Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by boultan (13-06-2018 09:44:04)
Running from C:\Users\boultan\Desktop
Windows 10 Home Version 1803 17134.48 (X64) (2018-05-15 10:11:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1298668336-1819217507-725725257-500 - Administrator - Disabled)
boultan (S-1-5-21-1298668336-1819217507-725725257-1000 - Administrator - Enabled) => C:\Users\boultan
DefaultAccount (S-1-5-21-1298668336-1819217507-725725257-503 - Limited - Disabled)
Guest (S-1-5-21-1298668336-1819217507-725725257-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1298668336-1819217507-725725257-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avira (HKLM-x32\...\{606c7b25-e58d-4e72-82dd-4a0e4e163086}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{C7FA948A-FC14-4316-92DC-23AF70C55A10}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.180 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blood Bowl 2 (HKLM-x32\...\Blood Bowl 2_is1) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.0 - Canon Inc.)
ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)
Dropbox (HKLM-x32\...\Dropbox) (Version: 49.4.69 - Dropbox, Inc.)
Europa.Universalis.IV.v1.22.0.Incl.Third.Rome.DLC.Repack version 1.22.0 (HKLM-x32\...\{C3C65A35-CB28-4220-AEF7-946BD52D991D}}_is1) (Version: 1.22.0 - Ali213.net)
FlacSquisher 1.3.5 (HKLM-x32\...\FlacSquisher) (Version: 1.3.5 - FlacSquisher)
Flash Update Installer (HKLM-x32\...\{7C946145-3E41-4A2F-9E9B-89600430A1EA}) (Version: 6.0.1 - Microsoft) Hidden
foobar2000 v1.3.14 (HKLM-x32\...\foobar2000) (Version: 1.3.14 - Peter Pawlowski)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.1.0.5096 - Foxit Software Inc.)
Fuse Installer (HKLM-x32\...\{2A1791D2-A59C-4272-9007-27CCBA23EE25}) (Version: 6.0.1 - Nokia) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.21) (Version: 9.21 - Artifex Software Inc.)
iCloud (HKLM\...\{5BD11939-D2C2-4F1B-AAAF-5ECE19A801F7}) (Version: 7.4.0.111 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
IObit Malware Fighter 6 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 6.0 - IObit)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{A116D7C2-6CD0-42EE-B5AA-0CFD0CF7939B}) (Version: 12.7.5.9 - Apple Inc.)
LibreOffice 5.4.6.2 (HKLM\...\{F662982B-D4F5-4CFA-B2AE-90E16B44FF2F}) (Version: 5.4.6.2 - The Document Foundation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mini Metro (HKLM-x32\...\1434554947_is1) (Version: 2.0.0.3 - GOG.com)
Mises à jour NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Mozilla Firefox 60.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 60.0.2 (x64 fr)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 fr)) (Version: 52.8.0 - Mozilla)
Mp3tag v2.87a (HKLM-x32\...\Mp3tag) (Version: 2.87a - Florian Heidenreich)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
Opera Stable 53.0.2907.68 (HKLM-x32\...\Opera 53.0.2907.68) (Version: 53.0.2907.68 - Opera Software)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Product API Installer (HKLM-x32\...\{B692EBBC-EEEC-4457-A9CD-2B765547C75B}) (Version: 6.0.1 - Microsoft) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.21.0 - Adlice Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sid Meiers Civilization VI Rise and Fall (HKLM-x32\...\Sid Meiers Civilization VI Rise and Fall_is1) (Version: - )
Software Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - Google Inc.) Hidden <==== ATTENTION
Spotify (HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\Spotify) (Version: 1.0.44.100.ga60c0ce1 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Subtitle Edit 3.5.6 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.6.0 - Nikse)
Sweet Home 3D version 5.7 (HKLM\...\Sweet Home 3D_is1) (Version: 5.7 - eTeks)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{eb7a8960-c6f5-4acb-a2e2-9507f0f3a715}) (Version: 3.2.1708.3237 - Lavasoft)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.940 - Broadcom Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{B7F55FF1-607A-4E12-BF64-8770BC618D12}) (Version: 1.1.23.1526 - Microsoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-03-29] (Florian Heidenreich)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-03-18] (Apple Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-03-29] (Florian Heidenreich)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-03-29] (Florian Heidenreich)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1AE1D4F8-2100-4B95-99EF-8B0DBF8CA6E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1E6EC6ED-1E30-4ED0-91CD-3558433F3706} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-05-12] (Microsoft Corporation)
Task: {1F20E23B-E594-4BAC-B20E-5CD297C296A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {1F621950-DC84-4CA2-8DD7-474EF9F46D82} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F7A48C5-8963-4D72-9099-02FCC9D1EBE7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2385319F-47D0-4004-8A50-42222E451804} - \CGN -> No File <==== ATTENTION
Task: {23CD6699-C821-4F33-8BBA-DCFA9797DABF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {26AA09E7-8DB2-4106-822E-2E54B360C4B5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3679D7C6-123A-4336-A4A6-DE7AAD7D0058} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {376667FC-5862-4F01-B2D7-030B518B82DD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49AA8C43-0D2B-452A-A82C-09EE7D052723} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-05-25] (Avira Operations GmbH & Co. KG)
Task: {4A7CB41E-BEA6-4CAC-8841-2C449D4AD20D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {4E7ABBF8-AB67-4EF1-9ACF-817016AB9678} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {55DFA064-A100-4567-86E2-658FDACE15BB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {5FFD842C-DEB5-4953-8A95-A92BC5A522ED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {67FC01EC-0FC7-4CA6-86DE-E3CBD336DBCE} - System32\Tasks\Opera scheduled Autoupdate 1439736115 => C:\Program Files (x86)\Opera\launcher.exe [2018-05-23] (Opera Software)
Task: {68A44684-063B-480B-80F7-71FFA9B4FC1F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {82B26F37-B114-40F1-B78B-A08AA105E7B9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82F0B1DD-DB1C-4EEC-B074-ED6C63453CA0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {841AEEFD-D059-43BC-8DFC-2EA6AD615992} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {87443275-0126-48F5-84AF-E6571EBE2ECA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {8C736089-08F9-42A8-97E3-97CD631D8BB8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9094EB25-A745-4EA2-A790-B5E2F766129A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A0061701-2563-4B46-B3CE-AC51442B634B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A099EBD9-69E9-4910-AD65-EFB689961846} - \PostPoneInstall -> No File <==== ATTENTION
Task: {A7CD7033-9910-440F-BFD9-7DE1BB82D05B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {C78944BF-962E-49CB-AD9A-75E5365FFC10} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C9B858BC-0F03-41D9-B620-7EE472DE44D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CAACF952-9660-435D-851B-972686F6177D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9194EF0-8AEB-4CC0-9B15-54E9FA59E3EA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DF3D9AE4-7DDC-456B-8BC1-341EBE8FC04D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E2A9E166-9789-4E98-8280-E2949CEF1C5F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E7556392-EC5E-40BE-9F5F-BCB8432F8297} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F0BAD983-9E91-4E60-8414-42E3AB7FD20C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {F0C799CE-0476-45A4-9AE0-8E2D5E9A0B4C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0EFD840-F2CB-4286-AB0E-2CFC38BEA295} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {F7D07DF5-C807-478A-A727-4B348D36CCF8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FCFBDC9E-6068-4896-AE3C-8D91F3D91800} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FDFCB84C-6272-42A9-8E49-6CB3B7EF1CAC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-08-28 13:02 - 2015-08-28 13:02 - 000094888 _____ () C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-17 10:43 - 2016-02-17 10:43 - 000049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 01:35 - 2018-04-12 11:19 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-18 11:36 - 2018-05-18 11:36 - 004193792 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-05-03 08:31 - 2018-05-03 08:31 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-05-25 15:04 - 2018-05-23 06:59 - 101425752 _____ () C:\Program Files (x86)\Opera\53.0.2907.68\opera_browser.dll
2018-05-25 15:04 - 2018-05-23 06:59 - 004447832 _____ () C:\Program Files (x86)\Opera\53.0.2907.68\libglesv2.dll
2018-05-25 15:04 - 2018-05-23 06:59 - 000100440 _____ () C:\Program Files (x86)\Opera\53.0.2907.68\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\boultan\Documents\BestOf2013.rar:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\boultan\Documents\BestOf2014.rar:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\boultan\Documents\BestOf2015.rar:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
IE trusted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 01:38 - 2015-08-16 19:47 - 000001023 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 212.27.40.240 - 212.27.40.241
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F9E429C7-DFBF-4E60-A617-A6676789931E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8FE95C60-E437-4709-8443-B7FD720BDEF2}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.99\opera.exe
FirewallRules: [UDP Query User{9F367712-0043-49E7-B042-612EFA4D201B}C:\program files (x86)\subnautica\subnautica.exe] => (Allow) C:\program files (x86)\subnautica\subnautica.exe
FirewallRules: [TCP Query User{2F7C703E-6625-46E9-886C-599AB2AFEE2E}C:\program files (x86)\subnautica\subnautica.exe] => (Allow) C:\program files (x86)\subnautica\subnautica.exe
FirewallRules: [UDP Query User{6EAE18A6-5EEB-4547-8352-B9EA1408C345}C:\program files (x86)\starcraft ii\versions\base64469\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base64469\sc2_x64.exe
FirewallRules: [TCP Query User{007FB245-C903-48A3-AF71-B3ADB1359B17}C:\program files (x86)\starcraft ii\versions\base64469\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base64469\sc2_x64.exe
FirewallRules: [UDP Query User{97172D7F-A4ED-4933-8389-E9BDED89864C}C:\program files (x86)\starcraft ii\versions\base63454\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base63454\sc2_x64.exe
FirewallRules: [TCP Query User{AC1F993B-10B0-443C-9D25-D4528CE20435}C:\program files (x86)\starcraft ii\versions\base63454\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base63454\sc2_x64.exe
FirewallRules: [UDP Query User{E8FCC989-588B-4782-85B6-2FD4371ADC8C}C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe
FirewallRules: [TCP Query User{A305E8A6-5F4E-40FD-89D6-60DDA22CA821}C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe
FirewallRules: [UDP Query User{5E00DAC1-D7B3-46C8-BC90-E14AC4150BC3}E:\torrent\opus.magnum\opus magnum\lightning.exe] => (Block) E:\torrent\opus.magnum\opus magnum\lightning.exe
FirewallRules: [TCP Query User{57DCF47C-D147-4BE6-9810-F3C28A444BDD}E:\torrent\opus.magnum\opus magnum\lightning.exe] => (Block) E:\torrent\opus.magnum\opus magnum\lightning.exe
FirewallRules: [UDP Query User{F92894CB-C3FC-4CDF-BE3B-897936C40532}C:\games\prey\binaries\danielle\x64\release\prey.exe] => (Block) C:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [TCP Query User{41C22C94-C9E1-41AC-A9EB-B5552007CF04}C:\games\prey\binaries\danielle\x64\release\prey.exe] => (Block) C:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{CFD4151B-70D4-4641-B75B-946DEAAF55FE}C:\users\boultan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\boultan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A50632D7-B66F-4F4E-94C5-493A11BA7E15}C:\users\boultan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\boultan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F89DB77C-A177-4A64-9CF0-A2C1F3ABEE7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BCCA70ED-87B7-4A29-B0F1-D94DC05168BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E5CC0AF-D73B-448F-9408-232E486E62E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C76B7DE5-D602-4DA5-913C-75588AEA9562}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1FA0111A-F75A-416D-BD9E-331F8F240B43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CAC68AB3-57CB-4D70-9A11-22658BA0404C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{77375389-41A1-4CA1-8BE0-C0CB6EB85143}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{96ACA130-EBD5-48F5-B1F1-BD64F1522C76}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{239EAE91-2D66-402D-B028-54B8156EF804}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe
FirewallRules: [TCP Query User{87C0D1FB-6ACD-431B-9F51-BE28EA5525C8}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe
FirewallRules: [UDP Query User{D4911189-347B-4769-AEF3-B3604E85807D}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{1E981D21-D058-4778-8633-E970B732B804}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [{D0A2E8EC-381B-4E8C-8697-815FBD4EB992}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E080F2FE-FEC6-4897-9E3E-36EE487EBC8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D516581F-B415-49B5-8921-1FC51B17F4FD}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
FirewallRules: [{3D6F3BE9-65B1-4CBA-BA16-BE29498ECDE5}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
FirewallRules: [{868A4276-627A-43C4-8FC6-1EE0CAAC669F}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
FirewallRules: [{D777831B-C868-45A9-857B-E9EAB2272945}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
FirewallRules: [{1177BB2A-C797-4BA4-9A6A-F501BF3F4549}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66EFE610-94CA-4E86-ACB9-C530AADDD057}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD9C9902-05B5-497F-B21A-59DCE9B2EB08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3FDE01B2-50DF-4475-BD22-C2C6B7AF6BDE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{939995AF-14A8-45BA-B24D-021A88F872D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CAB5F5B6-D3D9-4C02-B5D9-BEA652A2C7F8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{10696134-B55A-4828-898A-0D338B77AA25}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{F25D39E1-D668-4BE8-A166-F0E4E4018B34}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{53D23BF4-108C-47F6-A234-56F5223C9288}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{FD0500CE-24B0-4DB7-9B0A-1B352195D605}C:\program files (x86)\blood bowl 2\benchmarkdx11.exe] => (Block) C:\program files (x86)\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{887F384D-8C2A-4556-8442-516F0C428A4C}C:\program files (x86)\blood bowl 2\benchmarkdx11.exe] => (Block) C:\program files (x86)\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{1E144431-7D35-446A-87AB-67A194EB0CB3}C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe] => (Block) C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{65D7E6DB-A6E2-446C-922A-34960F2E9A14}C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe] => (Block) C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [TCP Query User{B1DDE3F4-1009-42C3-B788-AE8669606AC1}C:\program files (x86)\company of heroes 2 master collection\reliccoh2.exe] => (Block) C:\program files (x86)\company of heroes 2 master collection\reliccoh2.exe
FirewallRules: [UDP Query User{A2F93E04-3C50-414D-8FD7-71190332DC7B}C:\program files (x86)\company of heroes 2 master collection\reliccoh2.exe] => (Block) C:\program files (x86)\company of heroes 2 master collection\reliccoh2.exe
FirewallRules: [{4C993FFC-CCF4-45F5-AD3D-75E022727D6E}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{266D7278-BD67-4594-AC3D-A62FAFA68FD4}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{84D69E0D-B2A5-4D92-874C-E7EF334F0A8B}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE09F88E-F937-4E38-A247-A9DC06BE07CB}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7A130E0E-E664-4C4B-81C6-9AC22C18CC29}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9481473-CE68-4862-A50F-817A09D8E55C}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B2001BA-53D2-4C72-A5B9-540841DD7671}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D67D46AA-9CDB-436F-975F-25A333BF0A3D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F950AA99-B71B-477B-8D53-D9E576E8D463}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{79A31A38-ABD5-4FDC-8E07-C86017632639}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{95FAEE0A-C2DA-4E36-A77A-5ED865013CA3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [TCP Query User{1D3E75B8-C3C0-46EA-AD51-A4F85A9A9F8E}C:\program files (x86)\starcraft ii\versions\base65094\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65094\sc2_x64.exe
FirewallRules: [UDP Query User{51FA8C1D-8C4E-4588-AB1E-8E7612D4C65D}C:\program files (x86)\starcraft ii\versions\base65094\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65094\sc2_x64.exe
FirewallRules: [TCP Query User{C4C1B6A2-298B-44B7-8F42-4FAF54E8E3FC}C:\program files (x86)\starcraft ii\versions\base65094\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65094\sc2.exe
FirewallRules: [UDP Query User{15E64C73-B34C-466F-A14C-8B9C340354A2}C:\program files (x86)\starcraft ii\versions\base65094\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65094\sc2.exe
FirewallRules: [{FE2CD9B7-2ABC-4171-A08A-45651630FC19}] => (Allow) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
FirewallRules: [{35FC3079-1881-417C-9041-F16C542A4B76}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3AA962CB-6D41-4791-9DA0-093278DEDE4A}C:\program files (x86)\starcraft ii\versions\base65384\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65384\sc2_x64.exe
FirewallRules: [UDP Query User{DDB63449-6550-4F9B-82DD-B4A6653E5F05}C:\program files (x86)\starcraft ii\versions\base65384\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65384\sc2_x64.exe
FirewallRules: [{21ABAF12-8F0A-466D-BF0C-8EB405344CD1}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5CDCAC1C-9058-4CD8-8B47-0F4FEF5E5727}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE242C5A-08E3-4674-ACDF-DB21CCE6594A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
21-05-2018 14:54:48 Windows Update
30-05-2018 18:03:31 Installed iTunes
07-06-2018 11:56:39 Scheduled Checkpoint
12-06-2018 08:55:55 Point de contrôle créé par HitmanPro
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/12/2018 08:55:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Access is denied.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {949a5cad-b7dd-480a-8b42-5739814324d7}
Error: (06/11/2018 10:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname boultan-PC.local already in use; will try boultan-PC-2.local instead
Error: (06/11/2018 10:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 boultan-PC.local. Addr 192.168.0.13
Error: (06/11/2018 10:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.13:5353 16 boultan-PC.local. AAAA 2A01:0E35:2E38:BCC0:80B5:6796:81E8:44F4
Error: (06/11/2018 10:31:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 boultan-PC.local. AAAA FE80:0000:0000:0000:80B5:6796:81E8:44F4
Error: (06/11/2018 10:31:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.13:5353 16 boultan-PC.local. AAAA 2A01:0E35:2E38:BCC0:80B5:6796:81E8:44F4
Error: (06/11/2018 10:31:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 boultan-PC.local. Addr 192.168.0.13
Error: (06/11/2018 10:31:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.13:5353 16 boultan-PC.local. AAAA 2A01:0E35:2E38:BCC0:80B5:6796:81E8:44F4
System errors:
=============
Error: (06/13/2018 09:42:01 AM) (Source: DCOM) (EventID: 10016) (User: boultan-PC)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID boultan-PC\boultan de l’utilisateur (S-1-5-21-1298668336-1819217507-725725257-1000) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (06/13/2018 01:39:42 AM) (Source: DCOM) (EventID: 10010) (User: boultan-PC)
Description: Le serveur {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.
Error: (06/12/2018 09:19:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscBrokerManager
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (06/12/2018 09:17:28 PM) (Source: DCOM) (EventID: 10016) (User: boultan-PC)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID boultan-PC\boultan de l’utilisateur (S-1-5-21-1298668336-1819217507-725725257-1000) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (06/12/2018 09:16:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service NetPipeActivator dépend du service WAS qui n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.
Error: (06/12/2018 09:16:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service NetMsmqActivator dépend du service WAS qui n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.
Error: (06/12/2018 09:16:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service W3SVC dépend du service WAS qui n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.
Error: (06/12/2018 09:16:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service NetTcpActivator dépend du service WAS qui n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.
Windows Defender:
===================================
Date: 2018-06-12 16:25:59.736
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Date: 2018-06-12 09:04:34.051
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1740.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-06-12 09:04:34.047
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1740.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-06-12 09:04:34.046
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1740.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-06-12 09:04:33.960
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1740.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-05-17 09:48:15.993
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-05-15 12:11:54.567
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570S CPU @ 2.90GHz
Percentage of memory in use: 40%
Total physical RAM: 8120 MB
Available physical RAM: 4830.59 MB
Total Virtual: 16824 MB
Available Virtual: 13010.89 MB
==================== Drives ================================
Drive c: (Core) (Fixed) (Total:465.22 GB) (Free:247.31 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Media) (Fixed) (Total:238.37 GB) (Free:51.09 GB) NTFS
\\?\Volume{00609e0a-43bd-11e5-a0db-806e6f6e6963}\ (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS
\\?\Volume{ab80fce7-0000-0000-0000-905474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: AB80FCE7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 17AB5931)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by boultan (13-06-2018 09:44:04)
Running from C:\Users\boultan\Desktop
Windows 10 Home Version 1803 17134.48 (X64) (2018-05-15 10:11:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1298668336-1819217507-725725257-500 - Administrator - Disabled)
boultan (S-1-5-21-1298668336-1819217507-725725257-1000 - Administrator - Enabled) => C:\Users\boultan
DefaultAccount (S-1-5-21-1298668336-1819217507-725725257-503 - Limited - Disabled)
Guest (S-1-5-21-1298668336-1819217507-725725257-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1298668336-1819217507-725725257-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avira (HKLM-x32\...\{606c7b25-e58d-4e72-82dd-4a0e4e163086}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{C7FA948A-FC14-4316-92DC-23AF70C55A10}) (Version: 1.2.114.16977 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.180 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blood Bowl 2 (HKLM-x32\...\Blood Bowl 2_is1) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.0 - Canon Inc.)
ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)
Dropbox (HKLM-x32\...\Dropbox) (Version: 49.4.69 - Dropbox, Inc.)
Europa.Universalis.IV.v1.22.0.Incl.Third.Rome.DLC.Repack version 1.22.0 (HKLM-x32\...\{C3C65A35-CB28-4220-AEF7-946BD52D991D}}_is1) (Version: 1.22.0 - Ali213.net)
FlacSquisher 1.3.5 (HKLM-x32\...\FlacSquisher) (Version: 1.3.5 - FlacSquisher)
Flash Update Installer (HKLM-x32\...\{7C946145-3E41-4A2F-9E9B-89600430A1EA}) (Version: 6.0.1 - Microsoft) Hidden
foobar2000 v1.3.14 (HKLM-x32\...\foobar2000) (Version: 1.3.14 - Peter Pawlowski)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.1.0.5096 - Foxit Software Inc.)
Fuse Installer (HKLM-x32\...\{2A1791D2-A59C-4272-9007-27CCBA23EE25}) (Version: 6.0.1 - Nokia) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.21) (Version: 9.21 - Artifex Software Inc.)
iCloud (HKLM\...\{5BD11939-D2C2-4F1B-AAAF-5ECE19A801F7}) (Version: 7.4.0.111 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
IObit Malware Fighter 6 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 6.0 - IObit)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{A116D7C2-6CD0-42EE-B5AA-0CFD0CF7939B}) (Version: 12.7.5.9 - Apple Inc.)
LibreOffice 5.4.6.2 (HKLM\...\{F662982B-D4F5-4CFA-B2AE-90E16B44FF2F}) (Version: 5.4.6.2 - The Document Foundation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mini Metro (HKLM-x32\...\1434554947_is1) (Version: 2.0.0.3 - GOG.com)
Mises à jour NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Mozilla Firefox 60.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 60.0.2 (x64 fr)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 fr)) (Version: 52.8.0 - Mozilla)
Mp3tag v2.87a (HKLM-x32\...\Mp3tag) (Version: 2.87a - Florian Heidenreich)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
Opera Stable 53.0.2907.68 (HKLM-x32\...\Opera 53.0.2907.68) (Version: 53.0.2907.68 - Opera Software)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Product API Installer (HKLM-x32\...\{B692EBBC-EEEC-4457-A9CD-2B765547C75B}) (Version: 6.0.1 - Microsoft) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.21.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.21.0 - Adlice Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sid Meiers Civilization VI Rise and Fall (HKLM-x32\...\Sid Meiers Civilization VI Rise and Fall_is1) (Version: - )
Software Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - Google Inc.) Hidden <==== ATTENTION
Spotify (HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\Spotify) (Version: 1.0.44.100.ga60c0ce1 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Subtitle Edit 3.5.6 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.6.0 - Nikse)
Sweet Home 3D version 5.7 (HKLM\...\Sweet Home 3D_is1) (Version: 5.7 - eTeks)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{eb7a8960-c6f5-4acb-a2e2-9507f0f3a715}) (Version: 3.2.1708.3237 - Lavasoft)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.940 - Broadcom Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{B7F55FF1-607A-4E12-BF64-8770BC618D12}) (Version: 1.1.23.1526 - Microsoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-03-29] (Florian Heidenreich)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-03-18] (Apple Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-03-29] (Florian Heidenreich)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-03-29] (Florian Heidenreich)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1AE1D4F8-2100-4B95-99EF-8B0DBF8CA6E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1E6EC6ED-1E30-4ED0-91CD-3558433F3706} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-05-12] (Microsoft Corporation)
Task: {1F20E23B-E594-4BAC-B20E-5CD297C296A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {1F621950-DC84-4CA2-8DD7-474EF9F46D82} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F7A48C5-8963-4D72-9099-02FCC9D1EBE7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2385319F-47D0-4004-8A50-42222E451804} - \CGN -> No File <==== ATTENTION
Task: {23CD6699-C821-4F33-8BBA-DCFA9797DABF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {26AA09E7-8DB2-4106-822E-2E54B360C4B5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3679D7C6-123A-4336-A4A6-DE7AAD7D0058} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {376667FC-5862-4F01-B2D7-030B518B82DD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49AA8C43-0D2B-452A-A82C-09EE7D052723} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-05-25] (Avira Operations GmbH & Co. KG)
Task: {4A7CB41E-BEA6-4CAC-8841-2C449D4AD20D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {4E7ABBF8-AB67-4EF1-9ACF-817016AB9678} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {55DFA064-A100-4567-86E2-658FDACE15BB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {5FFD842C-DEB5-4953-8A95-A92BC5A522ED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {67FC01EC-0FC7-4CA6-86DE-E3CBD336DBCE} - System32\Tasks\Opera scheduled Autoupdate 1439736115 => C:\Program Files (x86)\Opera\launcher.exe [2018-05-23] (Opera Software)
Task: {68A44684-063B-480B-80F7-71FFA9B4FC1F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {82B26F37-B114-40F1-B78B-A08AA105E7B9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {82F0B1DD-DB1C-4EEC-B074-ED6C63453CA0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {841AEEFD-D059-43BC-8DFC-2EA6AD615992} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {87443275-0126-48F5-84AF-E6571EBE2ECA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {8C736089-08F9-42A8-97E3-97CD631D8BB8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9094EB25-A745-4EA2-A790-B5E2F766129A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A0061701-2563-4B46-B3CE-AC51442B634B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A099EBD9-69E9-4910-AD65-EFB689961846} - \PostPoneInstall -> No File <==== ATTENTION
Task: {A7CD7033-9910-440F-BFD9-7DE1BB82D05B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {C78944BF-962E-49CB-AD9A-75E5365FFC10} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C9B858BC-0F03-41D9-B620-7EE472DE44D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CAACF952-9660-435D-851B-972686F6177D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D9194EF0-8AEB-4CC0-9B15-54E9FA59E3EA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DF3D9AE4-7DDC-456B-8BC1-341EBE8FC04D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E2A9E166-9789-4E98-8280-E2949CEF1C5F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E7556392-EC5E-40BE-9F5F-BCB8432F8297} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F0BAD983-9E91-4E60-8414-42E3AB7FD20C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {F0C799CE-0476-45A4-9AE0-8E2D5E9A0B4C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0EFD840-F2CB-4286-AB0E-2CFC38BEA295} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {F7D07DF5-C807-478A-A727-4B348D36CCF8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FCFBDC9E-6068-4896-AE3C-8D91F3D91800} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FDFCB84C-6272-42A9-8E49-6CB3B7EF1CAC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-08-28 13:02 - 2015-08-28 13:02 - 000094888 _____ () C:\Program Files (x86)\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-17 10:43 - 2016-02-17 10:43 - 000049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 01:35 - 2018-04-12 11:19 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-18 11:36 - 2018-05-18 11:36 - 004193792 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-05-03 08:31 - 2018-05-03 08:31 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-05-25 15:04 - 2018-05-23 06:59 - 101425752 _____ () C:\Program Files (x86)\Opera\53.0.2907.68\opera_browser.dll
2018-05-25 15:04 - 2018-05-23 06:59 - 004447832 _____ () C:\Program Files (x86)\Opera\53.0.2907.68\libglesv2.dll
2018-05-25 15:04 - 2018-05-23 06:59 - 000100440 _____ () C:\Program Files (x86)\Opera\53.0.2907.68\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\boultan\Documents\BestOf2013.rar:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\boultan\Documents\BestOf2014.rar:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\boultan\Documents\BestOf2015.rar:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
IE trusted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 01:38 - 2015-08-16 19:47 - 000001023 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 212.27.40.240 - 212.27.40.241
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1298668336-1819217507-725725257-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F9E429C7-DFBF-4E60-A617-A6676789931E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8FE95C60-E437-4709-8443-B7FD720BDEF2}] => (Allow) C:\Program Files (x86)\Opera\52.0.2871.99\opera.exe
FirewallRules: [UDP Query User{9F367712-0043-49E7-B042-612EFA4D201B}C:\program files (x86)\subnautica\subnautica.exe] => (Allow) C:\program files (x86)\subnautica\subnautica.exe
FirewallRules: [TCP Query User{2F7C703E-6625-46E9-886C-599AB2AFEE2E}C:\program files (x86)\subnautica\subnautica.exe] => (Allow) C:\program files (x86)\subnautica\subnautica.exe
FirewallRules: [UDP Query User{6EAE18A6-5EEB-4547-8352-B9EA1408C345}C:\program files (x86)\starcraft ii\versions\base64469\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base64469\sc2_x64.exe
FirewallRules: [TCP Query User{007FB245-C903-48A3-AF71-B3ADB1359B17}C:\program files (x86)\starcraft ii\versions\base64469\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base64469\sc2_x64.exe
FirewallRules: [UDP Query User{97172D7F-A4ED-4933-8389-E9BDED89864C}C:\program files (x86)\starcraft ii\versions\base63454\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base63454\sc2_x64.exe
FirewallRules: [TCP Query User{AC1F993B-10B0-443C-9D25-D4528CE20435}C:\program files (x86)\starcraft ii\versions\base63454\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base63454\sc2_x64.exe
FirewallRules: [UDP Query User{E8FCC989-588B-4782-85B6-2FD4371ADC8C}C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe
FirewallRules: [TCP Query User{A305E8A6-5F4E-40FD-89D6-60DDA22CA821}C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base62848\sc2_x64.exe
FirewallRules: [UDP Query User{5E00DAC1-D7B3-46C8-BC90-E14AC4150BC3}E:\torrent\opus.magnum\opus magnum\lightning.exe] => (Block) E:\torrent\opus.magnum\opus magnum\lightning.exe
FirewallRules: [TCP Query User{57DCF47C-D147-4BE6-9810-F3C28A444BDD}E:\torrent\opus.magnum\opus magnum\lightning.exe] => (Block) E:\torrent\opus.magnum\opus magnum\lightning.exe
FirewallRules: [UDP Query User{F92894CB-C3FC-4CDF-BE3B-897936C40532}C:\games\prey\binaries\danielle\x64\release\prey.exe] => (Block) C:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [TCP Query User{41C22C94-C9E1-41AC-A9EB-B5552007CF04}C:\games\prey\binaries\danielle\x64\release\prey.exe] => (Block) C:\games\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{CFD4151B-70D4-4641-B75B-946DEAAF55FE}C:\users\boultan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\boultan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A50632D7-B66F-4F4E-94C5-493A11BA7E15}C:\users\boultan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\boultan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F89DB77C-A177-4A64-9CF0-A2C1F3ABEE7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BCCA70ED-87B7-4A29-B0F1-D94DC05168BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E5CC0AF-D73B-448F-9408-232E486E62E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C76B7DE5-D602-4DA5-913C-75588AEA9562}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1FA0111A-F75A-416D-BD9E-331F8F240B43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CAC68AB3-57CB-4D70-9A11-22658BA0404C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{77375389-41A1-4CA1-8BE0-C0CB6EB85143}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{96ACA130-EBD5-48F5-B1F1-BD64F1522C76}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{239EAE91-2D66-402D-B028-54B8156EF804}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe
FirewallRules: [TCP Query User{87C0D1FB-6ACD-431B-9F51-BE28EA5525C8}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe
FirewallRules: [UDP Query User{D4911189-347B-4769-AEF3-B3604E85807D}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{1E981D21-D058-4778-8633-E970B732B804}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [{D0A2E8EC-381B-4E8C-8697-815FBD4EB992}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E080F2FE-FEC6-4897-9E3E-36EE487EBC8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D516581F-B415-49B5-8921-1FC51B17F4FD}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
FirewallRules: [{3D6F3BE9-65B1-4CBA-BA16-BE29498ECDE5}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
FirewallRules: [{868A4276-627A-43C4-8FC6-1EE0CAAC669F}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
FirewallRules: [{D777831B-C868-45A9-857B-E9EAB2272945}] => (Allow) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
FirewallRules: [{1177BB2A-C797-4BA4-9A6A-F501BF3F4549}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66EFE610-94CA-4E86-ACB9-C530AADDD057}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD9C9902-05B5-497F-B21A-59DCE9B2EB08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3FDE01B2-50DF-4475-BD22-C2C6B7AF6BDE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{939995AF-14A8-45BA-B24D-021A88F872D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CAB5F5B6-D3D9-4C02-B5D9-BEA652A2C7F8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{10696134-B55A-4828-898A-0D338B77AA25}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{F25D39E1-D668-4BE8-A166-F0E4E4018B34}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{53D23BF4-108C-47F6-A234-56F5223C9288}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{FD0500CE-24B0-4DB7-9B0A-1B352195D605}C:\program files (x86)\blood bowl 2\benchmarkdx11.exe] => (Block) C:\program files (x86)\blood bowl 2\benchmarkdx11.exe
FirewallRules: [UDP Query User{887F384D-8C2A-4556-8442-516F0C428A4C}C:\program files (x86)\blood bowl 2\benchmarkdx11.exe] => (Block) C:\program files (x86)\blood bowl 2\benchmarkdx11.exe
FirewallRules: [TCP Query User{1E144431-7D35-446A-87AB-67A194EB0CB3}C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe] => (Block) C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [UDP Query User{65D7E6DB-A6E2-446C-922A-34960F2E9A14}C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe] => (Block) C:\program files (x86)\blood bowl 2\bloodbowl2_dx_32.exe
FirewallRules: [TCP Query User{B1DDE3F4-1009-42C3-B788-AE8669606AC1}C:\program files (x86)\company of heroes 2 master collection\reliccoh2.exe] => (Block) C:\program files (x86)\company of heroes 2 master collection\reliccoh2.exe
FirewallRules: [UDP Query User{A2F93E04-3C50-414D-8FD7-71190332DC7B}C:\program files (x86)\company of heroes 2 master collection\reliccoh2.exe] => (Block) C:\program files (x86)\company of heroes 2 master collection\reliccoh2.exe
FirewallRules: [{4C993FFC-CCF4-45F5-AD3D-75E022727D6E}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{266D7278-BD67-4594-AC3D-A62FAFA68FD4}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{84D69E0D-B2A5-4D92-874C-E7EF334F0A8B}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE09F88E-F937-4E38-A247-A9DC06BE07CB}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7A130E0E-E664-4C4B-81C6-9AC22C18CC29}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9481473-CE68-4862-A50F-817A09D8E55C}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B2001BA-53D2-4C72-A5B9-540841DD7671}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D67D46AA-9CDB-436F-975F-25A333BF0A3D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F950AA99-B71B-477B-8D53-D9E576E8D463}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{79A31A38-ABD5-4FDC-8E07-C86017632639}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{95FAEE0A-C2DA-4E36-A77A-5ED865013CA3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [TCP Query User{1D3E75B8-C3C0-46EA-AD51-A4F85A9A9F8E}C:\program files (x86)\starcraft ii\versions\base65094\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65094\sc2_x64.exe
FirewallRules: [UDP Query User{51FA8C1D-8C4E-4588-AB1E-8E7612D4C65D}C:\program files (x86)\starcraft ii\versions\base65094\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65094\sc2_x64.exe
FirewallRules: [TCP Query User{C4C1B6A2-298B-44B7-8F42-4FAF54E8E3FC}C:\program files (x86)\starcraft ii\versions\base65094\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65094\sc2.exe
FirewallRules: [UDP Query User{15E64C73-B34C-466F-A14C-8B9C340354A2}C:\program files (x86)\starcraft ii\versions\base65094\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65094\sc2.exe
FirewallRules: [{FE2CD9B7-2ABC-4171-A08A-45651630FC19}] => (Allow) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
FirewallRules: [{35FC3079-1881-417C-9041-F16C542A4B76}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3AA962CB-6D41-4791-9DA0-093278DEDE4A}C:\program files (x86)\starcraft ii\versions\base65384\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65384\sc2_x64.exe
FirewallRules: [UDP Query User{DDB63449-6550-4F9B-82DD-B4A6653E5F05}C:\program files (x86)\starcraft ii\versions\base65384\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base65384\sc2_x64.exe
FirewallRules: [{21ABAF12-8F0A-466D-BF0C-8EB405344CD1}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5CDCAC1C-9058-4CD8-8B47-0F4FEF5E5727}] => (Allow) C:\Users\boultan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE242C5A-08E3-4674-ACDF-DB21CCE6594A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
21-05-2018 14:54:48 Windows Update
30-05-2018 18:03:31 Installed iTunes
07-06-2018 11:56:39 Scheduled Checkpoint
12-06-2018 08:55:55 Point de contrôle créé par HitmanPro
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/12/2018 08:55:55 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Access is denied.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {949a5cad-b7dd-480a-8b42-5739814324d7}
Error: (06/11/2018 10:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname boultan-PC.local already in use; will try boultan-PC-2.local instead
Error: (06/11/2018 10:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 boultan-PC.local. Addr 192.168.0.13
Error: (06/11/2018 10:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.13:5353 16 boultan-PC.local. AAAA 2A01:0E35:2E38:BCC0:80B5:6796:81E8:44F4
Error: (06/11/2018 10:31:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 boultan-PC.local. AAAA FE80:0000:0000:0000:80B5:6796:81E8:44F4
Error: (06/11/2018 10:31:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.13:5353 16 boultan-PC.local. AAAA 2A01:0E35:2E38:BCC0:80B5:6796:81E8:44F4
Error: (06/11/2018 10:31:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 boultan-PC.local. Addr 192.168.0.13
Error: (06/11/2018 10:31:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.13:5353 16 boultan-PC.local. AAAA 2A01:0E35:2E38:BCC0:80B5:6796:81E8:44F4
System errors:
=============
Error: (06/13/2018 09:42:01 AM) (Source: DCOM) (EventID: 10016) (User: boultan-PC)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID boultan-PC\boultan de l’utilisateur (S-1-5-21-1298668336-1819217507-725725257-1000) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (06/13/2018 01:39:42 AM) (Source: DCOM) (EventID: 10010) (User: boultan-PC)
Description: Le serveur {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.
Error: (06/12/2018 09:19:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Launch pour l’application serveur COM avec le CLSID
Windows.SecurityCenter.WscBrokerManager
et l’APPID
Unavailable
au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (06/12/2018 09:17:28 PM) (Source: DCOM) (EventID: 10016) (User: boultan-PC)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID boultan-PC\boultan de l’utilisateur (S-1-5-21-1298668336-1819217507-725725257-1000) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
Error: (06/12/2018 09:16:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service NetPipeActivator dépend du service WAS qui n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.
Error: (06/12/2018 09:16:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service NetMsmqActivator dépend du service WAS qui n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.
Error: (06/12/2018 09:16:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service W3SVC dépend du service WAS qui n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.
Error: (06/12/2018 09:16:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service NetTcpActivator dépend du service WAS qui n’a pas pu démarrer en raison de l’erreur :
Le fichier spécifié est introuvable.
Windows Defender:
===================================
Date: 2018-06-12 16:25:59.736
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Date: 2018-06-12 09:04:34.051
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1740.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-06-12 09:04:34.047
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1740.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-06-12 09:04:34.046
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1740.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2018-06-12 09:04:33.960
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.1740.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2018-05-17 09:48:15.993
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-05-15 12:11:54.567
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570S CPU @ 2.90GHz
Percentage of memory in use: 40%
Total physical RAM: 8120 MB
Available physical RAM: 4830.59 MB
Total Virtual: 16824 MB
Available Virtual: 13010.89 MB
==================== Drives ================================
Drive c: (Core) (Fixed) (Total:465.22 GB) (Free:247.31 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Media) (Fixed) (Total:238.37 GB) (Free:51.09 GB) NTFS
\\?\Volume{00609e0a-43bd-11e5-a0db-806e6f6e6963}\ (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS
\\?\Volume{ab80fce7-0000-0000-0000-905474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: AB80FCE7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 17AB5931)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================