Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01 Ran by user at 2016-04-24 18:28:48 Running from C:\Users\user\Downloads\FRST Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrateur (S-1-5-21-563983577-417192658-4095818541-500 - Administrator - Disabled) HomeGroupUser$ (S-1-5-21-563983577-417192658-4095818541-1006 - Limited - Enabled) Invité (S-1-5-21-563983577-417192658-4095818541-501 - Limited - Enabled) meriemtea (S-1-5-21-563983577-417192658-4095818541-1007 - Limited - Enabled) => C:\Users\meriemtea user (S-1-5-21-563983577-417192658-4095818541-1001 - Administrator - Enabled) => C:\Users\user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.) Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Athan Basic 4.5 (HKLM-x32\...\Athan) (Version: - ) Avast Antivirus Gratuit (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.) Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden Evernote (HKLM-x32\...\Evernote) (Version: 1.0.0 - Evernote Launcher by Toshiba Europe GmbH) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Freelang (HKLM-x32\...\{909E2D66-B931-415C-A9DE-FF030AB5AD77}_is1) (Version: - Freelang) Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden K-Lite Codec Pack 12.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.5 - KLCP) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Micro Application - 36 Dictionnaires et Recueils de Correspondance (HKLM-x32\...\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}) (Version: 1.0.0.0 - ) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation) Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft) Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft) Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft) MOBICONNECT (HKLM-x32\...\{BCE97917-E58C-41FA-9B53-859E3FDCE924}) (Version: 1.0.0.2 - ZTE Corporation) Mozilla Firefox 45.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 fr)) (Version: 45.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.5.0.1144 - Lenovo) Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.108 - Skype Technologies S.A.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB) Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated) TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.346 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation) TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Viber (HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\Viber) (Version: 5.0.1.42 - Viber Media Inc) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden ZDServer (HKLM-x32\...\{C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D}) (Version: 1.0.1.2 - ZTE Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 07-04-2016 13:44:41 Windows Update 10-04-2016 14:25:09 Windows Update 14-04-2016 13:17:42 ASU_MSI_TRAN 19-04-2016 21:30:27 Removed BlueStacks App Player 22-04-2016 22:40:43 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00C6AC78-251B-4825-8D68-C4845B3BC738} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-563983577-417192658-4095818541-1001UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-14] (Facebook Inc.) Task: {047CB6B2-AEDA-436F-87D1-B548AEDB8524} - System32\Tasks\{BE14C1B0-F216-428B-A574-4633F7C04203} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=7.6.0.105&LastError=-3 Task: {0F3E2EDD-B553-4F84-B82C-6BEBA188A5A5} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-563983577-417192658-4095818541-1001 Task: {1765212D-F5EC-414E-AA15-93342E2E04C7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-03-19] (Microsoft Corporation) Task: {1FB60998-23AA-4B10-801D-8694E27E97AE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-15] (AVAST Software) Task: {2C08BE1D-2757-4AB7-857E-E4D9482B246D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-03-22] () Task: {34CCFF71-2185-4867-B2CD-BF0615534008} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.) Task: {374ED8BE-92D2-4D09-9DBB-9D103CEF2ECD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.) Task: {37D69F58-B876-4BF1-B4A4-CC4EC73B7C05} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe %windir%\system32\invagent.dll,RunUpdate Task: {3D02D21F-6D33-4338-AD6B-0CF00D249F14} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {3F3FCE8C-4DE7-4F01-8523-16DEADD68FCB} - System32\Tasks\SafeZone scheduled Autoupdate 1460026627 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software) Task: {454DDA1D-D788-4FC6-8FA3-57DB1907D1E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd) Task: {5A7E1AAC-A12B-4821-AC64-E4AA3ECB54EE} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH) Task: {68940ABF-A5C1-457B-AF7F-AEC1A5A5ED34} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation) Task: {70EA79B5-3507-4F21-9F14-48C981CAF508} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-03-19] (Microsoft Corporation) Task: {725115EB-B9F0-4E2E-A9C8-2274C17B5F3B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software) Task: {89E94BC4-CDB4-4C00-B582-FE26BE8BBE6F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-04-17] (Microsoft Corporation) Task: {969B4E39-FF48-411D-88E3-62060D7C13D8} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-09] (TOSHIBA Corporation) Task: {A41D34EE-B6CD-40FF-8F2A-119B5B3E4703} - \Yahoo! Search Updater No Task File <==== ATTENTION Task: {B307A441-B560-4A80-AA05-6F5562D6C02F} - System32\Tasks\{E5758337-9C20-42AD-8621-BDAF56C4DCE3} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=7.6.0.105&LastError=12002 Task: {BD0A82E1-A0FF-4CE2-B123-CCDDA87AE6F5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-563983577-417192658-4095818541-1001Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-14] (Facebook Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-563983577-417192658-4095818541-1001Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-563983577-417192658-4095818541-1001UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-03-27 21:53 - 2013-03-27 21:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe 2013-09-10 21:54 - 2013-09-10 21:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2015-03-01 20:30 - 2013-11-06 17:54 - 00427264 _____ () C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe 2015-03-01 20:30 - 2013-11-06 17:54 - 00426752 ____C () C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe 2013-12-08 18:35 - 2013-09-13 09:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-04-03 12:36 - 2016-03-29 07:32 - 00075264 ____C () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2013-08-22 08:19 - 2013-08-22 07:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd 2016-01-14 17:18 - 2016-01-14 17:18 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\e291aa8a59dc390d0cdf99d3c6d8b6e5\Windows.Data.ni.dll 2015-07-16 15:44 - 2015-07-16 15:44 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b3972424579e18e6699549ecb948c4ef\Windows.Foundation.ni.dll 2016-04-15 21:46 - 2016-04-15 21:46 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-04-15 21:46 - 2016-04-15 21:46 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-04-24 15:00 - 2016-04-24 15:00 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042400\algo.dll 2016-04-15 21:46 - 2016-04-15 21:46 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2004-12-25 12:37 - 2004-12-25 12:37 - 00258121 _____ () C:\Program Files (x86)\Athan\vbh.dll 2010-03-08 21:08 - 2010-03-08 21:08 - 00282697 _____ () C:\Program Files (x86)\Athan\vbp.dll 2004-03-20 13:49 - 2004-03-20 13:49 - 00229444 _____ () C:\Program Files (x86)\Athan\vbq.dll 2015-12-16 21:20 - 2015-12-16 21:20 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2016-04-11 22:39 - 2016-04-06 11:04 - 01675928 ____C () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll 2016-04-11 22:39 - 2016-04-06 11:04 - 00086168 ____C () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll 2014-01-14 01:33 - 2013-09-04 01:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\user\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-563983577-417192658-4095818541-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Viewer\Papier peint de la Visionneuse de photos Windows.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run: => "TCrdMain" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "TSVU" HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\StartupApproved\StartupFolder: => "TorntvDownloader.lnk" HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\StartupApproved\Run: => "Yahoo! Search" HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer" HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\StartupApproved\Run: => "MediaDICO36" HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-563983577-417192658-4095818541-1001\...\StartupApproved\Run: => "BlueStacks Agent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{521FF5F7-5C90-4CE1-8154-0F0A19301E54}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{DFC1D61D-2B9F-4CD6-88A3-869604764C2E}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{53496118-EB34-45DF-A84E-C248D4E96ADA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{1DC329E5-CF19-46F4-A31E-C638E538B621}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{2680DAC3-2B97-4C04-B529-8AD7F973BBDF}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{81373111-FD37-4D3F-828D-773135FBED38}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{66CAF91E-ADE4-4F47-A645-DE5B72C655A0}] => (Allow) C:\Users\user\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{8ED2CE03-B2A2-4E76-9C05-B4BB1D4E06AF}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [TCP Query User{572E9605-4E08-4411-A18D-1442F817C70F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{B81224A4-4C58-4F26-8571-7913ABFCCA1C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{3D24E4DF-6069-4613-9388-CBC390C2BE0A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{2FAEF4DF-B205-4793-B108-CF57BE081C7D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{4643659D-1DD0-4691-BE2E-84BB991B7017}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D352CA4A-74B7-4C24-9075-C7EFF426EAC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{843DCB8F-BA31-40CC-AA8F-A31D6697C475}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [UDP Query User{55235973-A0C3-4831-8C19-5CAE8F30A7E3}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [TCP Query User{FFBE3B1D-D7AB-4C20-A9DD-08E60CDDA3E4}C:\users\user\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe FirewallRules: [UDP Query User{1E570233-21D7-4CD8-A396-3321C75FF7C8}C:\users\user\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe FirewallRules: [{A219BB86-E534-4D8E-83AA-C307D714716B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{ED8DCD73-2695-4964-BC13-D8778E9B312B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe FirewallRules: [{9DADAC15-5914-41BA-97ED-1120EF792B90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{ADE0B13A-AE71-4A52-8DF5-73D426687460}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe FirewallRules: [{CECA3013-DD6D-4A06-A723-3E38D89E13BF}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/24/2016 03:08:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme chrome.exe version 49.0.2623.112 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 1734 Heure de début : 01d19e31a8c03d46 Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ID de rapport : 07623173-0a26-11e6-82c8-0c54a5b5ea96 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error: (04/23/2016 10:46:05 AM) (Source: Google Update) (EventID: 20) (User: TOSHIBA) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (04/23/2016 10:05:57 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (04/22/2016 08:19:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSHIBA) Description: Échec de l’activation de l’application Skyscanner.Skyscanner_623c9he0pwcym!App avec l’erreur : -2147023170 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (04/22/2016 08:19:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme backgroundTaskHost.exe version 6.3.9600.17415 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 16f8 Heure de début : 01d19ccbe5f96c49 Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Windows\system32\backgroundTaskHost.exe ID de rapport : 26eb7fed-08bf-11e6-82c5-0c54a5b5ea96 Nom complet du package défaillant : Skyscanner.Skyscanner_1.4.2.0_neutral__623c9he0pwcym ID de l’application relative au package défaillant : App Error: (04/22/2016 03:35:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSHIBA) Description: Échec de l’activation de l’application windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel avec l’erreur : -2147019873 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (04/22/2016 03:35:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSHIBA) Description: Échec de l’activation de l’application windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel avec l’erreur : -2147019873 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (04/22/2016 01:58:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme backgroundTaskHost.exe version 6.3.9600.17415 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : bec Heure de début : 01d19be3ebf8e484 Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Windows\system32\backgroundTaskHost.exe ID de rapport : e582c5b8-0889-11e6-82c5-0c54a5b5ea96 Nom complet du package défaillant : Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt ID de l’application relative au package défaillant : App Error: (04/22/2016 01:56:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante chrome.exe, version : 49.0.2623.112, horodatage : 0x570458bc Nom du module défaillant : ntdll.dll, version : 6.3.9600.18194, horodatage : 0x569515fc Code d’exception : 0xc0000018 Décalage d’erreur : 0x0009d3c2 ID du processus défaillant : 0xf40 Heure de début de l’application défaillante : 0xchrome.exe0 Chemin d’accès de l’application défaillante : chrome.exe1 Chemin d’accès du module défaillant: chrome.exe2 ID de rapport : chrome.exe3 Nom complet du package défaillant : chrome.exe4 ID de l’application relative au package défaillant : chrome.exe5 Error: (04/21/2016 12:59:02 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 System errors: ============= Error: (04/24/2016 05:50:58 PM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: 192.168.1.3192.168.137.0255.255.255.0 Error: (04/24/2016 05:50:58 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (04/24/2016 05:24:43 PM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: 192.168.1.3192.168.137.0255.255.255.0 Error: (04/24/2016 05:24:43 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (04/24/2016 05:24:43 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (04/24/2016 05:24:43 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (04/24/2016 05:22:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Le service Service Partage réseau du Lecteur Windows Media dépend du service Windows Search qui n’a pas pu démarrer en raison de l’erreur : %%1069 Error: (04/24/2016 05:22:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Windows Search n’a pas pu démarrer en raison de l’erreur : %%1069 Error: (04/24/2016 05:22:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Le service WSearch n’a pas pu ouvrir de session en tant que NT AUTHORITY\SYSTEM avec le mot de passe actuellement configuré en raison de l’erreur suivante : %%50 Pour vous assurer que le service est configuré correctement, utilisez le composant logiciel enfichable Services dans Microsoft Management Console (MMC). Error: (04/24/2016 05:22:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Windows Search n’a pas pu démarrer en raison de l’erreur : %%1069 Microsoft Office: ========================= Error: (01/13/2015 10:05:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/13/2015 10:05:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 157 seconds with 120 seconds of active time. This session ended with a crash. Error: (01/13/2015 10:02:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1207 seconds with 840 seconds of active time. This session ended with a crash. Error: (01/13/2015 09:41:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16482 seconds with 6480 seconds of active time. This session ended with a crash. Error: (01/12/2015 03:08:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 528 seconds with 480 seconds of active time. This session ended with a crash. Error: (01/12/2015 12:32:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 311 seconds with 180 seconds of active time. This session ended with a crash. Error: (01/12/2015 12:26:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2110 seconds with 540 seconds of active time. This session ended with a crash. Error: (12/31/2014 03:04:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5641 seconds with 5160 seconds of active time. This session ended with a crash. Error: (12/31/2014 01:29:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1411 seconds with 1140 seconds of active time. This session ended with a crash. Error: (12/31/2014 11:53:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1497 seconds with 1440 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-12-16 18:57:01.733 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 18:46:42.792 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 18:46:42.021 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 18:24:57.224 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 18:24:56.454 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 18:24:54.805 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 18:24:53.634 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-09 00:59:27.706 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-09 00:59:27.021 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-09 00:59:26.314 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz Percentage of memory in use: 69% Total physical RAM: 3971.27 MB Available physical RAM: 1194.14 MB Total Virtual: 4995.27 MB Available Virtual: 1926.82 MB ==================== Drives ================================ Drive c: (TI31255400A) (Fixed) (Total:454.15 GB) (Free:176.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End of log ============================