Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015 Ran by Liliane at 2015-07-14 10:23:20 Running from C:\Users\Liliane\Downloads\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrateur (S-1-5-21-2352873010-755456628-1777688380-500 - Administrator - Disabled) Invité (S-1-5-21-2352873010-755456628-1777688380-501 - Limited - Disabled) Liliane (S-1-5-21-2352873010-755456628-1777688380-1000 - Administrator - Enabled) => C:\Users\Liliane ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software) calibre (HKLM\...\{5A119A69-9ACD-4287-97FB-1EC30DE71459}) (Version: 2.31.0 - Kovid Goyal) Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - ) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - ) Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version: - ) Canon MP490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) Cisco EAP-FAST Module (HKLM\...\{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}) (Version: 2.2.9 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{934B3B19-8193-467A-B356-E73F82647D38}) (Version: 1.0.15 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{BAD1449B-DF0C-4118-B76D-68C54009576C}) (Version: 1.1.2 - Cisco Systems, Inc.) Complément Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Configuration DivX (HKLM\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Enregistrement utilisateur de Canon MP490 series (HKLM\...\Enregistrement utilisateur de Canon MP490 series) (Version: - ) FileZilla Client 3.11.0.1 (HKLM\...\FileZilla Client) (Version: 3.11.0.1 - Tim Kosse) Free Audio Editor v7.9.4 (HKLM\...\Free Audio Editor_is1) (Version: - FreeAudioStudio Inc.) Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Lab Inc.) Free YouTube Download version 3.2.59.616 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.59.616 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.59.525 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.525 - DVDVideoSoft Ltd.) Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Join Me (HKLM\...\{91719435-F4B9-4D21-814D-7C66959DB632}) (Version: 1.0.0 - ZTE) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Ma-Config.com (HKLM\...\{A4EF9D8B-E19B-45ED-BFAF-CB4364574FFF}) (Version: 5.1.076 - Cybelsoft) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM\...\{9085040C-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Module de compatibilité pour Microsoft Office System 2007 (HKLM\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Module linguistique Microsoft .NET Framework 3.5 SP1- fra (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - fra) (Version: - Microsoft Corporation) OpenOffice 4.1.1 (HKLM\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation) PhotoFiltre 7 (HKU\S-1-5-21-2352873010-755456628-1777688380-1000\...\PhotoFiltre 7) (Version: - ) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Visionneuse Microsoft PowerPoint (HKLM\...\{95140000-00AF-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Live (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) ZHPFix 2015 (HKLM\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2352873010-755456628-1777688380-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation) ==================== Restore Points ========================= 10-06-2015 13:58:58 Windows Update 17-06-2015 07:36:24 Windows Update 23-06-2015 08:33:59 Windows Update 26-06-2015 18:25:33 Installed calibre 27-06-2015 07:08:45 Windows Update 01-07-2015 07:15:24 Windows Update 08-07-2015 07:30:24 Windows Update 11-07-2015 07:28:35 Windows Update 14-07-2015 08:28:54 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2011-10-03 17:00 - 00437632 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {25E78E2F-DEF9-46E0-B206-69619A5F5144} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-18] (Google Inc.) Task: {37747ABF-94AB-4EA9-BD2C-CDF759D2CB56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated) Task: {5DAE90B5-3E65-4831-980B-C9F8F67C7DF2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.) Task: {94B5DDED-33E1-480F-A1C4-F325ECBC4F63} - System32\Tasks\{818A84DE-D0F9-4153-8FF7-7CC5C0E1B5C7} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.187&LastError=12002 Task: {A500C359-F433-4A51-B807-0A62C3BB1840} - System32\Tasks\Amazon Music Helper => C:\Users\Liliane\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe Task: {AB733EF0-65CC-4934-BF6D-103877E857F7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Liliane => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {BE52AF5B-FC38-4798-B6DB-15889AC28042} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd) Task: {DF824504-9321-4AAE-B359-0134AC7C934A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-18] (Google Inc.) Task: {FF25FE95-2D34-43B8-976B-8F62D7FBD94F} - System32\Tasks\{B1F6E3FA-4DC1-42AD-9F74-9EEEA49285AD} => pcalua.exe -a "C:\Program Files\Free Youtube Downloader\uninst.exe" Task: {FF61BF89-9930-4FF9-BBC1-4DF247B200AE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-04-28 18:57 - 2015-04-28 18:57 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-04-28 18:57 - 2015-04-28 18:57 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-07-13 19:29 - 2015-07-13 19:29 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071301\algo.dll 2015-05-22 16:46 - 2015-05-22 16:46 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2011-10-06 21:14 - 2009-02-10 18:01 - 00116104 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE 2015-04-28 18:57 - 2015-04-28 18:58 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-04-24 18:33 - 2013-04-24 18:33 - 00397632 _____ () C:\Users\Liliane\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2015-06-01 19:28 - 2015-06-01 19:28 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7690 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2352873010-755456628-1777688380-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Liliane\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg DNS Servers: 212.27.40.241 - 212.27.40.240 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => MSCONFIG\startupreg: CanalPlayerHelper => MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: Hoolapp Android => MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{9DB53F8A-B9D0-415E-B728-D0A675C4586B}] => (Allow) LPort=48113 FirewallRules: [{33444F39-D2EA-4C45-8279-1B0620F73EFC}] => (Allow) LPort=48113 FirewallRules: [{AED9176E-7F9A-4B4D-AAD6-207FE057D62F}] => (Allow) C:\Program Files\ma-config.com\maconfservice.exe FirewallRules: [{3E8B1DD1-756D-4A01-B967-A2AB3B545D44}] => (Allow) C:\Program Files\ma-config.com\maconfservice.exe FirewallRules: [{8810AD27-0966-4439-9CAF-E5735C367EE3}] => (Allow) LPort=80 FirewallRules: [{4B2F8151-A086-4DE8-BB1D-9493A627B599}] => (Allow) LPort=80 FirewallRules: [{7FF64281-51A6-4B59-B82D-B0C1777588C9}] => (Allow) LPort=80 FirewallRules: [TCP Query User{D086610A-1771-47F6-AD3E-34E1CEEFA475}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{0A325B27-9302-4044-8F71-97440DC8FB1E}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [{39466C4D-BB6F-44D3-933A-1E697F94018C}] => (Allow) LPort=21 FirewallRules: [{8978EA4E-0794-44F0-96CC-3E7018B5DB9B}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{F6AEBDB7-8F64-4135-82A6-3D943CF7B0E4}] => (Allow) LPort=2869 FirewallRules: [{A6CD6455-2AA5-4942-A8FE-CFF4F6B83A0D}] => (Allow) LPort=1900 FirewallRules: [{AAF148C3-AD5B-4F7D-9FF5-71A5304290EB}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{C006805B-C26C-40CE-95FA-287EDE050750}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe FirewallRules: [TCP Query User{E163D2CF-FAFA-4E25-92E9-AA7CDBE1D9F5}C:\program files\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files\divx\divx media server\divxmediaserver.exe FirewallRules: [UDP Query User{548A0748-75E3-4726-8640-5972AD49B42D}C:\program files\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files\divx\divx media server\divxmediaserver.exe FirewallRules: [TCP Query User{A8F6C40E-1558-45C8-9B4E-B0E529CD6727}C:\program files\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files\divx\divx media server\divxmediaserver.exe FirewallRules: [UDP Query User{5F2796AC-716A-4212-985F-7F9143B3B088}C:\program files\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files\divx\divx media server\divxmediaserver.exe FirewallRules: [{846CA07E-0130-4333-A74D-DFCD771C1AED}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{8569FE5A-FCAF-412F-9795-2CCCD79DD145}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{A368834B-9817-4D11-B320-2DD55A8352C0}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{E023B719-8843-4266-A2FA-AEF1968C8E39}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{73D47954-921B-4EB7-B25D-0448187F0853}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [TCP Query User{FC6427D3-F8EC-4587-9304-0D77CBADA026}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{530A578B-86DC-4D1C-814B-273B89D71BA4}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [{575DD967-E461-4333-A641-7B57CA306611}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: 6TO4 Adapter Description: Carte Microsoft 6to4 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/14/2015 08:19:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 10:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 08:15:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 05:31:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 02:58:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 12:27:49 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4 Error: (07/13/2015 12:27:47 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (07/13/2015 12:27:45 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4 Error: (07/13/2015 12:27:45 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\system32\Secur32.dll4 Error: (07/13/2015 12:27:45 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\Windows\system32\esentprf.dll4 System errors: ============= Error: (07/14/2015 08:19:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: VBoxAsw Support Driver%%3 Error: (07/14/2015 08:18:44 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: AUTORITE NT) Description: 2147942402 Error: (07/13/2015 10:21:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: VBoxAsw Support Driver%%3 Error: (07/13/2015 10:20:43 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: AUTORITE NT) Description: 2147942402 Error: (07/13/2015 08:15:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: VBoxAsw Support Driver%%3 Error: (07/13/2015 08:14:20 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: AUTORITE NT) Description: 2147942402 Error: (07/13/2015 05:31:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: VBoxAsw Support Driver%%3 Error: (07/13/2015 05:30:28 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: AUTORITE NT) Description: 2147942402 Error: (07/13/2015 02:58:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: VBoxAsw Support Driver%%3 Error: (07/13/2015 02:58:04 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: AUTORITE NT) Description: 2147942402 Microsoft Office: ========================= Error: (07/14/2015 08:19:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 10:21:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 08:15:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 05:31:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 02:58:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2015 12:27:49 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4 Error: (07/13/2015 12:27:47 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (07/13/2015 12:27:45 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4 Error: (07/13/2015 12:27:45 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\system32\Secur32.dll4 Error: (07/13/2015 12:27:45 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\Windows\system32\esentprf.dll4 CodeIntegrity Errors: =================================== Date: 2015-07-14 10:22:47.365 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2015-07-14 10:22:46.302 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2015-07-14 10:22:45.444 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2015-07-14 10:22:44.648 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2015-07-14 10:18:41.614 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2015-07-14 10:18:41.014 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2015-07-14 10:18:40.249 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2015-07-14 10:18:39.546 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2015-07-14 09:02:46.260 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2015-07-14 09:02:45.618 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz Percentage of memory in use: 86% Total physical RAM: 1525.25 MB Available physical RAM: 208.81 MB Total Virtual: 3304.3 MB Available Virtual: 1593.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:62.82 GB) (Free:16.2 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:201.75 GB) NTFS Drive f: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:206.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 1E01DFB9) Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27) Partition 2: (Active) - (Size=62.8 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 298.1 GB) (Disk ID: B2C8268D) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (Size: 298.1 GB) (Disk ID: A4B57300) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS) ==================== End of log ============================