Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-04-2016 Ran by Lorenzo (2016-04-15 14:53:00) Running from C:\Users\Lorenzo\Desktop Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86) (2015-10-10 15:51:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-876290123-1069262905-1525467173-500 - Administrator - Disabled) Guest (S-1-5-21-876290123-1069262905-1525467173-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-876290123-1069262905-1525467173-1002 - Limited - Enabled) Lorenzo (S-1-5-21-876290123-1069262905-1525467173-1001 - Administrator - Enabled) => C:\Users\Lorenzo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Active@ Partition Recovery 15 (HKLM\...\{9D7E3F86-DAA8-4894-96D6-A0AB26291A16}_is1) (Version: 15 - LSoft Technologies Inc) Adblock Plus pour IE (32-bits) (HKLM\...\{61026FB6-44BC-48C5-BD29-4E3F9FCBB33B}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat Reader DC - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{E43B4909-141E-DFF3-8C58-62B5E4D66BBA}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Avogadro (HKLM\...\Avogadro) (Version: 1.1.1 - Humanity) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) Cool Edit Pro 2.1 (HKLM\...\Cool Edit Pro 2.1) (Version: - ) DFX (HKLM\...\DFX) (Version: 12.013.0.0 - Power Technology) Future Pinball (HKLM\...\Future Pinball_is1) (Version: Version 1.9.1.20101231 - Chris Leathley) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden HydraVision (Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mp3tag v2.57 (HKLM\...\Mp3tag) (Version: v2.57 - Florian Heidenreich) MPC-HC 1.7.10 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team) VirtualDJ 8 (HKLM\...\{88856755-B3D0-4F4E-8346-152B9C21E35F}) (Version: 8.0.2245.0 - Atomix Productions) VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN) Winamp (HKLM\...\Winamp) (Version: 5.7 Beta - Nullsoft, Inc) WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0DC280EF-B36E-4427-90D7-26F96AE614D5} - System32\Tasks\{340D686F-AF4D-4CB0-BFCB-2FC77B2FAE7D} => pcalua.exe -a C:\Users\Lorenzo\Downloads\7-Zip\7zFM.exe -d C:\Users\Lorenzo\Downloads\7-Zip Task: {4003DF1F-60A8-4568-9094-B01DCD778262} - System32\Tasks\{06D4107D-17FE-4240-85F4-2BB919AD8F1C} => pcalua.exe -a D:\SETUP.EXE -d D:\ Task: {5EDF686F-9F29-46FA-9DCC-FD115361A682} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd) Task: {61A77B0A-6B3B-4B23-9527-C43C794F1407} - System32\Tasks\Microsoft\Windows\orangeinside => C:\Users\Lorenzo\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe Task: {742F5427-ABA9-4227-8723-1D5B93220590} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {AB5FFC3E-6D13-4F52-8BB8-4700824E0FBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.) Task: {CAB787C2-620D-4934-9AD0-3875C0ECE048} - System32\Tasks\{B0813A41-8D90-4F42-BEB0-B1DEEF4B0057} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.111/fr/abandoninstall?source=lightinstaller&page=tsInstall Task: {D6FAD1B0-0957-47E2-BD07-5A0B028F0CE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-11-21 00:33 - 2015-12-02 22:28 - 01327096 _____ () C:\Program Files\DFX\DFX.exe 2015-11-21 00:47 - 2015-11-21 00:47 - 00052216 _____ () C:\Program Files\Common Files\DFX\Dlls\dfxShared32.dll 2012-11-16 14:59 - 2012-11-16 14:59 - 00098304 _____ () C:\Program Files\ATI Technologies\HydraVision\HydraFra.dll 2012-11-16 15:00 - 2012-11-16 15:00 - 00405504 _____ () C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe 2015-11-21 00:24 - 2015-11-21 00:24 - 00133624 _____ () C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:FCA8C9CD [266] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2010-12-23 21:08 - 00000780 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost # Start of entries ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-876290123-1069262905-1525467173-1001\Control Panel\Desktop\\Wallpaper -> G:\ancien windows 7\Pictures\Images\1685972.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{0B83F599-F415-410C-8740-C59D396B168D}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe FirewallRules: [UDP Query User{A00522CB-2F8A-4FA7-973A-AACA6F73594E}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe FirewallRules: [{AF98DC59-91FE-4DD3-91A4-F42D3D12DE6D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6F50E3E6-E94F-41C7-B070-893CE4495CA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{49193422-DAFA-4CB1-8508-7A4EED8B18F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1E97D20D-A594-4EA5-BEC8-67E3C39EB968}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7D735296-AACA-472B-B877-D637C07FEFA0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{58479359-71CC-4CBF-A60D-E53F0532AC55}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 14-04-2016 19:25:22 Scheduled Checkpoint 14-04-2016 22:41:33 Installed Python 2.7.11 15-04-2016 11:57:39 Removed Python 2.7.11 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2016 03:37:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante CompatTelRunner.exe, version : 10.0.10208.0, horodatage : 0x55b60451 Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521ea91c Code d’exception : 0xc0000005 Décalage d’erreur : 0x00052c86 ID du processus défaillant : 0x1140 Heure de début de l’application défaillante : 0xCompatTelRunner.exe0 Chemin d’accès de l’application défaillante : CompatTelRunner.exe1 Chemin d’accès du module défaillant: CompatTelRunner.exe2 ID de rapport : CompatTelRunner.exe3 Error: (04/15/2016 01:41:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme WINWORD.EXE version 12.0.4518.1014 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 47c Heure de début : 01d196a6d48f5f99 Heure de fin : 19 Chemin d’accès de l’application : C:\Program Files\Microsoft Office\Office12\WINWORD.EXE ID de rapport : 6bd821c9-029a-11e6-b117-00e052a1e01b Error: (04/14/2016 08:10:46 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: ) Description: Le service de protection logicielle n’a pas pu démarrer.0x80070002 6.1.7601.17514 Error: (04/14/2016 08:10:35 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Échec de la création d’un point de restauration (Processus = C:\Program Files\ZHPFix\ZHPFix.exe Files\ZHPFix\ZHPFix.exe"  ; Description = ZHPFix Restore System Point ; Erreur = 0x8007043c). Error: (04/14/2016 06:11:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante RogueKiller.exe, version : 12.1.2.0, horodatage : 0x570b4d8c Nom du module défaillant : RogueKiller.exe, version : 12.1.2.0, horodatage : 0x570b4d8c Code d’exception : 0xc0000005 Décalage d’erreur : 0x000d8903 ID du processus défaillant : 0x888 Heure de début de l’application défaillante : 0xRogueKiller.exe0 Chemin d’accès de l’application défaillante : RogueKiller.exe1 Chemin d’accès du module défaillant: RogueKiller.exe2 ID de rapport : RogueKiller.exe3 Error: (04/14/2016 06:07:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante Explorer.EXE, version : 6.1.7601.17514, horodatage : 0x4ce796f3 Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521ea91c Code d’exception : 0xc0000005 Décalage d’erreur : 0x0006470e ID du processus défaillant : 0x734 Heure de début de l’application défaillante : 0xExplorer.EXE0 Chemin d’accès de l’application défaillante : Explorer.EXE1 Chemin d’accès du module défaillant: Explorer.EXE2 ID de rapport : Explorer.EXE3 Error: (04/14/2016 05:48:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Impossible d’initialiser l’index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2016 05:48:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Impossible d’initialiser l’application. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2016 05:48:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Impossible d’initialiser l’objet rassembleur. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (04/14/2016 05:48:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Impossible d’initialiser le plug-in dans . Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) System errors: ============= Error: (04/15/2016 12:25:24 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/15/2016 12:20:34 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/14/2016 09:21:57 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000000a (0xc0811694, 0x00000000, 0x00000000, 0x82ab6040)C:\Windows\MEMORY.DMP041416-13650-01 Error: (04/14/2016 09:14:05 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/14/2016 08:19:34 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (04/14/2016 08:10:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Le service Software Protection s’est arrêté avec l’erreur : %%2 Error: (04/14/2016 08:09:03 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: ) Description: 0x80070057 Error: (04/14/2016 08:09:03 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: ) Description: WMPNetworkSvc0xc00d36b0 Error: (04/14/2016 08:09:03 PM) (Source: WMPNetworkSvc) (EventID: 14356) (User: ) Description: 0x80070057 Error: (04/14/2016 08:09:03 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: ) Description: WMPNetworkSvc0xc00d36b0 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz Percentage of memory in use: 27% Total physical RAM: 3069.61 MB Available physical RAM: 2221.02 MB Total Virtual: 6137.51 MB Available Virtual: 5032.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:130.46 GB) (Free:101.41 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: () (Fixed) (Total:74.5 GB) (Free:34.84 GB) NTFS Drive g: (Verbatim) (Fixed) (Total:465.76 GB) (Free:153.54 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================