Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01 Ran by Salma (10-06-2017 12:50:33) Running from C:\Users\Salma\Desktop Windows 10 Pro Version 1703 (X64) (2017-06-05 02:30:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-321738506-1789406464-3067570155-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-321738506-1789406464-3067570155-503 - Limited - Disabled) Guest (S-1-5-21-321738506-1789406464-3067570155-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-321738506-1789406464-3067570155-1002 - Limited - Enabled) Salma (S-1-5-21-321738506-1789406464-3067570155-1000 - Administrator - Enabled) => C:\Users\Salma ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.201.1611.252 - Alps Electric) Amazon Assistant (HKLM-x32\...\{065E406C-5309-4CE8-9935-189A1EAE1004}) (Version: 10.17.0228 - Amazon) <==== ATTENTION Avast Antivirus Gratuit (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Cisco Packet Tracer 6.2 Instructor (HKLM-x32\...\Cisco Packet Tracer 6.2 Instructor_is1) (Version: - Cisco Systems, Inc.) Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version: - Cisco Systems, Inc.) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.3.50 - Lenovo) Energy Management (x32 Version: 8.0.3.50 - Lenovo) Hidden GNS3 2.0.0 (HKLM-x32\...\GNS3) (Version: 2.0.0 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Icecream Image Resizer version 1.46 (HKLM-x32\...\{2F8F5694-F482-481A-B05F-4A6D8A275B84}_is1) (Version: 1.46 - Icecream Apps) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0358 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{bc9808f5-afda-4f96-b90e-da5bfb2ef8da}) (Version: 16.1.4 - Intel Corporation) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Visio Viewer 2007 (HKLM-x32\...\{95120000-0052-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-321738506-1789406464-3067570155-1000\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft) Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft) Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft) Mozilla Firefox 47.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 fr)) (Version: 47.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla) My Connection (HKLM-x32\...\IAM Aegean My Connection_is1) (Version: - IAM) Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.2.17 - Symantec Corporation) NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Opera Stable 45.0.2552.888 (HKLM-x32\...\Opera 45.0.2552.888) (Version: 45.0.2552.888 - Opera Software) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7514 - Realtek Semiconductor Corp.) Restaurant POS Demo 13 (HKLM-x32\...\Restaurant POS Demo 13_is1) (Version: - Denver Research) SafeZone Stable 1.51.2220.47 (x32 Version: 1.51.2220.47 - Avast Software) Hidden SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds) Streaming Audio Recorder version 3.4.5 (HKLM-x32\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 3.4.5 - APOWERSOFT LIMITED) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visionneuse Microsoft PowerPoint (HKLM-x32\...\{95140000-00AF-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Visual Studio 2005 Tools pour Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) VMware Player (HKLM\...\{B5D82DF0-AC2F-469F-8E97-599653947166}) (Version: 12.5.5 - VMware, Inc.) VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.0.00000 - VMware, Inc.) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-321738506-1789406464-3067570155-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Salma\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {048B3BBE-9E36-4415-9036-B55A183540B7} - System32\Tasks\Norton Security Scan for Salma => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.2.17\Nss.exe [2017-05-15] (Symantec Corporation) Task: {085AC5EE-1030-40B6-8A4B-EA8B796EF4FD} - System32\Tasks\{FFDC0F8B-4D33-4431-B72D-9B18A209E278} => pcalua.exe -a C:\Users\Salma\Downloads\kav15.0.2.361fr_7379.exe -d C:\Users\Salma\Downloads Task: {08BF6F18-7F18-4DBE-917A-74C201F6DADD} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0F1CD8DC-764A-47D3-AB65-40C1A6D4293C} - System32\Tasks\{EA74CDFD-AC46-4E7F-977F-FB849154956C} => pcalua.exe -a "C:\Users\Salma\Downloads\chromeinstall-8u31 (1).exe" -d C:\Users\Salma\Downloads Task: {10D55A38-9062-4D9A-A641-87178B02E4B7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {166388FE-2EF9-4003-BA74-6EA5F4711F70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08] (Google Inc.) Task: {1ED096B8-5B33-4C5B-9A01-BF51803CA02A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {32F98FFE-839F-41B6-B4AC-573C163B2C64} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {45406629-62D4-47C2-8FBD-0874215423E3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {53CFAB68-8150-41AB-A189-E8E1CBF34F82} - System32\Tasks\avastBCLRestartS-1-5-21-321738506-1789406464-3067570155-1000 => Chrome.exe Task: {65091EBD-05C5-4ADC-BDE4-B435A9E3D188} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {6DAAFB99-7D36-45EE-94DD-5F321A437C68} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8116ACAF-B6FF-464A-BCC2-3BA631D25676} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-23] (Microsoft Corporation) Task: {8136326A-932B-4BD5-88E3-A994A2BC7CE7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software) Task: {84BC3296-704B-496D-B3D1-2C04F5C23AEE} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {88C8BE96-090F-450A-AFB6-F298BB1C7798} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {893A4A62-39F1-479D-885A-98BF60AC31C5} - System32\Tasks\Opera scheduled Autoupdate 1424294240 => C:\Program Files (x86)\Opera\launcher.exe [2017-05-31] (Opera Software) Task: {8975007E-F84F-4A3F-B4BD-710DA3CA0CF5} - System32\Tasks\SafeZone scheduled Autoupdate 1465917142 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software) Task: {8981B298-3404-455D-834D-C61AAA6F41D0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {8E7ED482-BA3D-4D1F-9DC4-4F5342093E0B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9BBC7F8C-F2A7-4473-A1CF-1BF487D8E5F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08] (Google Inc.) Task: {9BDF80F4-2F90-44A5-AC0C-48484C8C04A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {A5F96C8C-D581-4373-9DF2-951601165288} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A80D02C7-05EA-4FF1-B058-1AB91F0B75BE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {AA8CEB4F-A632-47EF-87DF-78C7D7BE3609} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {B6D68429-0964-4561-86D3-F2E1CA25D4D6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B8DB3DD1-ACD9-497F-90CD-2C3CB84777A1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B8E52478-52DE-49B8-AAF0-655DA640FDDE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-24] (AVAST Software) Task: {C9FA866F-E775-4BA9-B173-A4E4519ADBD6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D19A753E-3BF5-42C7-88F3-EC49829486A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DBCE1800-E6C7-4B8A-8A1E-576823A14028} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {E363473E-1AEB-4BDF-8FC9-7423F1708574} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F8A42D58-4A9F-4529-8757-C474C0F17133} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {FDE69CEA-AF43-4A7F-BE48-E5325F9F87E8} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {FFFB4F07-5689-426F-B0EE-01D4B71D3464} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Salma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.LNK -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.bahaty.com/red/f.php ==================== Loaded Modules (Whitelisted) ============== 2015-03-29 11:47 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files (x86)\My Connection\BackgroundService\ServiceManager.exe 2017-02-28 15:19 - 2017-02-28 15:19 - 00102064 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe 2017-02-28 15:20 - 2017-02-28 15:20 - 00141488 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\aaLoader64.dll 2017-06-05 02:00 - 2016-12-29 13:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-03-18 20:58 - 2017-03-18 20:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2016-11-01 23:05 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe 2017-03-18 20:59 - 2017-03-19 02:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-06-07 23:30 - 2017-06-07 23:31 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-06-07 23:30 - 2017-06-07 23:31 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-05-12 07:39 - 2017-05-12 07:39 - 06557184 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe\WhatsNew.Store.dll 2017-05-12 07:39 - 2017-05-12 07:39 - 00024576 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_5.9.1042.0_x64__8wekyb3d8bbwe\SkuInterop.dll 2017-05-08 08:21 - 2017-05-08 08:23 - 00054272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2015-03-29 11:47 - 2012-09-26 19:36 - 00126056 _____ () C:\Program Files (x86)\My Connection\BackgroundService\ModemListener.exe 2016-08-24 11:50 - 2016-08-24 11:50 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-06-09 21:39 - 2017-06-09 21:39 - 06101864 _____ () c:\program files\avast software\avast\defs\17060904\algo.dll 2016-08-24 11:50 - 2016-08-24 11:50 - 00482928 _____ () c:\program files\avast software\avast\ffl2.dll 2016-07-01 02:10 - 2016-07-01 02:10 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2015-03-21 15:46 - 00000878 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-321738506-1789406464-3067570155-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "BLEServicesCtrl" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run32: => "USB3MON" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FFFFD31A-29B4-4CF8-9DDE-C3842C77044E}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe FirewallRules: [{22E65E44-B95B-49A4-83FA-41C1C3D2140A}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.881\opera.exe FirewallRules: [{66033DF2-CA9C-4AF1-83C8-B562EC23F633}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D7CC513B-EBBE-412E-A740-48C16E0F7ADD}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{58422A82-489C-4911-A170-DCDAE4ED1355}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{5DE6AFDB-7EAE-4269-8805-594D4E4A17C5}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe FirewallRules: [{6A67F03A-CD05-4DAE-A6E3-DCA4D3DE0614}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-x86_64w.exe FirewallRules: [{EA31D54F-A941-4175-8693-3C233598E6BC}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe FirewallRules: [{05764222-750B-4AD6-8E0D-F795813915C9}] => (Allow) C:\Program Files\GNS3\qemu-2.4.0\qemu-system-i386w.exe FirewallRules: [{2E1043AC-13F3-4F13-A618-22E81F1CCBEB}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe FirewallRules: [{47CF9235-3300-47B6-8C9D-9BAE77711592}] => (Allow) C:\Program Files\GNS3\qemu-0.11.0\qemu.exe FirewallRules: [{99F2DDF7-EE60-4DC5-ABEE-7E9C31BA53CD}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe FirewallRules: [{E8378CEF-A274-4DF5-BCBF-41983D9E1E82}] => (Allow) C:\Program Files\GNS3\vpcs\vpcs.exe FirewallRules: [{89473BD8-6F88-4513-AA78-B8C67C23590E}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe FirewallRules: [{7CD36E00-9DD3-4449-9328-220951D4F868}] => (Allow) C:\Program Files\GNS3\dynamips\dynamips.exe FirewallRules: [{9DAA9348-628D-4412-8F86-7848F457B03F}] => (Allow) C:\Program Files\GNS3\ubridge.exe FirewallRules: [{21AD35D3-EBD6-4881-B339-BE6525C9B8CD}] => (Allow) C:\Program Files\GNS3\ubridge.exe FirewallRules: [{A2A0FAD5-711C-4AAB-A9A8-431B281619DB}] => (Allow) C:\Program Files\GNS3\gns3server.exe FirewallRules: [{8BB3AF51-EC95-4C08-9FEF-FDCA3E7951F2}] => (Allow) C:\Program Files\GNS3\gns3server.exe FirewallRules: [UDP Query User{DD4125D8-4F4C-407F-A2EF-B4BA56F4F13C}C:\program files (x86)\cisco packet tracer 6.2iv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2iv\bin\packettracer6.exe FirewallRules: [TCP Query User{97A2CF6E-2603-4276-819B-706EA65D6A7C}C:\program files (x86)\cisco packet tracer 6.2iv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2iv\bin\packettracer6.exe FirewallRules: [UDP Query User{0064FECB-EE4E-4325-8E2E-C713FE83207D}C:\program files (x86)\cisco packet tracer 6.2iv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2iv\bin\packettracer6.exe FirewallRules: [TCP Query User{A26200C9-E00A-43E6-963D-3F2D63D5D7D7}C:\program files (x86)\cisco packet tracer 6.2iv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2iv\bin\packettracer6.exe FirewallRules: [{051897E7-0DAE-4B55-9C1E-3E102531C505}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E304CF23-A13D-451E-A761-BE05EF458467}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{85D720C3-D80C-469C-9712-0C3A6C27532C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [TCP Query User{36C58C3D-5AB6-4CF1-8BAB-D4AB2338C681}C:\users\salma\downloads\kav15.0.2.361fr_7379.exe] => (Block) C:\users\salma\downloads\kav15.0.2.361fr_7379.exe FirewallRules: [UDP Query User{464ABC1B-2227-4A63-9A7E-D37D10501D44}C:\users\salma\downloads\kav15.0.2.361fr_7379.exe] => (Block) C:\users\salma\downloads\kav15.0.2.361fr_7379.exe FirewallRules: [TCP Query User{A188FF09-2305-4A41-ACBA-47B62DC4C207}C:\users\salma\downloads\kav15.0.2.361en.exe] => (Block) C:\users\salma\downloads\kav15.0.2.361en.exe FirewallRules: [UDP Query User{41636971-4441-424A-9271-6235C5592418}C:\users\salma\downloads\kav15.0.2.361en.exe] => (Block) C:\users\salma\downloads\kav15.0.2.361en.exe FirewallRules: [TCP Query User{7373FC71-F008-4EF8-8178-43B378581FEC}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{33940356-666E-4AF6-A03D-AF737A412372}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [{1FB49316-120D-4ADC-8F66-30261078E665}] => (Allow) C:\Users\Salma\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{9849474B-CD47-40AE-94C9-95BD727754A3}] => (Allow) C:\Users\Salma\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{9BC03B21-0750-4E56-BE43-CEDBB6547CE8}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe FirewallRules: [UDP Query User{D21D88A7-A459-4160-8A0D-A241FFBA68D5}C:\program files\maple 2015\jre\bin\javaw.exe] => (Allow) C:\program files\maple 2015\jre\bin\javaw.exe FirewallRules: [{262C413A-F1A6-4D9C-84FF-6A14D5D41CED}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe FirewallRules: [{F8B193B1-4B0A-4714-844E-E83854F305CF}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe FirewallRules: [TCP Query User{77FC2499-8C59-49E1-943A-E4CCCFD358D8}C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe FirewallRules: [UDP Query User{EB9EB425-0A0D-4290-B7B1-27447A5F6C18}C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe FirewallRules: [TCP Query User{CFB9274F-2D2A-46BD-AB03-F0B6D0C1F7AC}C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe FirewallRules: [UDP Query User{4B6A8A6E-F538-4CB4-85D5-FBA397EB9E0F}C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.0\bin\packettracer7.exe ==================== Restore Points ========================= 05-06-2017 11:55:43 Installé Microsoft Office Visio Viewer 2007 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/09/2017 09:41:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante launcher.exe_Avast SafeZone Browser, version : 1.51.2220.53, horodatage : 0x57a8aaa1 Nom du module défaillant : launcher.exe, version : 1.51.2220.53, horodatage : 0x57a8aaa1 Code d’exception : 0x80000003 Décalage d’erreur : 0x00023ef9 ID du processus défaillant : 0x1638 Heure de début de l’application défaillante : 0x01d2e1692a14f698 Chemin d’accès de l’application défaillante : C:\Program Files\AVAST Software\SZBrowser\launcher.exe Chemin d’accès du module défaillant: C:\Program Files\AVAST Software\SZBrowser\launcher.exe ID de rapport : cad986c3-4823-47ca-b696-2ec40690198b Nom complet du package défaillant : ID de l’application relative au package défaillant : Error: (06/08/2017 11:45:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante Microsoft.Photos.exe, version : 1.0.1705.24002, horodatage : 0x5926017a Nom du module défaillant : igd10iumd64.dll, version : 20.19.15.4531, horodatage : 0x57ed27c8 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000031686 ID du processus défaillant : 0x888 Heure de début de l’application défaillante : 0x01d2e08f40be6295 Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\igd10iumd64.dll ID de rapport : 924cf5b8-732a-4ad3-ae12-ecafeb5b056f Nom complet du package défaillant : Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : App Error: (06/08/2017 04:20:06 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. Error: (06/08/2017 03:09:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante launcher.exe_Avast SafeZone Browser, version : 1.51.2220.53, horodatage : 0x57a8aaa1 Nom du module défaillant : launcher.exe, version : 1.51.2220.53, horodatage : 0x57a8aaa1 Code d’exception : 0x80000003 Décalage d’erreur : 0x00023ef9 ID du processus défaillant : 0x2344 Heure de début de l’application défaillante : 0x01d2e0692c3a7efe Chemin d’accès de l’application défaillante : C:\Program Files\AVAST Software\SZBrowser\launcher.exe Chemin d’accès du module défaillant: C:\Program Files\AVAST Software\SZBrowser\launcher.exe ID de rapport : 2862781c-93c4-453e-b3b7-03e0fe654868 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error: (06/08/2017 11:12:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante launcher.exe_Avast SafeZone Browser, version : 1.51.2220.53, horodatage : 0x57a8aaa1 Nom du module défaillant : launcher.exe, version : 1.51.2220.53, horodatage : 0x57a8aaa1 Code d’exception : 0x80000003 Décalage d’erreur : 0x00023ef9 ID du processus défaillant : 0x2420 Heure de début de l’application défaillante : 0x01d2e0482665b9fe Chemin d’accès de l’application défaillante : C:\Program Files\AVAST Software\SZBrowser\launcher.exe Chemin d’accès du module défaillant: C:\Program Files\AVAST Software\SZBrowser\launcher.exe ID de rapport : 7917ce1d-1f36-4cd5-bc49-a4c4aab390a7 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error: (06/08/2017 11:10:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante launcher.exe_Avast SafeZone Browser, version : 1.51.2220.53, horodatage : 0x57a8aaa1 Nom du module défaillant : launcher.exe, version : 1.51.2220.53, horodatage : 0x57a8aaa1 Code d’exception : 0x80000003 Décalage d’erreur : 0x00023ef9 ID du processus défaillant : 0x1960 Heure de début de l’application défaillante : 0x01d2e047de62f473 Chemin d’accès de l’application défaillante : C:\Program Files\AVAST Software\SZBrowser\launcher.exe Chemin d’accès du module défaillant: C:\Program Files\AVAST Software\SZBrowser\launcher.exe ID de rapport : 2ac1dc28-ac8a-4c96-b0f7-a7268b740145 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error: (06/08/2017 11:05:02 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme PacketTracer7.exe version 0.0.0.0 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 14ac Heure de début : 01d2e046ef20c70f Heure de fin : 9 Chemin d'accès de l'application : C:\Program Files\Cisco Packet Tracer 7.0\bin\PacketTracer7.exe ID de rapport : cf445b8a-b0a9-4c07-8a22-8c4a98cee0b3 Nom complet du package défaillant : ID de l'application relative au package défaillant : Error: (06/08/2017 04:04:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Salma-PC) Description: Le package Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe+App a été interrompu, car sa suspension a été trop longue. Error: (06/07/2017 06:22:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Salma-PC) Description: Échec de l’activation de l’application Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error: (06/07/2017 06:22:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Salma-PC) Description: L’application Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy+WindowsDefaultLockScreen n’a pas été lancée dans le délai qui lui était imparti. System errors: ============= Error: (06/10/2017 12:48:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service CldFlt n’a pas pu démarrer en raison de l’erreur : Cette demande n’est pas prise en charge. Error: (06/10/2017 12:47:23 PM) (Source: DCOM) (EventID: 10010) (User: Salma-PC) Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/10/2017 12:46:11 PM) (Source: DCOM) (EventID: 10010) (User: Salma-PC) Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/10/2017 12:45:40 PM) (Source: DCOM) (EventID: 10010) (User: Salma-PC) Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/10/2017 12:45:10 PM) (Source: DCOM) (EventID: 10010) (User: Salma-PC) Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/10/2017 12:41:39 PM) (Source: DCOM) (EventID: 10010) (User: Salma-PC) Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/10/2017 12:37:15 PM) (Source: DCOM) (EventID: 10010) (User: Salma-PC) Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/10/2017 12:35:23 PM) (Source: DCOM) (EventID: 10010) (User: Salma-PC) Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/10/2017 12:34:37 PM) (Source: DCOM) (EventID: 10010) (User: Salma-PC) Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. Error: (06/10/2017 12:33:18 PM) (Source: DCOM) (EventID: 10010) (User: Salma-PC) Description: Le serveur {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} ne s’est pas enregistré sur DCOM avant la fin du temps imparti. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz Percentage of memory in use: 46% Total physical RAM: 3852.36 MB Available physical RAM: 2042.23 MB Total Virtual: 8204.36 MB Available Virtual: 6421.97 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:464.34 GB) (Free:407.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9FA2484) Partition 1: (Active) - (Size=1000 MB) - (Type=0B) Partition 2: (Not Active) - (Size=464.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt ============================