Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by bayab (28-05-2017 19:06:52)
Running from F:\
Windows 10 Pro Version 1607 (X64) (2016-10-14 20:20:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2022920285-3176419706-3169518393-500 - Administrator - Disabled)
bayab (S-1-5-21-2022920285-3176419706-3169518393-1001 - Administrator - Enabled) => C:\Users\bayab
DefaultAccount (S-1-5-21-2022920285-3176419706-3169518393-503 - Limited - Disabled)
Guest (S-1-5-21-2022920285-3176419706-3169518393-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hotline Miami 2 ver. 1.03a (HKLM-x32\...\{27417000-66ZX-22VB-37Y0-46KL5M686AC}_is1) (Version: 1.03a - Devolver Digital)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2022920285-3176419706-3169518393-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mises à jour NVIDIA 2.5.15.46 (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
No Man's Sky (HKLM-x32\...\1446213994_is1) (Version: 2.3.0.5 - GOG.com)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Python 3.3.3 (64-bit) (HKLM\...\{e9d90870-ab19-32a8-aa93-f8348ba21d05}) (Version: 3.3.3150 - Python Software Foundation)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-2022920285-3176419706-3169518393-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SketchUp 2016 (HKLM\...\{4A8F2944-0D02-440C-809C-D2B17C3E6623}) (Version: 16.1.1449 - Trimble Navigation Limited)
Smart Manager V3 Ver 4.2.6 (HKLM\...\Smart Manager V3) (Version: Ver 4.2.6 - GIGABYTE)
Smart Update v2.4.3 (HKLM-x32\...\Smart Update) (Version: v2.4.3 - GIGABYTE TECHNOLOGY CO.,LTD.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Switch - Convertisseur de fichiers audio (HKLM-x32\...\Switch) (Version: 4.68 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
The Beginner's Guide (HKLM-x32\...\The Beginner's Guide_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
The Stanley Parable (HKLM-x32\...\The Stanley Parable_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
The Witness (HKLM-x32\...\The Witness_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Unity Web Player (HKU\S-1-5-21-2022920285-3176419706-3169518393-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C898C1A-998C-4DD5-B1D1-4AC814BD2A31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
Task: {0E121A06-CFFE-4522-8535-FCFA2D52EA4F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {17B57114-D53D-48C8-A172-6772D671E3A3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {1BCD0CE6-F06C-4310-ACBC-1BB2A34ED4F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {37C8960E-E08B-4661-8F29-65F7068182E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
Task: {417C3686-1247-49A6-98D1-71CA60094E11} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4AEB4359-D152-4665-A5F7-0E5A8FAB8CD2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {718193AC-26E8-409B-8D8C-C3530DF0256D} - System32\Tasks\ESET Windows 10 upgrade – Perform upgrade => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 8.0\upgrade.exe [2015-11-23] (ESET)
Task: {817AEA51-0525-4FFF-A660-C07BDA596A62} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {8E04A385-580C-436B-91CA-EE51AE3D9914} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\bayab\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {A7860DA6-5EEA-4C17-A10F-0AE4B6656C9F} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {B1FB62C2-82A5-43F9-970A-F2218A9D7943} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D11A744E-C03F-4A24-A68E-D0EFB622EB79} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-23] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\bayab\Favorites\Site de téléchargement NCH Software.lnk -> hxxp://www.nch.com.au/fr/index.htm
==================== Loaded Modules (Whitelisted) ==============
2015-09-06 12:14 - 2012-12-06 13:52 - 00136704 _____ () C:\WINDOWS\System32\zlhp2600.dll
2014-08-11 06:11 - 2014-08-11 06:11 - 00019456 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe
2017-05-27 11:05 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-13 23:05 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-14 22:12 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-01 11:14 - 2014-08-19 21:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-05-27 15:50 - 2016-11-02 00:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-15 08:08 - 2016-10-15 08:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 12:06 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 12:06 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 12:06 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 12:06 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-13 23:05 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-13 23:05 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-08-11 06:11 - 2014-08-11 06:11 - 00009728 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\OSD\IsMetroUI.dll
2014-08-11 06:13 - 2014-08-11 06:13 - 00486400 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\OSD\Skin\OSD_Skin.dll
2014-08-11 06:11 - 2014-08-11 06:11 - 00200704 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\GetDispDevs.dll
2014-08-11 06:11 - 2014-08-11 06:11 - 00095744 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\PCIeCtl.dll
2014-08-11 06:13 - 2014-08-11 06:13 - 04067328 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\Skin\Main_Skin.dll
2015-07-21 16:10 - 2011-03-02 12:40 - 00164864 _____ () D:\Program Files\WinRAR\rarext.dll
2017-05-23 10:22 - 2017-05-23 10:22 - 03918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-06-28 01:19 - 2016-06-28 01:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
2014-04-29 16:23 - 2014-04-29 16:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-21 16:47 - 2015-10-04 10:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 13:04 - 2016-04-18 17:15 - 00001165 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2022920285-3176419706-3169518393-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\bayab\Bureau\Back_side_of_the_Moon_AS16-3021.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A3236AE5-1AC5-40E6-8EE3-20D45675BA34}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{28AC5E6C-B554-491D-9DFD-E682538F9C96}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{7B456328-1379-408F-A3E9-0B9ECD06F78C}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{E6211D7B-3946-404C-A5B0-48CA3E011591}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2DCED07C-B51D-4967-9EC2-7075515A601C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{654BA5A1-1542-47D8-91C2-968D49818D2C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4564C53B-D713-4712-8D60-FD86749AFE52}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{73856AB9-C617-43E2-8B11-D547767560E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F0FA1BD4-C0A8-4AE2-B36D-214D07703395}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D14B3074-F092-4C71-B949-96601D69B552}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E7FB06CD-34AC-417A-A67A-8D46CAAD4891}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{33F0529D-EEA6-4803-BA94-9C1B24ECDEF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3AF8B5C0-B947-490F-A2AC-F6CCDD1C4FCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{37AA81CF-7B88-4186-BECD-37DE2854F3E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E426EE66-3937-4E8C-9B8D-373EA825DCFD}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{65AACF48-9F5C-4862-8A5B-9FBE12CB13DB}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{B9A74453-3969-446D-9799-EA77DD6430B7}D:\the stanley parable\stanley.exe] => (Block) D:\the stanley parable\stanley.exe
FirewallRules: [UDP Query User{015FD0D4-EAED-48E5-ACC5-5DB9FF1A3F83}D:\the stanley parable\stanley.exe] => (Block) D:\the stanley parable\stanley.exe
FirewallRules: [TCP Query User{5C7A9E01-D84F-40D8-9A62-A95F51302A1D}D:\the beginner's guide\beginnersguide.exe] => (Allow) D:\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{548A6BAE-10FD-4C19-9602-BF2A6AF55EBA}D:\the beginner's guide\beginnersguide.exe] => (Allow) D:\the beginner's guide\beginnersguide.exe
FirewallRules: [{AAFAE711-E6EA-4217-BBFC-36969213A491}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{92D35C7B-5A41-4413-AACB-76F8B74F49BE}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{24A10696-B489-4BFD-8985-654DE19F38D6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70C1FAC1-68AA-4577-81A1-E559AF3B40A6}] => (Allow) LPort=2869
FirewallRules: [{D7D3FC9E-B188-41BA-A630-89BA6FBD3375}] => (Allow) LPort=1900
FirewallRules: [{DACB8933-2F87-45A6-9B96-ED2DAF0B638C}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{61AD5AB2-0945-4958-BEA3-206124B8F254}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{7D26AF87-6408-4C96-ABE2-62E4AF5FF35D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{64A892DD-3EF8-4073-81DB-C40C302A50A7}D:\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) D:\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [UDP Query User{D72AEEAD-0D66-4288-A827-6D6CCE84BA62}D:\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) D:\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [{46379601-F78F-4B07-B140-DE777A62A800}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2017 03:15:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/28/2017 10:48:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_LicenseManager, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: CLIPC.dll, version: 10.0.14393.0, time stamp: 0x57899b86
Exception code: 0xc0000005
Fault offset: 0x000000000000f3cb
Faulting process id: 0x590
Faulting application start time: 0x01d2d78edbc99af9
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\CLIPC.dll
Report Id: bf1f2e67-1167-4ea9-a56b-d7c163f49494
Faulting package full name:
Faulting package-relative application ID:
Error: (05/27/2017 10:26:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDriveStandaloneUpdater.exe, version: 17.3.6799.327, time stamp: 0x58d9ba11
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x014e5590
Faulting process id: 0x458
Faulting application start time: 0x01d2d6c2f8bf7274
Faulting application path: C:\Users\bayab\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Faulting module path: unknown
Report Id: 2ce3001c-8c0e-44a7-926c-30592a937890
Faulting package full name:
Faulting package-relative application ID:
Error: (05/27/2017 10:08:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/25/2017 09:40:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 14.0.0.6, time stamp: 0x5480afdb
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902808f
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0xb84
Faulting application start time: 0x01d2d58d5375f371
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 231270b1-7ead-4966-b4b6-1bc737ad95a5
Faulting package full name:
Faulting package-relative application ID:
Error: (05/25/2017 09:40:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Service_KMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
at System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding)
at Service_KMS.Logging.FileLogger.ᜀ(System.String ByRef)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (05/25/2017 12:51:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/23/2017 11:15:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/22/2017 10:48:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 58.0.3029.110, time stamp: 0x59114e27
Faulting module name: chrome.dll, version: 58.0.3029.110, time stamp: 0x59114693
Exception code: 0xc0000005
Fault offset: 0x0000000001153a70
Faulting process id: 0x1364
Faulting application start time: 0x01d2d2d1e9cf8158
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.dll
Report Id: 97ae5df5-5baa-448b-ae64-9b4c5c002020
Faulting package full name:
Faulting package-relative application ID:
Error: (05/08/2017 09:44:28 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
System errors:
=============
Error: (05/28/2017 07:05:08 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (05/28/2017 06:58:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 06:58:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 06:58:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 06:56:03 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (05/28/2017 05:53:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 02:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 02:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 02:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 02:20:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-05-28 13:19:09.074
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-28 13:19:09.072
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-28 13:19:08.536
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-28 13:19:08.534
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-28 13:19:07.949
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-04 22:40:56.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvgbwu.inf_amd64_65232c46d452baba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-04 22:40:56.116
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-03 08:57:22.843
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvgbwu.inf_amd64_65232c46d452baba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-03 08:57:22.810
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 20:03:08.543
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvgbwu.inf_amd64_1e3880a5c64f6555\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8110.56 MB
Available physical RAM: 5896.9 MB
Total Virtual: 9390.56 MB
Available Virtual: 7139.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.2 GB) (Free:71.92 GB) NTFS
Drive d: (STOCK) (Fixed) (Total:931.51 GB) (Free:843.53 GB) NTFS
Drive f: (YOUEZBEE) (Removable) (Total:7.21 GB) (Free:6.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FE6D3AE5)
Partition: GPT.
========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: FE6D3AF9)
Partition: GPT.
========================================================
Disk: 2 (Size: 7.2 GB) (Disk ID: 0BAEAC0F)
Partition 1: (Active) - (Size=7.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by bayab (28-05-2017 19:06:52)
Running from F:\
Windows 10 Pro Version 1607 (X64) (2016-10-14 20:20:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2022920285-3176419706-3169518393-500 - Administrator - Disabled)
bayab (S-1-5-21-2022920285-3176419706-3169518393-1001 - Administrator - Enabled) => C:\Users\bayab
DefaultAccount (S-1-5-21-2022920285-3176419706-3169518393-503 - Limited - Disabled)
Guest (S-1-5-21-2022920285-3176419706-3169518393-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hotline Miami 2 ver. 1.03a (HKLM-x32\...\{27417000-66ZX-22VB-37Y0-46KL5M686AC}_is1) (Version: 1.03a - Devolver Digital)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2022920285-3176419706-3169518393-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mises à jour NVIDIA 2.5.15.46 (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
No Man's Sky (HKLM-x32\...\1446213994_is1) (Version: 2.3.0.5 - GOG.com)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Python 3.3.3 (64-bit) (HKLM\...\{e9d90870-ab19-32a8-aa93-f8348ba21d05}) (Version: 3.3.3150 - Python Software Foundation)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-2022920285-3176419706-3169518393-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SketchUp 2016 (HKLM\...\{4A8F2944-0D02-440C-809C-D2B17C3E6623}) (Version: 16.1.1449 - Trimble Navigation Limited)
Smart Manager V3 Ver 4.2.6 (HKLM\...\Smart Manager V3) (Version: Ver 4.2.6 - GIGABYTE)
Smart Update v2.4.3 (HKLM-x32\...\Smart Update) (Version: v2.4.3 - GIGABYTE TECHNOLOGY CO.,LTD.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Switch - Convertisseur de fichiers audio (HKLM-x32\...\Switch) (Version: 4.68 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
The Beginner's Guide (HKLM-x32\...\The Beginner's Guide_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
The Stanley Parable (HKLM-x32\...\The Stanley Parable_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
The Witness (HKLM-x32\...\The Witness_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Unity Web Player (HKU\S-1-5-21-2022920285-3176419706-3169518393-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C898C1A-998C-4DD5-B1D1-4AC814BD2A31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
Task: {0E121A06-CFFE-4522-8535-FCFA2D52EA4F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {17B57114-D53D-48C8-A172-6772D671E3A3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {1BCD0CE6-F06C-4310-ACBC-1BB2A34ED4F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {37C8960E-E08B-4661-8F29-65F7068182E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.)
Task: {417C3686-1247-49A6-98D1-71CA60094E11} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4AEB4359-D152-4665-A5F7-0E5A8FAB8CD2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {718193AC-26E8-409B-8D8C-C3530DF0256D} - System32\Tasks\ESET Windows 10 upgrade – Perform upgrade => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 8.0\upgrade.exe [2015-11-23] (ESET)
Task: {817AEA51-0525-4FFF-A660-C07BDA596A62} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {8E04A385-580C-436B-91CA-EE51AE3D9914} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\bayab\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {A7860DA6-5EEA-4C17-A10F-0AE4B6656C9F} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {B1FB62C2-82A5-43F9-970A-F2218A9D7943} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D11A744E-C03F-4A24-A68E-D0EFB622EB79} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-23] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\bayab\Favorites\Site de téléchargement NCH Software.lnk -> hxxp://www.nch.com.au/fr/index.htm
==================== Loaded Modules (Whitelisted) ==============
2015-09-06 12:14 - 2012-12-06 13:52 - 00136704 _____ () C:\WINDOWS\System32\zlhp2600.dll
2014-08-11 06:11 - 2014-08-11 06:11 - 00019456 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe
2017-05-27 11:05 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-13 23:05 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-14 22:12 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-01 11:14 - 2014-08-19 21:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-05-27 15:50 - 2016-11-02 00:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-15 08:08 - 2016-10-15 08:08 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 12:06 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 12:06 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 12:06 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 12:06 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-13 23:05 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-13 23:05 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-08-11 06:11 - 2014-08-11 06:11 - 00009728 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\OSD\IsMetroUI.dll
2014-08-11 06:13 - 2014-08-11 06:13 - 00486400 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\OSD\Skin\OSD_Skin.dll
2014-08-11 06:11 - 2014-08-11 06:11 - 00200704 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\GetDispDevs.dll
2014-08-11 06:11 - 2014-08-11 06:11 - 00095744 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\PCIeCtl.dll
2014-08-11 06:13 - 2014-08-11 06:13 - 04067328 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\Skin\Main_Skin.dll
2015-07-21 16:10 - 2011-03-02 12:40 - 00164864 _____ () D:\Program Files\WinRAR\rarext.dll
2017-05-23 10:22 - 2017-05-23 10:22 - 03918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-06-28 01:19 - 2016-06-28 01:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
2014-04-29 16:23 - 2014-04-29 16:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-21 16:47 - 2015-10-04 10:24 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 13:04 - 2016-04-18 17:15 - 00001165 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2022920285-3176419706-3169518393-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\bayab\Bureau\Back_side_of_the_Moon_AS16-3021.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A3236AE5-1AC5-40E6-8EE3-20D45675BA34}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{28AC5E6C-B554-491D-9DFD-E682538F9C96}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{7B456328-1379-408F-A3E9-0B9ECD06F78C}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe
FirewallRules: [{E6211D7B-3946-404C-A5B0-48CA3E011591}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2DCED07C-B51D-4967-9EC2-7075515A601C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{654BA5A1-1542-47D8-91C2-968D49818D2C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4564C53B-D713-4712-8D60-FD86749AFE52}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{73856AB9-C617-43E2-8B11-D547767560E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F0FA1BD4-C0A8-4AE2-B36D-214D07703395}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D14B3074-F092-4C71-B949-96601D69B552}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E7FB06CD-34AC-417A-A67A-8D46CAAD4891}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{33F0529D-EEA6-4803-BA94-9C1B24ECDEF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3AF8B5C0-B947-490F-A2AC-F6CCDD1C4FCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{37AA81CF-7B88-4186-BECD-37DE2854F3E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E426EE66-3937-4E8C-9B8D-373EA825DCFD}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{65AACF48-9F5C-4862-8A5B-9FBE12CB13DB}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{B9A74453-3969-446D-9799-EA77DD6430B7}D:\the stanley parable\stanley.exe] => (Block) D:\the stanley parable\stanley.exe
FirewallRules: [UDP Query User{015FD0D4-EAED-48E5-ACC5-5DB9FF1A3F83}D:\the stanley parable\stanley.exe] => (Block) D:\the stanley parable\stanley.exe
FirewallRules: [TCP Query User{5C7A9E01-D84F-40D8-9A62-A95F51302A1D}D:\the beginner's guide\beginnersguide.exe] => (Allow) D:\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{548A6BAE-10FD-4C19-9602-BF2A6AF55EBA}D:\the beginner's guide\beginnersguide.exe] => (Allow) D:\the beginner's guide\beginnersguide.exe
FirewallRules: [{AAFAE711-E6EA-4217-BBFC-36969213A491}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{92D35C7B-5A41-4413-AACB-76F8B74F49BE}] => (Allow) D:\StarCraft II\StarCraft II.exe
FirewallRules: [{24A10696-B489-4BFD-8985-654DE19F38D6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70C1FAC1-68AA-4577-81A1-E559AF3B40A6}] => (Allow) LPort=2869
FirewallRules: [{D7D3FC9E-B188-41BA-A630-89BA6FBD3375}] => (Allow) LPort=1900
FirewallRules: [{DACB8933-2F87-45A6-9B96-ED2DAF0B638C}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{61AD5AB2-0945-4958-BEA3-206124B8F254}] => (Allow) D:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{7D26AF87-6408-4C96-ABE2-62E4AF5FF35D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{64A892DD-3EF8-4073-81DB-C40C302A50A7}D:\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) D:\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [UDP Query User{D72AEEAD-0D66-4288-A827-6D6CCE84BA62}D:\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) D:\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [{46379601-F78F-4B07-B140-DE777A62A800}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2017 03:15:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/28/2017 10:48:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_LicenseManager, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: CLIPC.dll, version: 10.0.14393.0, time stamp: 0x57899b86
Exception code: 0xc0000005
Fault offset: 0x000000000000f3cb
Faulting process id: 0x590
Faulting application start time: 0x01d2d78edbc99af9
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\CLIPC.dll
Report Id: bf1f2e67-1167-4ea9-a56b-d7c163f49494
Faulting package full name:
Faulting package-relative application ID:
Error: (05/27/2017 10:26:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDriveStandaloneUpdater.exe, version: 17.3.6799.327, time stamp: 0x58d9ba11
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x014e5590
Faulting process id: 0x458
Faulting application start time: 0x01d2d6c2f8bf7274
Faulting application path: C:\Users\bayab\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Faulting module path: unknown
Report Id: 2ce3001c-8c0e-44a7-926c-30592a937890
Faulting package full name:
Faulting package-relative application ID:
Error: (05/27/2017 10:08:20 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/25/2017 09:40:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 14.0.0.6, time stamp: 0x5480afdb
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1198, time stamp: 0x5902808f
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0xb84
Faulting application start time: 0x01d2d58d5375f371
Faulting application path: C:\Program Files\KMSpico\Service_KMS.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 231270b1-7ead-4966-b4b6-1bc737ad95a5
Faulting package full name:
Faulting package-relative application ID:
Error: (05/25/2017 09:40:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Service_KMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
at System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding)
at Service_KMS.Logging.FileLogger.ᜀ(System.String ByRef)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (05/25/2017 12:51:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/23/2017 11:15:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/22/2017 10:48:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 58.0.3029.110, time stamp: 0x59114e27
Faulting module name: chrome.dll, version: 58.0.3029.110, time stamp: 0x59114693
Exception code: 0xc0000005
Fault offset: 0x0000000001153a70
Faulting process id: 0x1364
Faulting application start time: 0x01d2d2d1e9cf8158
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\chrome.dll
Report Id: 97ae5df5-5baa-448b-ae64-9b4c5c002020
Faulting package full name:
Faulting package-relative application ID:
Error: (05/08/2017 09:44:28 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
System errors:
=============
Error: (05/28/2017 07:05:08 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (05/28/2017 06:58:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 06:58:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 06:58:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 06:56:03 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (05/28/2017 05:53:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 02:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 02:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 02:21:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/28/2017 02:20:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-05-28 13:19:09.074
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-28 13:19:09.072
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-28 13:19:08.536
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-28 13:19:08.534
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-05-28 13:19:07.949
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\bayab\TEMP\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-04-04 22:40:56.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvgbwu.inf_amd64_65232c46d452baba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-04 22:40:56.116
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-03 08:57:22.843
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvgbwu.inf_amd64_65232c46d452baba\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-04-03 08:57:22.810
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 20:03:08.543
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvgbwu.inf_amd64_1e3880a5c64f6555\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8110.56 MB
Available physical RAM: 5896.9 MB
Total Virtual: 9390.56 MB
Available Virtual: 7139.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.2 GB) (Free:71.92 GB) NTFS
Drive d: (STOCK) (Fixed) (Total:931.51 GB) (Free:843.53 GB) NTFS
Drive f: (YOUEZBEE) (Removable) (Total:7.21 GB) (Free:6.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FE6D3AE5)
Partition: GPT.
========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: FE6D3AF9)
Partition: GPT.
========================================================
Disk: 2 (Size: 7.2 GB) (Disk ID: 0BAEAC0F)
Partition 1: (Active) - (Size=7.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================