Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01 Ran by jonathan at 2015-07-19 20:36:51 Running from C:\Users\jonathan\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrateur (S-1-5-21-2959799842-2766905096-1466013307-500 - Administrator - Disabled) HomeGroupUser$ (S-1-5-21-2959799842-2766905096-1466013307-1002 - Limited - Enabled) Invité (S-1-5-21-2959799842-2766905096-1466013307-501 - Limited - Disabled) jonathan (S-1-5-21-2959799842-2766905096-1466013307-1001 - Administrator - Enabled) => C:\Users\jonathan UpdatusUser (S-1-5-21-2959799842-2766905096-1466013307-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Akamai NetSession Interface (HKU\S-1-5-21-2959799842-2766905096-1466013307-1001\...\Akamai) (Version: - Akamai Technologies, Inc) ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0056 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) Caesar 3 (HKLM-x32\...\Caesar 3) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mises à jour NVIDIA 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation) NVIDIA Pilote graphique 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) Panneau de configuration NVIDIA 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Utilitaires Sierra (HKLM-x32\...\Utilitaires Sierra) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 06-07-2015 17:16:26 DirectX est installé 06-07-2015 17:40:39 Removed Aeria Ignite 07-07-2015 10:15:36 Windows Update 12-07-2015 19:00:49 Sauvegarde Windows 14-07-2015 10:47:01 Windows Update 16-07-2015 07:53:11 Windows Update 17-07-2015 08:49:07 Windows Update 19-07-2015 19:00:51 Sauvegarde Windows ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 __RSH C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {26A9B8C0-584C-4897-824B-DCC8E2C77DAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29] (Google Inc.) Task: {291A7327-27F5-409B-AB72-E049349230DB} - System32\Tasks\{E6E39E55-1112-42E7-AF12-5D0319526FC3} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=7.6.0.103&LastError=404 Task: {2CC71CE2-BD56-4B8F-8807-3E1FC48A631D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-29] (Avast Software s.r.o.) Task: {5CE3F9AE-0CB9-4085-A0D8-A7106E43CD86} - System32\Tasks\{69390F2E-BC70-4B8E-802B-C86B52D1E3B7} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=7.6.0.103&LastError=404 Task: {773C3764-6026-43BB-B7E5-EC7F54F3F90B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29] (Google Inc.) Task: {D1FB0174-975F-4E83-95F2-429F34DA0DF3} - System32\Tasks\{C468D473-57AA-46EB-A4D6-4DEAC9131E49} => pcalua.exe -a C:\Users\jonathan\Downloads\Risk_1.3\Install.exe -d C:\Users\jonathan\Downloads\Risk_1.3 Task: {E3C11F1A-50ED-40D5-B977-FD87185EDCC5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd) Task: {F4BB6504-3DAA-4168-BE5C-B7134DC257B3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2959799842-2766905096-1466013307-1001 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-06-29 16:51 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2011-04-10 17:40 - 2011-04-10 17:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-06-01 19:28 - 2015-06-01 19:28 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll 2015-06-29 13:06 - 2015-06-29 13:06 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-06-29 13:06 - 2015-06-29 13:06 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-07-18 12:57 - 2015-07-18 12:57 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071803\algo.dll 2015-07-19 15:25 - 2015-07-19 15:25 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071900\algo.dll 2015-06-29 13:06 - 2015-06-29 13:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-07-14 22:45 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll 2015-07-14 22:45 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll 2015-07-14 22:45 - 2015-07-13 23:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2959799842-2766905096-1466013307-1001\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2959799842-2766905096-1466013307-1001\...\aeriagames.com -> hxxp://aeriagames.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2959799842-2766905096-1466013307-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 109.88.203.3 - 62.197.111.140 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\jonathan\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FDF5358F-5ADF-4218-B679-2B4CF05D32C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{71B68CAE-EE2D-4422-A899-0CCFAC50F4E2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{AE5BEFE7-B2C4-4BDC-92A7-0D3ACE52D141}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{42B2E6FC-9458-475E-8BC3-02256B8DE911}C:\users\jonathan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jonathan\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{3A4A4650-92E6-4CA9-8998-234516A27936}C:\users\jonathan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jonathan\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{5292D24C-E9B9-4DF9-BA4C-C3A86ABA1444}C:\users\jonathan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jonathan\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{B97DFB9F-B7A0-4E87-9FF5-6C02B06F7821}C:\users\jonathan\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jonathan\appdata\local\akamai\netsession_win.exe FirewallRules: [{4F8BB880-6DB0-46D8-8BE7-CCFC9FB928A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Contrôleur de bus USB Description: Contrôleur de bus USB Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/19/2015 11:32:24 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/18/2015 04:36:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/18/2015 03:11:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/18/2015 02:15:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2015 01:53:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante nvtray.exe, version : 7.17.13.2702, horodatage : 0x521fc6cc Nom du module défaillant : NvUpdt.dll_unloaded, version : 0.0.0.0, horodatage : 0x521fbdff Code d’exception : 0xc0000005 Décalage d’erreur : 0x000007feede67422 ID du processus défaillant : 0x568 Heure de début de l’application défaillante : 0xnvtray.exe0 Chemin d’accès de l’application défaillante : nvtray.exe1 Chemin d’accès du module défaillant: nvtray.exe2 ID de rapport : nvtray.exe3 Error: (07/18/2015 12:41:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2015 09:53:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/17/2015 08:45:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/17/2015 06:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2015 08:53:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/19/2015 06:56:00 AM) (Source: ACPI) (EventID: 10) (User: ) Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique. Error: (07/19/2015 06:56:00 AM) (Source: ACPI) (EventID: 10) (User: ) Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique. Error: (07/18/2015 01:53:46 PM) (Source: ACPI) (EventID: 10) (User: ) Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique. Error: (07/18/2015 01:53:46 PM) (Source: ACPI) (EventID: 10) (User: ) Description: ACPI : le BIOS ACPI essaie d’écrire sur une région d’opération PCI non autorisée (0x4). Contactez le fabricant de votre ordinateur pour une assistance technique. Error: (07/18/2015 12:40:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Windows Installer n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (07/18/2015 12:40:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Windows Installer. Error: (07/18/2015 12:12:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Windows Installer s’est terminé de façon inattendue pour la 3ème fois. Error: (07/18/2015 12:07:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Windows Installer s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 300000 millisecondes : Redémarrer le service. Error: (07/18/2015 12:05:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Windows Installer s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 120000 millisecondes : Redémarrer le service. Error: (07/17/2015 06:30:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Programme d’installation pour les modules Windows s’est terminé de façon inattendue pour la 4ème fois. Microsoft Office: ========================= Error: (07/19/2015 11:32:24 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/18/2015 04:36:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/18/2015 03:11:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/18/2015 02:15:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/18/2015 01:53:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvtray.exe7.17.13.2702521fc6ccNvUpdt.dll_unloaded0.0.0.0521fbdffc0000005000007feede6742256801d0c0e1cc25a0d3C:\Program Files\NVIDIA Corporation\Display\nvtray.exeNvUpdt.dlla8d871d8-2d43-11e5-8fe6-485b39e79275 Error: (07/18/2015 12:41:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2015 09:53:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/17/2015 08:45:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (07/17/2015 06:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/17/2015 08:53:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz Percentage of memory in use: 43% Total physical RAM: 3884.48 MB Available physical RAM: 2191.53 MB Total Virtual: 7767.16 MB Available Virtual: 5557.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:334.23 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Disque D) (Fixed) (Total:465.76 GB) (Free:313.6 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 70863547) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4A1B0B8E) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of log ============================