Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by samsung (20-01-2018 16:33:30)
Running from C:\Users\samsung\Downloads
Windows 10 Pro Version 1709 16299.192 (X64) (2017-12-17 15:11:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2590778224-12515273-1811115127-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2590778224-12515273-1811115127-503 - Limited - Disabled)
Guest (S-1-5-21-2590778224-12515273-1811115127-501 - Limited - Disabled)
samsung (S-1-5-21-2590778224-12515273-1811115127-1002 - Administrator - Enabled) => C:\Users\samsung
WDAGUtilityAccount (S-1-5-21-2590778224-12515273-1811115127-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2590778224-12515273-1811115127-1002\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
A9CAD (HKLM-x32\...\{C8E104FE-D57E-4082-9524-6C3A1C8DBDD7}) (Version: 2.2.0 - A9Tech)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{D7BFF9DB-7CD7-4F34-ADD9-D17481A91A82}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Ashampoo Internet Accelerator 3.20 (HKLM-x32\...\Ashampoo Internet Accelerator 3_is1) (Version: 3.2.0 - ashampoo GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
Elevated Installer (HKLM-x32\...\{B18AA903-4BA9-45C4-BE06-F90EE091CA01}) (Version: 6.0.0.0 - Garmin Ltd or its subsidiaries) Hidden
FANATEC driver package (HKLM\...\{9A4252C6-0C3C-4C06-A810-9348B36E185D}) (Version: 8.29.3 - Endor AG Fanatec)
Free Video Cutter (HKLM-x32\...\{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1) (Version: - FreeVideoCutter.com)
Garmin Express (HKLM-x32\...\{5d118c52-30ad-455d-bc77-2b4dec81cce5}) (Version: 6.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5F35EB8B-5E1D-46A1-A5C3-FAA408AB61D4}) (Version: 6.0.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{A1A340BC-E833-454E-9EBE-D3B8B147783E}) (Version: 6.0.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoPro (HKLM\...\{1E92618C-EB66-4C4C-9F45-93EC6EF53273}) (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Studio (HKLM-x32\...\{99502BF0-655A-425D-8754-9EEC557D3D73}) (Version: 5.9.2733 - GoPro, Inc.) Hidden
KB4023057 (HKLM\...\{2780660F-8532-4E52-A940-25D3EDCC19B8}) (Version: 2.2.0.0 - Microsoft Corporation)
K-Lite Mega Codec Pack 7.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2590778224-12515273-1811115127-1002\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UpdateAssistant (HKLM-x32\...\{61B90E2F-2DD9-4581-8856-C2441B61571A}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
VdhCoApp 1.0.10 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VFW_Codec32 (HKLM-x32\...\{4275850F-4E2E-4F60-9E73-8BD8F70891D3}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{7010885D-3378-4C9B-B330-88271728EDE5}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VLC media player 1.0.0 (HKLM-x32\...\VLC media player) (Version: 1.0.0 - VideoLAN Team)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2017 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1) (Version: - windows-movie-maker.org)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Wondershare Filmora(Build 8.3.5) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2590778224-12515273-1811115127-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-21] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-21] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-08-20] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-21] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {225020FD-07D5-44FF-8856-0E62D3C56157} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-01-10] (Microsoft Corporation)
Task: {2430A6A0-72A8-4E3B-8AE1-658B179EA6E8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {294F315B-6ECA-46A5-B9E2-C723E02C2810} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {3E09696D-953F-409B-BB47-6128DE2EC6E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {3F7F53F2-265F-4ED5-9917-478006931F79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {409A5041-9882-4EA0-BABD-1CD3AD13A66F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {4A856953-1002-49D8-A1DC-A6F71FF3A68E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {564E443C-A3A0-4830-B015-1AB2003390B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {6CA683BA-BADE-4CF5-8DB1-7D47419FD4BA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-02] (Microsoft Corporation)
Task: {83CF689B-31F1-4209-9371-3C0B9E981BEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {8D51764D-AF46-4848-BF68-128E50D1BD2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {8FA8D4E1-D1DE-4106-8E0F-9034F007E3DB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-01-10] ()
Task: {AF0C51AD-D598-4FD9-97F3-1F8BE408236D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {B96020A6-3B33-4068-BE12-A2F95A7519FF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-08-20] (Realtek Semiconductor)
Task: {C4092BDB-A333-4AF7-97FE-1B367D328AD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {D4A3C55D-FC6F-43A6-9FB9-6CDBD7DEF23B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-49J7PNP-samsung DESKTOP-49J7PNP => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-02] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 16:41 - 2017-09-29 16:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-10-18 16:53 - 2017-10-18 16:53 - 000242176 _____ () C:\Program Files\Fanatec\Fanatec Wheel\FWPnpService.exe
2017-08-20 15:28 - 2016-12-29 16:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-02 06:36 - 2012-10-02 06:36 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-17 08:39 - 2017-12-17 08:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-17 08:39 - 2017-12-17 08:39 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-20 15:51 - 2018-01-20 15:51 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-20 15:51 - 2018-01-20 15:51 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-20 15:51 - 2018-01-20 15:51 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 19:54 - 2018-01-03 19:54 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-20 15:51 - 2018-01-20 15:51 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-05-12 00:39 - 2016-05-12 00:39 - 001088944 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2018-01-20 16:08 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-05-12 00:39 - 2016-05-12 00:39 - 000037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2017-11-12 09:29 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-11-12 09:29 - 2016-10-08 16:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 14:04 - 2015-07-10 14:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2590778224-12515273-1811115127-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Ds3Service => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FWPnpService => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: Steam Client Service => 3
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{390BD62C-7B7F-4C2B-916B-C20E42E5A853}] => (Allow) LPort=1900
FirewallRules: [{FA43D60D-5A29-485F-9F3E-42033661E786}] => (Allow) LPort=2869
FirewallRules: [{0F5934D4-711C-447B-8D4F-E950DBF6F9A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{939A7AB5-72DC-4685-9C31-70ED253B4296}] => (Allow) C:\Users\samsung\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{47D9DA28-E586-4120-B9FB-DC79B3D69BDE}] => (Allow) C:\Users\samsung\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{C19C6EFE-FEA3-4792-B787-65EF0096BB78}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [TCP Query User{6040A9E7-A95B-4CB7-A18D-11B034275CA5}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [{541CF2D6-2A91-4F3F-92CB-4A374426096E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{615F8AE9-18D3-409C-B042-5E59DE412927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [UDP Query User{2111A93E-F9EC-4BE7-8131-555B40EA58FA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D2ACA716-36D8-45FB-B179-6323D7BE282F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{81CECF14-890F-4F29-BB0F-C5329672008C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A2AE0C5E-1479-4673-97FB-9BCA069E37A0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8D3D9D91-B5B4-4AA9-9947-9784A7123E7E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6B340604-4E3C-48FA-813E-C0E1DC2A0A86}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EF304734-9AE8-4C7B-A3BC-2E6540D3E35A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{745C1CBB-9E2D-4558-89B2-8E3C3B38BD04}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D1B0A2CF-4EB0-4C58-8863-0BDAA2109C29}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E11CAD96-EA1F-4ACC-B50D-417D6C6E8812}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B166D9CC-4311-4774-A27A-0B4CE83F63C8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{720D51EE-949A-4A9B-8A8B-F46279C8EB93}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E5C91CED-BFCE-42A0-BF49-519A8B63A9C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{DC9957E9-CCB5-4E5F-91B8-896C41D4CF1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{E1DED6E9-CA70-4D5D-9F08-2921CBBBD641}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe
FirewallRules: [{A82461A5-67A6-4BF4-B5F9-9DC498B45309}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{4C7A9AC1-7FB6-4649-92FB-B1472B4C69A9}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{6D0EC57A-A666-4E11-B020-E94E7E684CF5}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{3E2C7E35-F274-40A1-97F3-2C3041F6538D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
28-12-2017 08:12:22 GoPro Quik
08-01-2018 10:06:34 Windows Update
18-01-2018 18:57:37 Scheduled Checkpoint
20-01-2018 15:20:38 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2018 04:07:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 04:07:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 04:07:28 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/20/2018 03:58:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.192, time stamp: 0x7a3355c2
Faulting module name: RltkAPO64.dll, version: 11.0.6000.434, time stamp: 0x5588e2ea
Exception code: 0xc0000005
Fault offset: 0x000000000019f64b
Faulting process id: 0xaa8
Faulting application start time: 0x01d391edf8424e3c
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\RltkAPO64.dll
Report Id: 60791402-f4ab-4440-9d85-802258be682e
Faulting package full name:
Faulting package-relative application ID:
Error: (01/20/2018 03:56:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 03:56:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 03:56:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 03:56:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/20/2018 03:56:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/20/2018 03:49:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.125, time stamp: 0x71a5988e
Faulting module name: RltkAPO64.dll, version: 11.0.6000.434, time stamp: 0x5588e2ea
Exception code: 0xc0000005
Fault offset: 0x000000000019f64b
Faulting process id: 0xaec
Faulting application start time: 0x01d391eca86999f3
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\RltkAPO64.dll
Report Id: d3bd24bb-e8d7-4af1-b299-b90ea7b1b83e
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (01/20/2018 04:22:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 04:07:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 04:07:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 03:55:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 03:55:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 03:53:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
This operation returned because the timeout period expired.
Error: (01/20/2018 03:53:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-49J7PNP)
Description: The server microsoft.windowscommunicationsapps_17.8730.21865.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (01/20/2018 03:49:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/20/2018 03:49:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (01/20/2018 03:49:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 11989.53 MB
Available physical RAM: 7969.04 MB
Total Virtual: 13845.53 MB
Available Virtual: 10881.69 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:242.76 GB) (Free:188.95 GB) NTFS
Drive e: () (Fixed) (Total:687.37 GB) (Free:536.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DBE3D813)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=242.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=915 MB) - (Type=27)
Partition 4: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by samsung (20-01-2018 16:33:30)
Running from C:\Users\samsung\Downloads
Windows 10 Pro Version 1709 16299.192 (X64) (2017-12-17 15:11:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2590778224-12515273-1811115127-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2590778224-12515273-1811115127-503 - Limited - Disabled)
Guest (S-1-5-21-2590778224-12515273-1811115127-501 - Limited - Disabled)
samsung (S-1-5-21-2590778224-12515273-1811115127-1002 - Administrator - Enabled) => C:\Users\samsung
WDAGUtilityAccount (S-1-5-21-2590778224-12515273-1811115127-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2590778224-12515273-1811115127-1002\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
A9CAD (HKLM-x32\...\{C8E104FE-D57E-4082-9524-6C3A1C8DBDD7}) (Version: 2.2.0 - A9Tech)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{D7BFF9DB-7CD7-4F34-ADD9-D17481A91A82}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Ashampoo Internet Accelerator 3.20 (HKLM-x32\...\Ashampoo Internet Accelerator 3_is1) (Version: 3.2.0 - ashampoo GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
Elevated Installer (HKLM-x32\...\{B18AA903-4BA9-45C4-BE06-F90EE091CA01}) (Version: 6.0.0.0 - Garmin Ltd or its subsidiaries) Hidden
FANATEC driver package (HKLM\...\{9A4252C6-0C3C-4C06-A810-9348B36E185D}) (Version: 8.29.3 - Endor AG Fanatec)
Free Video Cutter (HKLM-x32\...\{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1) (Version: - FreeVideoCutter.com)
Garmin Express (HKLM-x32\...\{5d118c52-30ad-455d-bc77-2b4dec81cce5}) (Version: 6.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5F35EB8B-5E1D-46A1-A5C3-FAA408AB61D4}) (Version: 6.0.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{A1A340BC-E833-454E-9EBE-D3B8B147783E}) (Version: 6.0.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoPro (HKLM\...\{1E92618C-EB66-4C4C-9F45-93EC6EF53273}) (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Studio (HKLM-x32\...\{99502BF0-655A-425D-8754-9EEC557D3D73}) (Version: 5.9.2733 - GoPro, Inc.) Hidden
KB4023057 (HKLM\...\{2780660F-8532-4E52-A940-25D3EDCC19B8}) (Version: 2.2.0.0 - Microsoft Corporation)
K-Lite Mega Codec Pack 7.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2590778224-12515273-1811115127-1002\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UpdateAssistant (HKLM-x32\...\{61B90E2F-2DD9-4581-8856-C2441B61571A}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
VdhCoApp 1.0.10 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VFW_Codec32 (HKLM-x32\...\{4275850F-4E2E-4F60-9E73-8BD8F70891D3}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{7010885D-3378-4C9B-B330-88271728EDE5}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VLC media player 1.0.0 (HKLM-x32\...\VLC media player) (Version: 1.0.0 - VideoLAN Team)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2017 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1) (Version: - windows-movie-maker.org)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Wondershare Filmora(Build 8.3.5) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2590778224-12515273-1811115127-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-21] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-21] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-08-20] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-21] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {225020FD-07D5-44FF-8856-0E62D3C56157} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-01-10] (Microsoft Corporation)
Task: {2430A6A0-72A8-4E3B-8AE1-658B179EA6E8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)
Task: {294F315B-6ECA-46A5-B9E2-C723E02C2810} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {3E09696D-953F-409B-BB47-6128DE2EC6E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {3F7F53F2-265F-4ED5-9917-478006931F79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {409A5041-9882-4EA0-BABD-1CD3AD13A66F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {4A856953-1002-49D8-A1DC-A6F71FF3A68E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {564E443C-A3A0-4830-B015-1AB2003390B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {6CA683BA-BADE-4CF5-8DB1-7D47419FD4BA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-02] (Microsoft Corporation)
Task: {83CF689B-31F1-4209-9371-3C0B9E981BEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {8D51764D-AF46-4848-BF68-128E50D1BD2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-20] (Microsoft Corporation)
Task: {8FA8D4E1-D1DE-4106-8E0F-9034F007E3DB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-01-10] ()
Task: {AF0C51AD-D598-4FD9-97F3-1F8BE408236D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)
Task: {B96020A6-3B33-4068-BE12-A2F95A7519FF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-08-20] (Realtek Semiconductor)
Task: {C4092BDB-A333-4AF7-97FE-1B367D328AD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-21] (Google Inc.)
Task: {D4A3C55D-FC6F-43A6-9FB9-6CDBD7DEF23B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-49J7PNP-samsung DESKTOP-49J7PNP => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-02] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 16:41 - 2017-09-29 16:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-10-18 16:53 - 2017-10-18 16:53 - 000242176 _____ () C:\Program Files\Fanatec\Fanatec Wheel\FWPnpService.exe
2017-08-20 15:28 - 2016-12-29 16:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-02 06:36 - 2012-10-02 06:36 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-17 08:39 - 2017-12-17 08:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-17 08:39 - 2017-12-17 08:39 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-20 15:51 - 2018-01-20 15:51 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-20 15:51 - 2018-01-20 15:51 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-20 15:51 - 2018-01-20 15:51 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 19:54 - 2018-01-03 19:54 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-20 15:51 - 2018-01-20 15:51 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-05-12 00:39 - 2016-05-12 00:39 - 001088944 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2018-01-20 16:08 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-05-12 00:39 - 2016-05-12 00:39 - 000037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2017-11-12 09:29 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-11-12 09:29 - 2016-10-08 16:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 14:04 - 2015-07-10 14:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2590778224-12515273-1811115127-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Ds3Service => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FWPnpService => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: Steam Client Service => 3
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{390BD62C-7B7F-4C2B-916B-C20E42E5A853}] => (Allow) LPort=1900
FirewallRules: [{FA43D60D-5A29-485F-9F3E-42033661E786}] => (Allow) LPort=2869
FirewallRules: [{0F5934D4-711C-447B-8D4F-E950DBF6F9A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{939A7AB5-72DC-4685-9C31-70ED253B4296}] => (Allow) C:\Users\samsung\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{47D9DA28-E586-4120-B9FB-DC79B3D69BDE}] => (Allow) C:\Users\samsung\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{C19C6EFE-FEA3-4792-B787-65EF0096BB78}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [TCP Query User{6040A9E7-A95B-4CB7-A18D-11B034275CA5}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [{541CF2D6-2A91-4F3F-92CB-4A374426096E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{615F8AE9-18D3-409C-B042-5E59DE412927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [UDP Query User{2111A93E-F9EC-4BE7-8131-555B40EA58FA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D2ACA716-36D8-45FB-B179-6323D7BE282F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{81CECF14-890F-4F29-BB0F-C5329672008C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A2AE0C5E-1479-4673-97FB-9BCA069E37A0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8D3D9D91-B5B4-4AA9-9947-9784A7123E7E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6B340604-4E3C-48FA-813E-C0E1DC2A0A86}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EF304734-9AE8-4C7B-A3BC-2E6540D3E35A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{745C1CBB-9E2D-4558-89B2-8E3C3B38BD04}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D1B0A2CF-4EB0-4C58-8863-0BDAA2109C29}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E11CAD96-EA1F-4ACC-B50D-417D6C6E8812}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B166D9CC-4311-4774-A27A-0B4CE83F63C8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{720D51EE-949A-4A9B-8A8B-F46279C8EB93}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E5C91CED-BFCE-42A0-BF49-519A8B63A9C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{DC9957E9-CCB5-4E5F-91B8-896C41D4CF1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{E1DED6E9-CA70-4D5D-9F08-2921CBBBD641}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe
FirewallRules: [{A82461A5-67A6-4BF4-B5F9-9DC498B45309}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{4C7A9AC1-7FB6-4649-92FB-B1472B4C69A9}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{6D0EC57A-A666-4E11-B020-E94E7E684CF5}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{3E2C7E35-F274-40A1-97F3-2C3041F6538D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
28-12-2017 08:12:22 GoPro Quik
08-01-2018 10:06:34 Windows Update
18-01-2018 18:57:37 Scheduled Checkpoint
20-01-2018 15:20:38 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2018 04:07:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 04:07:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 04:07:28 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/20/2018 03:58:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.192, time stamp: 0x7a3355c2
Faulting module name: RltkAPO64.dll, version: 11.0.6000.434, time stamp: 0x5588e2ea
Exception code: 0xc0000005
Fault offset: 0x000000000019f64b
Faulting process id: 0xaa8
Faulting application start time: 0x01d391edf8424e3c
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\RltkAPO64.dll
Report Id: 60791402-f4ab-4440-9d85-802258be682e
Faulting package full name:
Faulting package-relative application ID:
Error: (01/20/2018 03:56:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 03:56:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 03:56:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/20/2018 03:56:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/20/2018 03:56:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/20/2018 03:49:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.125, time stamp: 0x71a5988e
Faulting module name: RltkAPO64.dll, version: 11.0.6000.434, time stamp: 0x5588e2ea
Exception code: 0xc0000005
Fault offset: 0x000000000019f64b
Faulting process id: 0xaec
Faulting application start time: 0x01d391eca86999f3
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\RltkAPO64.dll
Report Id: d3bd24bb-e8d7-4af1-b299-b90ea7b1b83e
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (01/20/2018 04:22:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 04:07:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 04:07:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 03:55:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 03:55:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/20/2018 03:53:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
This operation returned because the timeout period expired.
Error: (01/20/2018 03:53:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-49J7PNP)
Description: The server microsoft.windowscommunicationsapps_17.8730.21865.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (01/20/2018 03:49:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/20/2018 03:49:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Error: (01/20/2018 03:49:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 11989.53 MB
Available physical RAM: 7969.04 MB
Total Virtual: 13845.53 MB
Available Virtual: 10881.69 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:242.76 GB) (Free:188.95 GB) NTFS
Drive e: () (Fixed) (Total:687.37 GB) (Free:536.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DBE3D813)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=242.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=915 MB) - (Type=27)
Partition 4: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================