Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by David at 2015-06-13 12:47:35 Running from C:\Users\David\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrateur (S-1-5-21-1048256787-344287163-565126587-500 - Administrator - Disabled) David (S-1-5-21-1048256787-344287163-565126587-1000 - Administrator - Enabled) => C:\Users\David Invité (S-1-5-21-1048256787-344287163-565126587-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1048256787-344287163-565126587-1000\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-1048256787-344287163-565126587-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}) (Version: 1.3.17.25001 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.3.17.25001 - Alcor Micro Corp.) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.18 - asus) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS) BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform) Dropbox (HKU\S-1-5-21-1048256787-344287163-565126587-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) ETDWare PS/2-x64 7.0.5.7_WHQL (HKLM\...\Elantech) (Version: - ) Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.) GameRanger (HKU\S-1-5-21-1048256787-344287163-565126587-1000\...\GameRanger) (Version: - GameRanger Technologies) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Ma-Config.com (64 bits) (HKLM\...\{E1322B8A-6F66-44ED-95D5-7FEBC50AC814}) (Version: 7.1.5.0 - Cybelsoft) Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professionnel Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mises à jour NVIDIA 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Logiciel système PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Pilote audio HD : 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Pilote graphique 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) Panneau de configuration NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd) qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project) Quake III Arena Point Release 1.32 (HKLM-x32\...\Quake III Arena Point Release 1.32) (Version: - ) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1200 - Nom de votre société) Super Hide IP (HKLM-x32\...\SuperHideIP) (Version: 3.0.6.2 - ) USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinDirStat 1.1.2 (HKU\S-1-5-21-1048256787-344287163-565126587-1000\...\WinDirStat) (Version: - ) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS) ZHPDiag 2015 (HKLM-x32\...\ZHPDiag_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1048256787-344287163-565126587-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:34 - 2015-06-12 14:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {022014B0-CCFF-43A7-AFD3-FDCCD068C5EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {198C2664-F805-4EB2-A43A-6C8EE24498BC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {23E3CA3D-1EED-4349-8F69-CF741EC6C010} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS) Task: {40073742-A8B6-4AC4-9970-86B7E70607CA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {4B1946CD-DEC1-4481-AB53-10FA5CFD4536} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-07-24] () Task: {5ABD0339-B202-41E6-B365-A89F9B4CF41D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {657971F8-0D46-404A-9FCF-08B3F9B5B975} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {8B585691-B8AF-4FAB-86CE-C053D3DDD781} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd) Task: {914982B0-9407-45FD-A6E4-DF59E5CE1D71} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {B70EC1E1-3DB2-4446-9589-9EFE8E93CFBD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {C3C257E0-36F5-44C1-9B55-66153C1F1035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.) Task: {CAB5AD76-EDBF-4491-93B8-19138241F973} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-12-06 18:29 - 2014-07-02 15:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2009-07-24 06:32 - 2009-07-24 06:32 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe 2014-10-11 09:06 - 2014-10-11 09:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 09:05 - 2014-10-11 09:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-06-13 11:36 - 2015-06-13 11:36 - 00043008 _____ () c:\users\david\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvbvavs.dll 2015-03-04 18:45 - 2015-03-04 18:45 - 00750080 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 18:45 - 2015-03-04 18:45 - 00047616 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 18:45 - 2015-03-04 18:45 - 00865280 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 18:45 - 2015-03-04 18:45 - 00200704 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\David\Desktop\CV - LM.lnk:com.dropbox.attributes ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1048256787-344287163-565126587-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: VoipConnect => "D:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe" -nosplash -minimized ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{283276B3-F746-4638-881B-2FD11D003E6D}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3016982E-3367-49ED-ABB5-D4FCC281D73D}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{392A2FCA-4582-4370-8515-13E0FF42BD59}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\david\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{EC9F6862-5FFF-4E1A-A0CC-33B79FCB6871}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\david\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{AB269713-015E-4232-8A36-8F91AAD06A72}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\david\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{542106B3-F883-44B9-9227-7F863DE5E07F}C:\users\david\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\david\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{DE9B4158-37D0-480D-B85B-AA5798B86DAD}C:\users\david\downloads\utorrent.exe] => (Allow) C:\users\david\downloads\utorrent.exe FirewallRules: [UDP Query User{3245E2C1-2578-443A-8C9E-24A572B06A29}C:\users\david\downloads\utorrent.exe] => (Allow) C:\users\david\downloads\utorrent.exe FirewallRules: [{16A0D637-939D-4746-A2B1-AAEB69274806}] => (Allow) LPort=48113 FirewallRules: [{5D730258-0A3E-4615-82EC-A09CED898D8E}] => (Allow) LPort=48114 FirewallRules: [{FDE89F85-78FF-471E-8E17-70D2445AAC4A}] => (Allow) C:\Program Files\ma-config.com\MaConfigAgent.exe FirewallRules: [{B55D0CA2-CE7A-4C01-B65E-DE5B93D6C252}] => (Allow) C:\Program Files\ma-config.com\MaConfigAgent.exe FirewallRules: [{C7F6C81F-918C-4520-985F-C3F1B15DDFBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{36A1DA13-D30A-4BF4-BD06-F17E7082EA61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{57455261-4EF9-4F1B-BB12-F88A02D6CD25}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9C317823-3A88-4DD3-BCE6-0F365228FD54}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{AC0CDDA1-5DD6-4E5E-B903-8E25CAB7F856}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{ED3F6F98-AD6C-4F7F-8CAD-7910B8DB42A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{123F2BDC-963C-4581-83A9-6A34CFEB8AB7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{09C35C61-B33D-4483-92DA-6B172A649F33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{CFFDA5B2-204B-40C8-B01D-9C5671E3D0C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{6B89E2F2-211D-4B90-8E91-1AF8D1F8AE30}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{61CD5D21-2CC9-40C1-BADE-3FF342E98A86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{7E7B09CD-CB55-4123-9AD4-EFE27AA5D0D3}] => (Allow) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{A27E2931-5FC1-4727-AE0D-ECC14A05AD30}] => (Allow) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{45180A32-8755-4256-8141-FCCB5D69EDE4}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{22AA3C4C-1A44-499D-88DA-1211164C6CD1}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{507E2AB9-AF77-4823-A87F-058903F2D066}C:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{4D8A2BB7-94FC-4A5D-8C24-BB45373C7F39}C:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [TCP Query User{FCF6C90F-0378-4920-B298-AA0CF26A220F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{45E2480C-2FA3-487B-9B1C-97F28D906A34}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [TCP Query User{220CA3CB-1192-4760-A89F-E35860F22CE7}C:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{AB3D0DE7-511C-444E-AAB8-FF94422EC8C1}C:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [TCP Query User{20E782C2-E4D4-4CB4-9D2E-C7E76907ADFF}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{DE42AFB0-9FDE-4B99-885A-DCE46F84BBC1}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [TCP Query User{7B57437E-E100-49F0-BB14-AF1CAFD85182}C:\users\david\downloads\utorrent.exe] => (Allow) C:\users\david\downloads\utorrent.exe FirewallRules: [UDP Query User{C8D1D20E-03F1-41F0-AF0C-DD29BDB00C06}C:\users\david\downloads\utorrent.exe] => (Allow) C:\users\david\downloads\utorrent.exe FirewallRules: [{9DE42FB6-6C00-4CAC-8FA9-2CC8A44B7DC0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{ECA0CE91-ADF3-4FEE-A1A2-D7881E590536}D:\age of empires ii\age of empires ii 1.0\age2_x1\age2_x1.exe] => (Allow) D:\age of empires ii\age of empires ii 1.0\age2_x1\age2_x1.exe FirewallRules: [UDP Query User{6B110600-6ECF-42EB-BEDA-893CECAB1E2E}D:\age of empires ii\age of empires ii 1.0\age2_x1\age2_x1.exe] => (Allow) D:\age of empires ii\age of empires ii 1.0\age2_x1\age2_x1.exe FirewallRules: [TCP Query User{12D99087-646A-4303-88D5-B2F8D66F6DA8}D:\age of empires ii\age of empires ii 1.0c\age2_x1\age2_x1.exe] => (Allow) D:\age of empires ii\age of empires ii 1.0c\age2_x1\age2_x1.exe FirewallRules: [UDP Query User{E1FFA8B9-3268-4092-B01E-2E5242778FF2}D:\age of empires ii\age of empires ii 1.0c\age2_x1\age2_x1.exe] => (Allow) D:\age of empires ii\age of empires ii 1.0c\age2_x1\age2_x1.exe FirewallRules: [TCP Query User{58072F38-EFCD-4E34-8306-BF1C283BF522}D:\age of empires ii\age of empires ii 1.0\age2_x1\age2_x1.exe] => (Allow) D:\age of empires ii\age of empires ii 1.0\age2_x1\age2_x1.exe FirewallRules: [UDP Query User{4451C284-D0CB-45A8-B467-E179A1242A29}D:\age of empires ii\age of empires ii 1.0\age2_x1\age2_x1.exe] => (Allow) D:\age of empires ii\age of empires ii 1.0\age2_x1\age2_x1.exe FirewallRules: [{21FF6180-1950-4C01-83AE-D110C15BB86D}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe FirewallRules: [{C14123B9-2B55-42BF-86F7-46F62794CAE7}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe FirewallRules: [{2679001B-4162-4408-B0FE-354BCD0DE8E0}] => (Allow) LPort=4481 FirewallRules: [{8CB71772-019C-46A0-92C0-F27D1A24142D}] => (Allow) LPort=4481 FirewallRules: [{8D48C585-1770-4929-A389-28BE658292F3}] => (Allow) LPort=4482 FirewallRules: [{58A386E9-1ABB-4839-BF2C-D88956D8B4C8}] => (Allow) LPort=4482 FirewallRules: [TCP Query User{F8DB21F9-01CF-416A-B998-FE315F309A6F}C:\users\david\appdata\roaming\utorrent\updates\3.4.2_38913.exe] => (Allow) C:\users\david\appdata\roaming\utorrent\updates\3.4.2_38913.exe FirewallRules: [UDP Query User{E19612F7-B3A8-457E-B405-837B06D0DA9B}C:\users\david\appdata\roaming\utorrent\updates\3.4.2_38913.exe] => (Allow) C:\users\david\appdata\roaming\utorrent\updates\3.4.2_38913.exe FirewallRules: [{71466E53-164B-4249-B59E-CAFD7F17B40D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{8D5D5B34-1ED6-444B-8FEE-10061CDDFBE8}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [TCP Query User{2B1EFB6E-A13F-4FC5-97ED-47A89007FFC1}D:\age of empires ii\age of empires ii 1.0c\age2_x1\age2_x1.exe] => (Allow) D:\age of empires ii\age of empires ii 1.0c\age2_x1\age2_x1.exe FirewallRules: [UDP Query User{5ADEF5C7-1A39-4232-8E91-82F589ABDD07}D:\age of empires ii\age of empires ii 1.0c\age2_x1\age2_x1.exe] => (Allow) D:\age of empires ii\age of empires ii 1.0c\age2_x1\age2_x1.exe FirewallRules: [TCP Query User{8D18EE9E-E490-43CB-BBE0-6F8E31D5E776}C:\users\david\desktop\cs 1.6\hl.exe] => (Allow) C:\users\david\desktop\cs 1.6\hl.exe FirewallRules: [UDP Query User{217DF528-3DAA-4AB1-960B-3E5CB8A68F38}C:\users\david\desktop\cs 1.6\hl.exe] => (Allow) C:\users\david\desktop\cs 1.6\hl.exe FirewallRules: [{020CB111-5516-438F-8F8E-B5DCC02692E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2015 00:35:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1794666 Error: (06/13/2015 00:35:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1794666 Error: (06/13/2015 00:35:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/12/2015 08:35:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3650 Error: (06/12/2015 08:35:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3650 Error: (06/12/2015 08:35:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/12/2015 08:35:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1669 Error: (06/12/2015 08:35:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1669 Error: (06/12/2015 08:35:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/12/2015 08:10:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1218492 System errors: ============= Error: (06/13/2015 00:06:04 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: ) Description: Le microprogramme de la plateforme a endommagé la mémoire lors de la précédente transition d’alimentation du système. Recherchez un microprogramme plus récent à utiliser pour votre système. Error: (06/13/2015 11:35:14 AM) (Source: volsnap) (EventID: 27) (User: ) Description: Les clichés instantanés C: ont été annulés pendant la détection car un fichier de contrôle critique n’a pas pu être ouvert. Error: (06/13/2015 11:35:08 AM) (Source: volsnap) (EventID: 27) (User: ) Description: Les clichés instantanés C: ont été annulés pendant la détection car un fichier de contrôle critique n’a pas pu être ouvert. Error: (06/13/2015 11:34:46 AM) (Source: volsnap) (EventID: 25) (User: ) Description: Les clichés instantanés du volume C: ont été supprimés car le stockage du cliché instantané n’a pas pu s’agrandir à temps. Réduisez la charge d’E/S sur le système ou choisissez un volume stockage de cliché instantané qui n’est pas mis en cliché instantané. Error: (06/12/2015 08:35:45 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: ) Description: Le microprogramme de la plateforme a endommagé la mémoire lors de la précédente transition d’alimentation du système. Recherchez un microprogramme plus récent à utiliser pour votre système. Error: (06/12/2015 07:50:21 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: ) Description: Le microprogramme de la plateforme a endommagé la mémoire lors de la précédente transition d’alimentation du système. Recherchez un microprogramme plus récent à utiliser pour votre système. Error: (06/12/2015 02:30:27 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: La structure du système de fichiers sur le disque est endommagée et inutilisable. Exécutez l’utilitaire chkdsk sur le volume G:. Error: (06/12/2015 02:30:27 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: La structure du système de fichiers sur le disque est endommagée et inutilisable. Exécutez l’utilitaire chkdsk sur le volume . Error: (06/12/2015 02:26:24 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Les clichés instantanés du volume C: ont été annulés car le stockage du cliché instantané n’a pas pu s’agrandir en raison d’une limite utilisateur. Error: (06/12/2015 02:25:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Le service PEVSystemStart est marqué comme étant interactif. Cependant, le système est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement. Microsoft Office: ========================= Error: (06/13/2015 00:35:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1794666 Error: (06/13/2015 00:35:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1794666 Error: (06/13/2015 00:35:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/12/2015 08:35:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3650 Error: (06/12/2015 08:35:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3650 Error: (06/12/2015 08:35:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/12/2015 08:35:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1669 Error: (06/12/2015 08:35:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1669 Error: (06/12/2015 08:35:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/12/2015 08:10:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1218492 CodeIntegrity Errors: =================================== Date: 2015-06-12 14:24:58.285 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. Date: 2015-06-12 14:24:58.223 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. Date: 2015-06-11 19:30:01.623 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. Date: 2015-06-11 19:30:01.533 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. Date: 2015-06-11 19:29:54.579 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. Date: 2015-06-11 19:29:54.441 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. Date: 2015-06-11 17:45:16.242 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. Date: 2015-06-11 17:45:16.152 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. Date: 2015-06-11 17:45:07.212 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. Date: 2015-06-11 17:45:07.107 Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 21% Total physical RAM: 4095.27 MB Available physical RAM: 3226.81 MB Total Pagefile: 8188.75 MB Available Pagefile: 7002.65 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.52 GB) (Free:8.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:208.92 GB) (Free:38.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76692CA8) Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C) Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=208.9 GB) - (Type=OF Extended) ==================== End of log ============================