Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015 Ran by Yassine at 2015-07-17 15:28:35 Running from C:\Users\Yassine\Contacts\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrateur (S-1-5-21-1037290572-1634978092-644388079-500 - Administrator - Disabled) Invité (S-1-5-21-1037290572-1634978092-644388079-501 - Limited - Disabled) Yassine (S-1-5-21-1037290572-1634978092-644388079-1000 - Administrator - Enabled) => C:\Users\Yassine ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.) 50COuponns (HKLM\...\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}) (Version: - "") <==== ATTENTION Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) AdPunisher (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - AdPunisher) <==== ATTENTION aDsy (HKLM\...\{FE8CAC5A-416E-25AB-CA78-CA001CE2BFFB}) (Version: - "") <==== ATTENTION Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Assistant (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}) (Version: - Verified Publisher) <==== ATTENTION BestSuAveFoRRYouu (HKLM\...\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}) (Version: - "") <==== ATTENTION Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Bueno Chrome Toolbar (HKLM\...\Bueno Chrome Toolbar) (Version: - BuenoSearch) <==== ATTENTION Cheat Engine 6.1 (HKLM\...\Cheat Engine 6.1_is1) (Version: - Dark Byte) CodeBlocks (HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\CodeBlocks) (Version: 10.05 - The Code::Blocks Team) Craigslist (HKLM\...\{C8AAF59A-6BAA-F68B-9470-A856460A8093}) (Version: - "") <==== ATTENTION CyberLink YouCam 5 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DigiaSaver (HKLM\...\{7223EDAC-E091-B3C1-BD91-B66CE557800F}) (Version: - "") <==== ATTENTION Dislike Button (HKLM\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version: - "") <==== ATTENTION DowNSaave (HKLM\...\{AF992111-52BE-832B-5882-8477E4A3C99A}) (Version: - "") <==== ATTENTION EZDownloader (HKLM\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION FL Studio 11 (HKLM\...\FL Studio 11) (Version: - Image-Line) fleex player 2.0.0 (HKLM\...\fleex player) (Version: 2.0.0 - Fleex SAS) FlowStone FL 3.0 (HKLM\...\FlowStone) (Version: - ) Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation) FTDownloader (HKLM\...\1ClickDownload) (Version: 2.1 Build 26473 - FTDownloader.com) <==== ATTENTION Galerie de photos (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Good Guitar (HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\{9563BC59-9556-4805-8CD4-886781779D8D}) (Version: 1.1.8 - Extension Logo corp) Google Chrome (HKLM\...\{879FC63D-310A-3526-B4F4-D7139F94D7A6}) (Version: 66.77.16518 - Google, Inc.) Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden GooSave (HKLM\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version: 1.1.0.1274 - ) <==== ATTENTION GreatSaVe4U (HKLM\...\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}) (Version: - "") <==== ATTENTION Hapappy2Save (HKLM\...\{E957849A-94AC-6F46-4623-C31474E3C170}) (Version: - "") <==== ATTENTION HDM Connection Manager (HKLM\...\HDM Connection Manager) (Version: 16.001.05.06.649 - Huawei Technologies Co.,Ltd) IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version: - Image-Line) Internet Mobile+ (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation) Isaver (HKLM\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version: - Iesaver) <==== ATTENTION iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.) JonICoupoN (HKLM\...\{51417852-174C-88D4-34A0-D0FE7858BE47}) (Version: - "") <==== ATTENTION Jump Flip (HKLM\...\Jump Flip) (Version: 2014.01.06.192505 - Jump Flip) <==== ATTENTION Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Magnifier for Facebook (HKLM\...\{B81F9CCF-7FCD-416F-893F-5EAA65087A58}) (Version: - "") <==== ATTENTION McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-040C-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.51204.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) MiniMuMPrricee (HKLM\...\{CA1838EF-A497-194E-3850-37A62CEE398B}) (Version: - MinimuMPriCe) <==== ATTENTION Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Module linguistique Microsoft .NET Framework 4 Extended FRA (HKLM\...\Microsoft .NET Framework 4 Extended FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.) (HKLM\...\ilividmoviestoolbar20FF) (Version: 2.0.0.0 - IAC Search and Media) <==== ATTENTION Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM\...\ilividmoviestoolbar20IE) (Version: 2.0.0.0 - IAC Search and Media) <==== ATTENTION Mozilla Firefox 39.0 (x86 fr) (HKLM\...\Mozilla Firefox 39.0 (x86 fr)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla) MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION Opera Stable 30.0.1835.125 (HKLM\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software) Radio Canyon (HKLM\...\Radio Canyon) (Version: 1.35.9.29 - Radio Canyon) <==== ATTENTION! RainddomPrice (HKLM\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version: - "") <==== ATTENTION Registry Reviver (HKLM\...\Registry Reviver) (Version: 3.0.1.144 - ReviverSoft LLC) SAGEM F@st 800-840 (HKLM\...\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}) (Version: 4.06.000 - SAGEM) scilab-5.4.1 (HKLM\...\scilab-5.4.1_is1) (Version: - Scilab Enterprises) Search App by Ask (HKLM\...\{4254522D-5350-006A-76A7-A75C790C1D00}) (Version: 12.29.0.1481 - APN, LLC) <==== ATTENTION Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Super Ad Blocker (HKLM\...\{F8BA8B13-856D-4DFB-A28F-7EC868142453}) (Version: 4.6.0.1000 - SuperAdBlocker.com) TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team) TinEye Reverse Image Search old version (HKLM\...\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}) (Version: - "") Torch (HKU\S-1-5-21-1037290572-1634978092-644388079-1000\...\Torch) (Version: 42.0.0.9883 - Torch Media, Inc) <==== ATTENTION TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.88 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities 2014) (Version: 14.0.1000.88 - TuneUp Software) TuneUp Utilities 2014 (Version: 14.0.1000.88 - TuneUp Software) Hidden USB Disk Win98 Driver (HKLM\...\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}) (Version: - ) VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN) weeBsavee (HKLM\...\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}) (Version: 4.3.0.1667 - Weebsave) Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Live (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.00 (32 bits) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WS-Booster (HKLM\...\S-975730335) (Version: 1.2.0.1509 - PremiumSoft) <==== ATTENTION YoutubeAdblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 2.3.0.1483 - YoutubeAdblocker) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1037290572-1634978092-644388079-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Yassine\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1037290572-1634978092-644388079-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1037290572-1634978092-644388079-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Yassine\AppData\Local\Torch\Application\42.0.0.9883\delegate_execute.exe (The Chromium Authors) CustomCLSID: HKU\S-1-5-21-1037290572-1634978092-644388079-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Yassine\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1037290572-1634978092-644388079-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1037290572-1634978092-644388079-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1037290572-1634978092-644388079-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1037290572-1634978092-644388079-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Yassine\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\FileSyncApi.dll (Microsoft Corporation) ==================== Restore Points ========================= 17-07-2015 05:01:54 Installed Windows 7 USB/DVD Download Tool 17-07-2015 05:26:47 Installed Windows 7 USB/DVD Download Tool ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {145F97D7-FCC8-4AA3-AD8F-45238F2648F5} - System32\Tasks\{F41DC4C4-A6AE-49D8-87F4-EA3C9DEEB31C} => Firefox.exe http://ui.skype.com/ui/0/6.18.0.106/fr/abandoninstall?source=lightinstaller&page=tsInstall Task: {163A5D21-B5B8-44CA-9DC0-D56E0670907C} - System32\Tasks\WS-Booster-S-975730335 => c:\programdata\right soft\ws-booster\WS-Booster.exe [2014-03-04] () <==== ATTENTION Task: {39EFDC4D-A7D6-4075-BD48-45386371058B} - System32\Tasks\Opera scheduled Autoupdate 1437054661 => C:\Program Files\Opera\launcher.exe [2015-07-10] (Opera Software) Task: {3AC9637F-6A5C-48DE-AF4E-AB5692F45FC7} - System32\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-2 => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-2.exe [2014-11-18] (Radio Canyon) <==== ATTENTION Task: {3BD36F13-7882-43AF-8559-B12D8AF3CF09} - System32\Tasks\GoogleUpdateTaskMachineUA1cecf69dfcb58fe => C:\Program Files\Google\Update\GoogleUpdate.exe Task: {3CFDA8C1-1E3F-40DE-A86D-BF8BA592B0FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {455F43F2-DCAB-486A-913D-9D1FFEDAB1E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {4F62475A-30CC-44DF-9E8F-636C9ACBD471} - System32\Tasks\VideoMet => C:\Users\Yassine\AppData\Roaming\VideoMet\vidmet.exe [2015-03-02] (Video Landscape) Task: {52C11216-D481-435B-9E1D-E64653C4B41D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-11-18] (globalUpdate) <==== ATTENTION Task: {54193948-2066-405D-ADDE-6E9486685778} - System32\Tasks\{6B690601-0942-4081-B963-AE229855BA01} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12007 Task: {5573CE10-B85B-463F-8DB7-881FE04B3D60} - System32\Tasks\{82EE3C17-B2A9-42DC-B9EF-5F3129BD632F} => Firefox.exe Task: {56D9DEDE-B516-47F3-8B12-6553382017E4} - System32\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-5_user => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-5.exe [2014-11-18] (Radio Canyon) <==== ATTENTION Task: {5A50C64A-FC94-4A53-8B91-F2B1396BA55C} - System32\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-7 => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-7.exe [2014-11-18] (Radio Canyon) <==== ATTENTION Task: {635D028F-2EAE-4B6B-9BA9-E05C35DF1D96} - System32\Tasks\{8A0C1D4E-0D49-4F23-A38A-06900C555468} => Firefox.exe http://ui.skype.com/ui/0/7.3.0.101/fr/abandoninstall?page=tsMain Task: {639FF05E-829C-4D53-AA6A-EA48BB52F3AF} - System32\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-11 => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-11.exe [2014-11-18] (Radio Canyon) <==== ATTENTION Task: {6B2E0895-E5FA-423B-B880-CCBDF347B69F} - System32\Tasks\ShdUpdate => C:\Users\Yassine\AppData\Local\ShdUpdate\shupd.exe [2015-04-27] (Visual Tools) Task: {7A8BFACD-E70C-4798-BA9D-E7E81340659C} - System32\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-4 => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-4.exe [2014-11-18] (Radio Canyon) <==== ATTENTION Task: {7AA204F3-0773-4720-BEDD-FDA404E736AD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-16] (Adobe Systems Incorporated) Task: {80B70CC9-DE9D-4E66-AE7C-004167EE708B} - System32\Tasks\Good Guitar => Rundll32.exe "C:\Users\Yassine\AppData\Local\Good Guitar\Bin\GoodGuitar.dll",#3 Task: {89295BD1-E58F-4A34-BE2D-A93E2F872699} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated) Task: {8A1D9635-C7A6-4DA6-85E1-49FBF2BF1F67} - System32\Tasks\green_game_updating_service => C:\Program Files\green game\green_game_updating_service.exe [2015-04-02] () <==== ATTENTION Task: {9847CBA8-58DC-443A-8FEF-6B8CCA0F06B7} - System32\Tasks\Start Registry Reviver for Yassine-PC@Yassine(logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2013-11-15] (ReviverSoft LLC) Task: {A08C4477-98A9-48B2-A550-4B35AC010AEC} - System32\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-6 => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-6.exe [2014-11-18] (Radio Canyon) <==== ATTENTION Task: {AF650979-531B-46F5-A270-E445869F4C14} - System32\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-5 => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-5.exe [2014-11-18] (Radio Canyon) <==== ATTENTION Task: {B2D1551F-3580-431B-A464-3BB7138375F6} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-11-18] (globalUpdate) <==== ATTENTION Task: {BC3258A7-0980-4429-A375-A37A081F6BC1} - System32\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-1 => C:\Program Files\Radio Canyon\Radio Canyon-codedownloader.exe [2014-11-18] (Radio Canyon) <==== ATTENTION Task: {D0BA1DB1-8656-40C1-BCB4-7A73AC7CA70A} - System32\Tasks\monster_shopping_helper_service => C:\Program Files\Monster Shopping\monster_shopping_helper_service.exe [2015-05-28] () Task: {D55E2466-F677-4CD8-ABCC-BDFFEF648032} - System32\Tasks\{12377B81-4BF9-4DDA-98E6-CD90C98C2023} => Firefox.exe http://ui.skype.com/ui/0/6.18.0.106/fr/abandoninstall?source=lightinstaller&page=tsPlugin Task: {DF243A4A-1873-4F5F-8E41-DD20E851C392} - System32\Tasks\{038C3BCB-9D21-47D4-8043-AFB4C03D7988} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {E3D80D7C-9498-4677-8C57-B698249F3CF8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2013-08-29] (TuneUp Software) Task: {F0948083-00D6-49EE-AD36-66D90A8FF8AE} - System32\Tasks\green_game_notification_service => C:\Program Files\green game\green_game_notification_service.exe [2015-04-02] (FileProperties_CompanyName) <==== ATTENTION Task: {FBECB683-8B93-45AA-B835-F6B52194376E} - System32\Tasks\EPUpdater => C:\Users\Yassine\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-1.job => C:\Program Files\Radio Canyon\Radio Canyon-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-11.job => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-11.exe <==== ATTENTION Task: C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-2.job => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-2.exe <==== ATTENTION Task: C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-4.job => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-4.exe <==== ATTENTION Task: C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-5.job => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-5.exe <==== ATTENTION Task: C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-5_user.job => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-5.exe <==== ATTENTION Task: C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-6.job => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-6.exe <==== ATTENTION Task: C:\Windows\Tasks\ef6770f8-492d-45ab-b690-9f1bc807d37e-7.job => C:\Program Files\Radio Canyon\ef6770f8-492d-45ab-b690-9f1bc807d37e-7.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cecf69dfcb58fe.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\green_game_notification_service.job => C:\Program Files\green game\green_game_notification_service.exeǦ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='green game' /appid='73143' /srcid='2913' /bic='b239e928cdd2668ad5226687e3cde9b0' /verifier='6c94a319b4e9ae30aa3e0e133f215f62' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION Task: C:\Windows\Tasks\green_game_updating_service.job => C:\Program Files\green game\green_game_updating_service.exe« /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=green_game_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION Task: C:\Windows\Tasks\monster_shopping_helper_service.job => C:\Program Files\Monster Shopping\monster_shopping_helper_service.exe Task: C:\Windows\Tasks\Start Registry Reviver for Yassine-PC@Yassine(logon).job => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe Task: C:\Windows\Tasks\WS-Booster-S-975730335.job => c:\programdata\right soft\ws-booster\WS-Booster.exeH/schedule /profile c:\programdata\right soft\ws-booster\975730335.ini <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2014-03-29 11:44 - 2014-04-06 11:43 - 00177488 _____ () c:\ProgramData\Assistant\AssistantSvc.dll 2014-04-06 11:43 - 2014-04-06 11:43 - 04224000 _____ () c:\ProgramData\Assistant\Assistant.dll 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2006-11-07 11:58 - 2006-11-07 11:58 - 00057344 _____ () C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabmsghk.dll 2015-07-15 16:44 - 2015-07-15 16:44 - 00045056 _____ () C:\Users\Yassine\AppData\Local\Good Guitar\Bin\GoodGuitar.dll 2015-07-15 16:44 - 2015-07-15 16:44 - 00011776 _____ () C:\Users\Yassine\AppData\Local\Good Guitar\Bin\onxhbr.dll 2014-03-04 00:04 - 2014-03-04 00:04 - 00729600 _____ () c:\programdata\right soft\ws-booster\WS-Booster.exe 2015-05-28 15:01 - 2015-05-28 15:01 - 00191696 _____ () C:\Program Files\Monster Shopping\monster_shopping_helper_service.exe 2015-06-10 21:54 - 2015-06-10 21:54 - 08016059 _____ () C:\Program Files\Itchy Church\Itchy Church.exe 2013-08-29 12:08 - 2013-08-29 12:08 - 00501560 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll 2014-10-21 00:08 - 2011-03-15 12:30 - 00261456 _____ () C:\Program Files\Internet Mobile+\AssistantServices.exe 2014-01-06 19:32 - 2014-05-17 02:03 - 00317728 _____ () C:\Program Files\Jump Flip\updateJumpFlip.exe 2014-10-21 00:08 - 2011-03-15 12:30 - 00139088 _____ () C:\Program Files\Internet Mobile+\UIExec.exe 2014-11-13 09:59 - 2014-11-13 09:58 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll 2014-11-13 09:59 - 2014-11-13 09:57 - 00060928 _____ () C:\Program Files\MyPC Backup\LinqBridge.dll 2014-11-13 09:59 - 2014-11-13 09:57 - 00270336 _____ () C:\Program Files\MyPC Backup\AlphaFS.dll 2015-07-16 13:51 - 2015-07-10 13:44 - 01649272 _____ () C:\Program Files\Opera\30.0.1835.125\libglesv2.dll 2015-07-16 13:51 - 2015-07-10 13:44 - 00081016 _____ () C:\Program Files\Opera\30.0.1835.125\libegl.dll 2015-07-16 13:55 - 2015-07-16 14:02 - 16307888 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer32_18_0_0_209.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1037290572-1634978092-644388079-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Yassine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [{2484D6A6-592F-4F78-A499-C3178D9956F9}] => (Allow) C:\Users\Yassine\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{CD9F0E5A-34AE-4BE9-8D01-1F2ECCFE4C5D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{D9EFBB22-DF0E-47A6-BC15-2F7CA2C354F2}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{EF5BA241-DD4F-4D96-88EF-64F64BB0D56D}] => (Allow) LPort=2869 FirewallRules: [{6B30C5B7-1D84-49FE-8827-33A5C9051A4A}] => (Allow) LPort=1900 FirewallRules: [{04B0322E-7BE8-42D2-A3D9-42F9A614FA4E}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{9B5E52B8-3BC4-46D3-AAC6-7E92799D7499}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe FirewallRules: [{8C52B440-86FA-4D32-8636-9A14094A1083}] => (Allow) C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe FirewallRules: [{FB900ACF-8445-4CAF-9C45-D46DD927B0A5}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{76452982-692F-4142-9649-6C0D146E0ACD}] => (Allow) C:\Users\Yassine\AppData\Local\Torch\Application\torch.exe FirewallRules: [{1E2EBF2F-9123-45D1-8909-B7CF3F709149}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{542325A3-7D78-4CAF-BC1F-CFEFD032B3F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A6ACAADB-E0EF-46DC-A0E9-CD8E86BE35DD}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{83C36C77-B0E8-4BA1-977E-3728D19AF66A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4637C171-BDC7-4445-9109-406CD00BE919}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{40A8828F-6A37-4336-943C-100ECC609323}C:\users\yassine\appdata\local\torch\plugins\hola\hola_plugin.exe] => (Block) C:\users\yassine\appdata\local\torch\plugins\hola\hola_plugin.exe FirewallRules: [UDP Query User{B3B10F3B-5FE2-44A5-858D-5B6D8C5D16EB}C:\users\yassine\appdata\local\torch\plugins\hola\hola_plugin.exe] => (Block) C:\users\yassine\appdata\local\torch\plugins\hola\hola_plugin.exe FirewallRules: [{DFD7FD4C-5A01-48B2-9C1F-A73B91A7F56C}] => (Allow) C:\Users\Yassine\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C672838C-BC5B-48C4-B9D6-05482C34F250}] => (Allow) C:\Users\Yassine\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{2B9E3A08-8693-403B-A9C0-C08958FD3BD3}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{A02642AA-0606-4589-95EB-AB46F0C8F15E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{2F63794B-80B9-4809-B8AD-641FEC88FE10}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft Teredo Tunneling Adapter Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/17/2015 03:27:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme FRST.exe version 12.7.2015.1 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : a38 Heure de début : 01d0c0a4ced1d11d Heure de fin : 8 Chemin d’accès de l’application : C:\Users\Yassine\Contacts\Desktop\FRST.exe ID de rapport : Error: (07/17/2015 02:07:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: AUTORITE NT) Description: La valeur de la chaîne du texte d’explication du compteur de performance n’est pas formatée correctement dans le Registre. La chaîne erronée est ets픩ユ. Le premier DWORD de la section Data contient la valeur d’index pour la chaîne incorrecte, tandis que les deuxième et troisième DWORD de cette section contiennent les dernières valeurs d’index valides. Error: (07/17/2015 01:15:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: AUTORITE NT) Description: La valeur de la chaîne du texte d’explication du compteur de performance n’est pas formatée correctement dans le Registre. La chaîne erronée est Nombre de fournisseur de haute performance WMI renvoyé par l’adaptateur WMI. Le premier DWORD de la section Data contient la valeur d’index pour la chaîne incorrecte, tandis que les deuxième et troisième DWORD de cette section contiennent les dernières valeurs d’index valides. Error: (07/16/2015 11:50:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: Yassine-PC) Description: Product: Google Chrome -- Error 1316. A network error occurred while attempting to read from the file: C:\Users\Yassine\AppData\Local\Temp\3a0f890a\326382.ftf Error: (07/16/2015 10:51:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante plugin-container.exe, version : 39.0.0.5659, horodatage : 0x55934d06 Nom du module défaillant : mozalloc.dll, version : 39.0.0.5659, horodatage : 0x55933a83 Code d’exception : 0x80000003 Décalage d’erreur : 0x00001aa1 ID du processus défaillant : 0x8bc Heure de début de l’application défaillante : 0xplugin-container.exe0 Chemin d’accès de l’application défaillante : plugin-container.exe1 Chemin d’accès du module défaillant: plugin-container.exe2 ID de rapport : plugin-container.exe3 Error: (07/16/2015 01:16:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: AUTORITE NT) Description: La valeur de la chaîne du texte d’explication du compteur de performance n’est pas formatée correctement dans le Registre. La chaîne erronée est Nombre de fournisseur de haute performance WMI renvoyé par l’adaptateur WMI. Le premier DWORD de la section Data contient la valeur d’index pour la chaîne incorrecte, tandis que les deuxième et troisième DWORD de cette section contiennent les dernières valeurs d’index valides. Error: (07/16/2015 02:20:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: AUTORITE NT) Description: La valeur de la chaîne du texte d’explication du compteur de performance n’est pas formatée correctement dans le Registre. La chaîne erronée est Nombre de fournisseur de haute performance WMI renvoyé par l’adaptateur WMI. Le premier DWORD de la section Data contient la valeur d’index pour la chaîne incorrecte, tandis que les deuxième et troisième DWORD de cette section contiennent les dernières valeurs d’index valides. Error: (07/16/2015 01:29:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: AUTORITE NT) Description: La valeur de la chaîne du texte d’explication du compteur de performance n’est pas formatée correctement dans le Registre. La chaîne erronée est Nombre de fournisseur de haute performance WMI renvoyé par l’adaptateur WMI. Le premier DWORD de la section Data contient la valeur d’index pour la chaîne incorrecte, tandis que les deuxième et troisième DWORD de cette section contiennent les dernières valeurs d’index valides. Error: (07/15/2015 11:47:23 PM) (Source: ESENT) (EventID: 489) (User: ) Description: taskhost (2708) Une tentative d'ouverture du fichier "C:\Users\Yassine\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020) : "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur -1032 (0xfffffbf8). Error: (07/15/2015 05:15:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme iexplore.exe version 10.0.9200.16720 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : ce8 Heure de début : 01d0bf21b73ff7e9 Heure de fin : 7 Chemin d’accès de l’application : C:\Program Files\Internet Explorer\iexplore.exe ID de rapport : 24a1629f-2b15-11e5-b11e-00247e5261ba System errors: ============= Error: (07/17/2015 03:15:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Service Google Update (gupdate) n’a pas pu démarrer en raison de l’erreur : %%2 Error: (07/17/2015 03:13:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Util Jump Flip n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (07/17/2015 03:13:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Util Jump Flip. Error: (07/17/2015 03:12:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service General Purpose USB Driver (e4ldr.sys) n’a pas pu démarrer en raison de l’erreur : %%1058 Error: (07/17/2015 03:13:02 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x000000d1 (0x00000064, 0x00000002, 0x00000000, 0x92472d54)C:\Windows\MEMORY.DMP071715-15303-01 Error: (07/17/2015 03:12:57 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: L’arrêt système précédant à 15:10:32 le ‎17/‎07/‎2015 n’était pas prévu. Error: (07/17/2015 02:09:04 PM) (Source: Disk) (EventID: 11) (User: ) Description: Le pilote a détecté une erreur du contrôleur sur \...\DR3. Error: (07/17/2015 01:16:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Le service Carte de performance WMI s’est arrêté avec l’erreur : %%-2147467259 Error: (07/17/2015 12:30:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Util Jump Flip n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (07/17/2015 12:30:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Util Jump Flip. Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz Percentage of memory in use: 85% Total physical RAM: 3066.27 MB Available physical RAM: 457.73 MB Total Virtual: 6130.82 MB Available Virtual: 2860.39 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:76.96 GB) (Free:25.05 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:10 GB) (Free:2.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 80D2F3EE) Partition 1: (Active) - (Size=77 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=211.1 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS) ==================== End of log ============================