Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01 Ran by Mr Miloud at 2015-06-21 21:06:39 Running from C:\Users\Mr Miloud\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrateur (S-1-5-21-1338829758-784535349-197318399-500 - Administrator - Disabled) ASPNET (S-1-5-21-1338829758-784535349-197318399-1002 - Limited - Enabled) Invité (S-1-5-21-1338829758-784535349-197318399-501 - Limited - Disabled) Mr Miloud (S-1-5-21-1338829758-784535349-197318399-1001 - Administrator - Enabled) => C:\Users\Mr Miloud ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1338829758-784535349-197318399-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.) AutoCAD 2008 - English (HKLM-x32\...\AutoCAD 2008 - English) (Version: 17.1.51.0 - Autodesk) AutoCAD 2008 - English (x32 Version: 17.1.51.0 - Autodesk) Hidden AutoCAD 2010 - Français (HKLM\...\AutoCAD 2010 - Français) (Version: 18.0.55.0 - Autodesk) AutoCAD 2010 - Français (Version: 18.0.55.0 - Autodesk) Hidden AutoCAD 2010 Language Pack - Français (Version: 18.0.55.0 - Autodesk) Hidden AutoCAD Civil 3D 2012 (HKLM\...\AutoCAD Civil 3D 2012) (Version: 9.0.1619.0 - Autodesk) AutoCAD Civil 3D 2012 (Version: 9.0.1619.0 - Autodesk) Hidden AutoCAD Civil 3D 2012 32 Bit Object Enabler de Autodesk Content Service - Language Neutral (HKLM-x32\...\{B7742DDB-2194-41D1-8766-9DAF137C1DFD}) (Version: 1619.0 - Autodesk, Inc.) AutoCAD Civil 3D 2012 32 Bit Object Enabler de Autodesk® Storm and Sanitary Analysis 2012 - Language Neutral (HKLM-x32\...\{B8ECFA17-82AD-42DA-8EE0-83DDF483B6B6}) (Version: 1619.0 - Autodesk, Inc.) Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk) Autodesk DWF Viewer 7 (HKLM-x32\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.) Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk) Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk) Autodesk® Storm and Sanitary Analysis 2012 (HKLM-x32\...\{D7926497-E476-489B-B4E9-DBFCA45483A2}) (Version: 6.4.29 - Autodesk, Inc.) Autodesk® Storm and Sanitary Analysis 2012 x64 Plug-in (HKLM\...\{477D0032-A4FC-4F9E-8C74-CBA40B712E88}) (Version: 6.4.29 - Autodesk, Inc.) Avast Premier (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version: - ) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.52 - Conexant) COVADIS (HKLM-x32\...\{D53587CC-A694-461B-BE91-E49B99B42091}) (Version: 17.02.0006 - Géomédia S.A.) FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 French Language Pack (HKLM-x32\...\{9A394342-4A68-4EBA-85A6-55B559F4E700}) (Version: 1.1.4322 - Microsoft) Microsoft Office Professionnel Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual Basic Power Packs 3.0 (HKLM-x32\...\{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}) (Version: 9.0.30214 - Microsoft) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mises à jour NVIDIA 2.4.5.44 (Version: 2.4.5.44 - NVIDIA Corporation) Hidden Module linguistique d'AutoCAD Civil 3D 2012 - Français (Version: 9.0.1619.0 - Autodesk) Hidden Mortal Kombat X (HKLM-x32\...\TW9ydGFsS29tYmF0WA==_is1) (Version: 1 - ) NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation) NVIDIA Pilote 3D Vision 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation) NVIDIA Pilote audio HD : 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA Pilote graphique 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Panneau de configuration NVIDIA 353.06 (Version: 353.06 - NVIDIA Corporation) Hidden PDF Report Writer (novaPDF 6.4 printer) (HKLM\...\PDF Report Writer_is1) (Version: - Softland) PDF to DWG Converter 2015 (HKLM-x32\...\{35A5A640-E86E-42DA-9D6C-691E85CC6DA5}) (Version: - ) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10296 - Realtek Semiconductor Corp.) Sentinel Protection Installer 7.4.0 (HKLM-x32\...\{5A180ED5-0AC1-410A-B790-5E0319CD0A93}) (Version: 7.4.0 - SafeNet, Inc.) SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden Spec Ops The Line (HKLM-x32\...\Spec Ops The Line_is1) (Version: - ) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1338829758-784535349-197318399-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Civil 3D 2012\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1338829758-784535349-197318399-1001_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Civil 3D 2012\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1338829758-784535349-197318399-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Civil 3D 2012\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1338829758-784535349-197318399-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD Civil 3D 2012\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1338829758-784535349-197318399-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD Civil 3D 2012\acadficn.dll (Autodesk, Inc.) ==================== Restore Points ========================= 18-06-2015 19:22:52 DirectX est installé 21-06-2015 20:59:37 Before uninstalling Hotspot Shield 4.15.3 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {150821C6-91E7-4D22-A5B2-63404FE2F4BA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-26] (Microsoft Corporation) Task: {23993685-E671-4DE9-8979-717D0C66D471} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.) Task: {349B9091-A4DB-4050-81EA-729367CADFB2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-06-10] () Task: {5F099800-D82C-407E-B80E-0E634854D74C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {8E20A07F-B221-428A-8354-D96C93528E03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {A53F0B59-CDBA-4FD0-BC64-799F8C342DC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.) Task: {A9BA63AC-7185-484D-B25E-8A5DA74BAF6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.) Task: {F5E1477B-11FF-4CD7-A55D-681D155F7778} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-06-11 00:40 - 2015-05-28 04:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-02-02 13:08 - 2011-02-02 13:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe 2013-09-30 04:06 - 2013-09-30 04:06 - 00012728 _____ () C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe\Microsoft.PerfTrack.winmd 2015-06-12 01:30 - 2015-06-12 01:30 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\46814cd3fb4488be00a1a0d654ba28c9\Windows.Foundation.ni.dll 2015-06-12 01:30 - 2015-06-12 01:30 - 00347136 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\1b6c35238563de0cb93d3ed0826a69a3\Windows.Globalization.ni.dll 2015-06-12 01:30 - 2015-06-12 01:30 - 01782272 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\ef401b4a13d63275f74eea787cb14a48\Windows.ApplicationModel.ni.dll 2015-06-12 01:30 - 2015-06-12 01:30 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\1b9313ac5408d87db8981e315017482d\Windows.System.ni.dll 2015-06-12 01:30 - 2015-06-12 01:30 - 01278464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\d688126e6c503a97ebf1f1531e7c99cd\Windows.Storage.ni.dll 2015-06-12 01:30 - 2015-06-12 01:30 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\b31944a8979a518a2716a6eac4a726d5\Windows.UI.ni.dll 2015-06-12 01:30 - 2015-06-12 01:30 - 01259520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\6961dbfdba394bca6f1588c23bd33cb8\Windows.Networking.ni.dll 2013-09-30 04:06 - 2013-09-30 04:06 - 00016312 _____ () C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe\SqliteWrapper.winmd 2013-09-30 04:06 - 2013-09-30 04:06 - 00485816 _____ () C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe\SqliteWrapper.dll 2013-09-30 04:06 - 2013-09-30 04:06 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.1.177_x64__8wekyb3d8bbwe\Sqlite3.dll 2015-06-12 01:30 - 2015-06-12 01:30 - 00467456 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\f4031c5dbdde97cb4a0c7572cc0d1f29\Windows.Graphics.ni.dll 2013-09-30 04:06 - 2013-09-30 04:06 - 00012728 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe\Microsoft.PerfTrack.winmd 2013-09-30 04:06 - 2013-09-30 04:06 - 00016312 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe\SqliteWrapper.winmd 2013-09-30 04:06 - 2013-09-30 04:06 - 00485816 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe\SqliteWrapper.dll 2013-09-30 04:06 - 2013-09-30 04:06 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe\Sqlite3.dll 2015-06-12 01:30 - 2015-06-12 01:30 - 00632320 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\04e23c4b012c57e52cf592ce741ea1d6\Windows.Security.ni.dll 2015-06-12 01:30 - 2015-06-12 01:30 - 02019840 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Devices\271d406467b9db0758ea399495d00731\Windows.Devices.ni.dll 2015-06-10 23:25 - 2015-06-10 23:25 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-06-10 23:25 - 2015-06-10 23:25 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-06-21 19:55 - 2015-06-21 19:55 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062101\algo.dll 2015-06-17 18:21 - 2015-06-03 21:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-06-10 23:16 - 2015-06-10 23:16 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-06-10 23:59 - 2015-05-22 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-06-10 23:59 - 2015-05-22 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll 2015-06-10 23:59 - 2015-05-22 20:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1338829758-784535349-197318399-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1338829758-784535349-197318399-1001\...\StartupApproved\StartupFolder: => "CovInitEnv.lnk" HKU\S-1-5-21-1338829758-784535349-197318399-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-1338829758-784535349-197318399-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_166AC0A10DEDBBBDE1BD74F6DEF5F7F7" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{2B91ABCF-CD63-4A31-8B7C-08EBADFBE12D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9A00F796-B741-4F76-8795-6096CAD3227C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{C421F5E5-6799-4E59-A71A-AABE44D0BA59}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{6A56575A-7503-45DF-8DF6-7EA4ACBAE23C}] => (Allow) C:\Users\Mr Miloud\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{837CB7C5-BABA-4AAC-81A4-7CD32B389814}] => (Allow) C:\Users\Mr Miloud\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{721D6B43-D6BA-4D2D-96F4-E5786FDBACF4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{FCCB74BD-98FC-420C-B145-191E4FD81CA3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{BDAD9E7B-AA2F-4505-BA79-9DC661F036C6}] => (Allow) C:\Users\Mr Miloud\AppData\Local\Temp\KMSnano\qemu-system-i386.exe FirewallRules: [{6A9D7061-EBF8-46DC-A2FD-61878BCC2B54}] => (Allow) C:\Users\Mr Miloud\AppData\Local\Temp\KMSnano\qemu-system-i386.exe FirewallRules: [{27FB5F56-4427-4149-8802-E091CB116A70}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe FirewallRules: [{605AC404-981B-4CDC-9490-E7F271B9D52F}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe FirewallRules: [{1345D100-3524-4F2D-8147-1AA9656FA856}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe FirewallRules: [{67942AF7-D45E-4368-93BF-F723AC455971}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe FirewallRules: [{CB5A0E9F-2FEB-4BF1-8232-A059453E6355}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{0C3D81C0-9C91-4570-A244-5112185FADD2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{93D1E183-06CC-43FF-9657-C2CE6EF87C12}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{5A8CC362-FF50-4089-B235-F6BF5499356D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D2EF3346-E0F3-4721-AB15-C8CB3C247000}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{D1F0AA01-6067-4889-B48D-187E51546408}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{407DB7CD-9BBB-4461-8A33-6990E1F681C5}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe FirewallRules: [{CA388D13-4D83-49AA-985E-7921F423BB87}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe FirewallRules: [TCP Query User{13FBBB60-896C-413C-946D-5AF59351266E}C:\program files (x86)\call of duty black ops 2\t6zm.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6zm.exe FirewallRules: [UDP Query User{9E286722-37D6-4CD3-88A0-CFCE5E41AA10}C:\program files (x86)\call of duty black ops 2\t6zm.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6zm.exe FirewallRules: [TCP Query User{272A3FB3-8C4B-43B2-A313-C8E8CD236227}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe FirewallRules: [UDP Query User{C9BB0024-F8A8-425F-9B03-493CC8DB95CB}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6sp.exe FirewallRules: [TCP Query User{432057E5-96B8-4223-B9D9-1B64129F6B7E}C:\program files (x86)\call of duty black ops 2\t6mp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6mp.exe FirewallRules: [UDP Query User{5D8FE078-AA39-4D71-8418-1EF847C17FBE}C:\program files (x86)\call of duty black ops 2\t6mp.exe] => (Allow) C:\program files (x86)\call of duty black ops 2\t6mp.exe ==================== Faulty Device Manager Devices ============= Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/21/2015 08:55:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba) Description: Échec de l’activation de l’application Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (06/21/2015 08:55:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Toshiba) Description: L’application Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe+AppexHealthAndFitness n’a pas été lancée dans le délai qui lui était imparti. Error: (06/21/2015 06:42:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/21/2015 05:12:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme wwahost.exe version 6.3.9600.16431 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : ffc Heure de début : 01d0ac45497f3b5e Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Windows\system32\wwahost.exe ID de rapport : 96420246-1838-11e5-8262-e89a8fb441a8 Nom complet du package défaillant : microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : Microsoft.WindowsLive.Calendar Error: (06/21/2015 05:11:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba) Description: Échec de l’activation de l’application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (06/21/2015 05:11:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Toshiba) Description: L’application microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Calendar n’a pas été lancée dans le délai qui lui était imparti. Error: (06/21/2015 04:23:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante WSCommCntr3.exe, version : 3.2.23.0, horodatage : 0x4d2786b8 Nom du module défaillant : ntdll.dll, version : 6.3.9600.16502, horodatage : 0x52c359e8 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000004bb96 ID du processus défaillant : 0xa90 Heure de début de l’application défaillante : 0xWSCommCntr3.exe0 Chemin d’accès de l’application défaillante : WSCommCntr3.exe1 Chemin d’accès du module défaillant: WSCommCntr3.exe2 ID de rapport : WSCommCntr3.exe3 Nom complet du package défaillant : WSCommCntr3.exe4 ID de l’application relative au package défaillant : WSCommCntr3.exe5 Error: (06/20/2015 04:34:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante delegate_execute.exe, version : 43.0.2357.124, horodatage : 0x5571b8e8 Nom du module défaillant : delegate_execute.exe, version : 43.0.2357.124, horodatage : 0x5571b8e8 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0002a51b ID du processus défaillant : 0xdc4 Heure de début de l’application défaillante : 0xdelegate_execute.exe0 Chemin d’accès de l’application défaillante : delegate_execute.exe1 Chemin d’accès du module défaillant: delegate_execute.exe2 ID de rapport : delegate_execute.exe3 Nom complet du package défaillant : delegate_execute.exe4 ID de l’application relative au package défaillant : delegate_execute.exe5 Error: (06/20/2015 00:59:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante fbw.exe, version : 4.8.0.27531, horodatage : 0x54d17a92 Nom du module défaillant : Flash.ocx, version : 18.0.0.160, horodatage : 0x5565171f Code d’exception : 0xc0000005 Décalage d’erreur : 0x007c1c6c ID du processus défaillant : 0x2194 Heure de début de l’application défaillante : 0xfbw.exe0 Chemin d’accès de l’application défaillante : fbw.exe1 Chemin d’accès du module défaillant: fbw.exe2 ID de rapport : fbw.exe3 Nom complet du package défaillant : fbw.exe4 ID de l’application relative au package défaillant : fbw.exe5 Error: (06/19/2015 11:13:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme NOTEPAD.EXE version 6.3.9600.16384 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 17ac Heure de début : 01d0aa80f73eead5 Heure de fin : 0 Chemin d’accès de l’application : C:\Windows\system32\NOTEPAD.EXE ID de rapport : 3ea6bbcf-1674-11e5-8260-e89a8fb441a8 Nom complet du package défaillant : ID de l’application relative au package défaillant : System errors: ============= Error: (06/21/2015 09:00:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Hotspot Shield Monitoring Service s’est terminé de façon inattendue pour la 1ème fois. Error: (06/21/2015 09:00:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Hotspot Shield Service s’est terminé de façon inattendue pour la 1ème fois. Error: (06/21/2015 08:56:03 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT) Description: 1053AvastVBoxSvcNon disponible{F319F1B8-7587-4146-AF9C-0D6D77819BF1} Error: (06/21/2015 08:56:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service AvastVBox COM Service n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (06/21/2015 08:56:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service AvastVBox COM Service. Error: (06/21/2015 08:54:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: AUTORITE NT) Description: Le module d’extensibilité WLAN n’a pas pu démarrer. Chemin d’accès du module : C:\Windows\system32\Rtlihvs.dll Code d’erreur : 126 Error: (06/21/2015 08:54:05 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: AUTORITE NT) Description: Le temporisateur de surveillance du système a été déclenché. Error: (06/21/2015 08:54:21 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: L’arrêt système précédant à 20:52:35 le ‎21/‎06/‎2015 n’était pas prévu. Error: (06/21/2015 09:18:34 AM) (Source: DCOM) (EventID: 10010) (User: Toshiba) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (06/21/2015 09:17:57 AM) (Source: DCOM) (EventID: 10010) (User: Toshiba) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office: ========================= Error: (06/21/2015 08:55:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba) Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927142 Error: (06/21/2015 08:55:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Toshiba) Description: Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe+AppexHealthAndFitness Error: (06/21/2015 06:42:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/21/2015 05:12:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.16431ffc01d0ac45497f3b5e4294967295C:\Windows\system32\wwahost.exe96420246-1838-11e5-8262-e89a8fb441a8microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Calendar Error: (06/21/2015 05:11:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Toshiba) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar-2144927142 Error: (06/21/2015 05:11:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Toshiba) Description: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Calendar Error: (06/21/2015 04:23:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: WSCommCntr3.exe3.2.23.04d2786b8ntdll.dll6.3.9600.1650252c359e8c0000005000000000004bb96a9001d0abd9f4ecda94C:\Program Files\Common Files\Autodesk Shared\WSCommCntr3\lib\WSCommCntr3.exeC:\Windows\SYSTEM32\ntdll.dll330e3aeb-17cd-11e5-8262-e89a8fb441a8 Error: (06/20/2015 04:34:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: delegate_execute.exe43.0.2357.1245571b8e8delegate_execute.exe43.0.2357.1245571b8e8c00000050002a51bdc401d0ab1254dcb160C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\delegate_execute.exe988c73bc-1705-11e5-8262-e89a8fb441a8 Error: (06/20/2015 00:59:27 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: fbw.exe4.8.0.2753154d17a92Flash.ocx18.0.0.1605565171fc0000005007c1c6c219401d0aaf3d16fecbeC:\Program Files (x86)\Hotspot Shield\bin\fbw.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx993470da-16e7-11e5-8260-e89a8fb441a8 Error: (06/19/2015 11:13:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: NOTEPAD.EXE6.3.9600.1638417ac01d0aa80f73eead50C:\Windows\system32\NOTEPAD.EXE3ea6bbcf-1674-11e5-8260-e89a8fb441a8 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentage of memory in use: 34% Total physical RAM: 8173.86 MB Available physical RAM: 5369.58 MB Total Pagefile: 16365.86 MB Available Pagefile: 13094.42 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:464.44 GB) (Free:215.46 GB) NTFS Drive e: (anti viruse) (Fixed) (Total:0.98 GB) (Free:0.72 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 241C6624) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=999 MB) - (Type=07 NTFS) ==================== End of log ============================