu de ce document

Publicité