Programs won't start

J

Jobe

New Member
Since two days, some programs won't start. I click the icon, nothing happens although the processes 3 times appear in the task manager, indicating ~100k of memory use. It's worth mentioning I can't stop the processes from the task manager.
I searched about it and tried every related suggestions :
* Performing a clean boot
* Changing some parameters in the registry as indicated on the MS website
* Unplugging all USB devices (don't ask me why it'd help)
* Moving pagefile to a non-system drive

The most relevant information so far is that booting in safe mode gets rid of the problem. So I also tried deactivating everything audio related as well as the graphic card with no joy. I'm out of ideas. What else gets deactivated in safe mode that would cause the problem ?
Any help greatly appreciated !

Edit : forgot to mention I also checked for viruses and malwares, ran sfc /scannow & checkdisk.
 
Last edited:
I just realised the two programs that won't open have a yellow/blue shield on the icon that indicates they need to admin privileges to run. I tried to run them as admin with no luck. The icon doesn't show up in safe mode which confirms it's something to do with privileges or my user account. Any idea on what to do ?
 
It entails nothing, that was just a lead I had. A few malwares were found and quarantined or deleted without solving the issue.
I also trying deactivating all the MS services Windows would let me. The problem remains.
Regarding the shield on programs icons, I tried deactivating UAC. Also, other programs with a shield icon start normally so I'm not sure this is relevant.

Do you reckon updating the BIOS can help ?
 
Jobe said:
It entails nothing, that was just a lead I had. A few malwares were found and quarantined or deleted without solving the issue.
Click to expand...

I was more curious along the lines of what programs you used specifically and what was found, etc.
 
Malwarebytes found a couple PUP malware. AVAST as well plus a few trojans. Hijackthis revealed nothing particular.
 
Jobe said:
Any other program to recommend ?
Click to expand...

Yep.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

Then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
1.
***** [ Services ] *****

[-] Service Supprimé : Service KMSELDI

***** [ Dossiers ] *****

[-] Dossier Supprimé : C:\Program Files\kmspico
[-] Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kmspico

***** [ Fichiers ] *****

[-] Fichier Supprimé : C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil

***** [ DLLs ] *****


***** [ Raccourcis ] *****


***** [ Tâches planifiées ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

[-] [C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Supprimé : elicpjhcidhpjomhibiffojpinpmmpil

*************************

:: Clés "Tracing" supprimées
:: Paramètres Winsock réinitialisés

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1194 octets] ##########

2.
File System: 2

Successfully deleted: C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil (Folder)
Successfully deleted: C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage (File)



Registry: 0

3.
Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 0
(Aucun élément malveillant détecté)

Valeurs du Registre: 0
(Aucun élément malveillant détecté)

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 0
(Aucun élément malveillant détecté)

Fichiers: 0
(Aucun élément malveillant détecté)

Secteurs physiques: 0
(Aucun élément malveillant détecté)

4. Can't find the log - nor the program
 
Here is OTL log, yesterday the computer rebooted before I saw it.

OTL logfile created on: 14/12/2015 08:41:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JOB\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
15,94 Gb Total Physical Memory | 13,22 Gb Available Physical Memory | 82,94% Memory free
31,57 Gb Paging File | 28,79 Gb Available in Paging File | 91,20% Paging File free
Paging file location(s): i:\pagefile.sys 16000 24000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 66,17 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 244,14 Gb Total Space | 67,41 Gb Free Space | 27,61% Space Free | Partition Type: NTFS
Drive G: | 244,14 Gb Total Space | 180,64 Gb Free Space | 73,99% Space Free | Partition Type: NTFS
Drive H: | 244,14 Gb Total Space | 240,16 Gb Free Space | 98,37% Space Free | Partition Type: NTFS
Drive I: | 198,96 Gb Total Space | 89,50 Gb Free Space | 44,98% Space Free | Partition Type: NTFS
Drive K: | 325,52 Gb Total Space | 143,41 Gb Free Space | 44,05% Space Free | Partition Type: NTFS
Drive L: | 283,72 Gb Total Space | 138,78 Gb Free Space | 48,91% Space Free | Partition Type: NTFS
Drive M: | 322,26 Gb Total Space | 43,89 Gb Free Space | 13,62% Space Free | Partition Type: NTFS
Computer Name: JOB-PC | User Name: JOB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015/12/14 08:41:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JOB\Downloads\OTL.exe
PRC - [2015/12/09 10:01:56 | 003,442,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
PRC - [2015/11/24 19:29:54 | 000,417,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2015/11/12 19:39:10 | 002,757,424 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/11/12 19:39:00 | 001,872,688 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/11/07 23:54:32 | 000,392,872 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/11/06 17:27:14 | 006,133,520 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/10/19 10:09:00 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/24 07:29:24 | 001,360,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
PRC - [2014/04/24 07:29:24 | 000,382,776 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe
PRC - [2014/04/11 08:31:04 | 000,016,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2014/03/20 10:43:04 | 000,398,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2014/03/20 10:43:02 | 000,154,584 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2014/01/28 04:16:08 | 000,954,648 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
PRC - [2014/01/28 04:16:06 | 000,936,728 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
========== Modules (No Company Name) ==========
MOD - [2015/12/09 10:01:55 | 017,647,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll
MOD - [2015/11/12 19:39:10 | 000,012,080 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2015/10/19 10:09:01 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/10/19 10:09:00 | 000,123,976 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/10/19 10:09:00 | 000,123,976 | ---- | M] () -- C:\PROGRA~1\AVASTS~1\Avast\JsonRpcServer.dll
MOD - [2015/10/19 10:09:00 | 000,103,376 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/10/19 10:09:00 | 000,103,376 | ---- | M] () -- C:\PROGRA~1\AVASTS~1\Avast\log.dll
========== Services (SafeList) ==========
SRV:64bit: - [2015/11/12 19:38:57 | 001,156,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2015/11/12 19:38:52 | 008,133,424 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:64bit: - [2015/11/12 19:38:52 | 005,915,440 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2015/11/08 23:01:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/10/19 10:09:00 | 000,146,600 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/07/23 01:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2014/04/11 08:31:04 | 000,016,232 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2014/03/24 13:33:19 | 011,966,768 | ---- | M] (Native Instruments GmbH) [Disabled | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2014/03/11 15:31:58 | 000,260,360 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2014/01/31 14:42:00 | 000,887,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/10/06 17:26:58 | 000,240,576 | ---- | M] (DTS, Inc) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/12/09 10:01:56 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/11/24 19:29:54 | 000,417,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2015/11/12 19:39:00 | 001,872,688 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/11/07 23:54:32 | 000,147,624 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/02/13 19:10:02 | 000,243,880 | ---- | M] (Foxit Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2014/04/24 07:29:24 | 001,360,016 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2014/04/24 07:29:24 | 000,382,776 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/20 10:43:04 | 000,398,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2014/03/20 10:43:02 | 000,154,584 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2014/01/28 04:16:08 | 000,954,648 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe -- (asHmComSvc)
SRV - [2014/01/28 04:16:06 | 000,936,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe -- (asComSvc)
SRV - [2013/12/28 02:23:38 | 002,126,232 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe -- (RipCore)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/01/02 16:11:16 | 000,171,632 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/07/12 13:39:24 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe -- (D_Link_DWA-140_WPS)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2015/11/12 19:38:52 | 000,019,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2015/11/06 17:27:14 | 001,059,656 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/11/06 17:27:14 | 000,449,992 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2015/11/02 23:48:25 | 000,205,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2015/10/19 10:09:01 | 000,274,808 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/10/19 10:09:01 | 000,153,744 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/10/19 10:09:01 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/10/19 10:09:01 | 000,090,968 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/10/19 10:09:01 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/10/19 10:09:01 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/10/05 09:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/08/11 05:52:30 | 000,050,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/09/13 12:51:47 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/04/11 08:30:44 | 000,645,480 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2014/04/11 08:30:44 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2014/03/20 10:43:02 | 000,118,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/03/14 04:23:30 | 000,487,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d62x64.sys -- (e1dexpress)
DRV:64bit: - [2014/02/21 06:56:18 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2014/02/21 06:56:14 | 000,791,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2014/02/21 06:56:14 | 000,370,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2014/01/02 15:51:18 | 000,656,656 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2014/01/02 15:51:18 | 000,034,576 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2014/01/02 15:51:16 | 000,084,752 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2013/09/25 14:40:54 | 000,127,280 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2012/11/17 07:22:26 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/28 13:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/21 09:09:14 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 1B E9 AB 2D CF CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "FR"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "FR"
FF - prefs.js..browser.startup.homepage: "https://duckduckgo.com/"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.5.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.2.0.187
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/12/10 19:05:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/09/13 09:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOB\AppData\Roaming\mozilla\Extensions
[2015/09/20 17:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOB\AppData\Roaming\mozilla\Firefox\Profiles\ac016pot.default\extensions
[2015/08/06 18:46:49 | 000,074,654 | ---- | M] () (No name found) -- C:\Users\JOB\AppData\Roaming\mozilla\firefox\profiles\ac016pot.default\extensions\[email protected]
[2015/11/07 23:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/11/07 23:54:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/12/10 19:05:56 | 000,000,000 | ---D | M] (Avast Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.44_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.45_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\JOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2014/10/15 07:57:36 | 000,001,728 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4D9A147-3B70-4E8A-B018-E6E9D66B6B27}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{49b3c2cd-3b1f-11e4-983e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{49b3c2cd-3b1f-11e4-983e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{ef60ff50-3b1c-11e4-8571-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef60ff50-3b1c-11e4-8571-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/12/13 21:25:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/12/13 14:01:39 | 000,102,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2015/12/13 14:00:24 | 022,310,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015/12/13 14:00:24 | 018,363,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015/12/13 14:00:24 | 016,553,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015/12/13 14:00:24 | 013,527,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015/12/13 14:00:24 | 001,905,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6435906.dll
[2015/12/13 14:00:24 | 001,564,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6435906.dll
[2015/12/13 14:00:24 | 000,877,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015/12/13 14:00:24 | 000,861,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015/12/13 14:00:24 | 000,689,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015/12/13 14:00:24 | 000,673,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015/12/13 14:00:24 | 000,501,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2015/12/13 14:00:24 | 000,467,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015/12/13 14:00:24 | 000,422,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2015/12/13 14:00:24 | 000,413,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2015/12/13 14:00:24 | 000,388,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015/12/13 14:00:24 | 000,369,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2015/12/13 14:00:24 | 000,177,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015/12/13 14:00:24 | 000,155,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015/12/13 14:00:24 | 000,151,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015/12/13 14:00:24 | 000,128,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015/12/13 14:00:23 | 015,717,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2015/12/13 14:00:23 | 014,835,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015/12/13 14:00:23 | 012,034,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015/12/13 14:00:23 | 002,870,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015/12/13 14:00:23 | 002,490,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015/12/13 13:32:21 | 000,000,000 | ---D | C] -- C:\Users\JOB\Desktop\Music
[2015/12/13 09:06:39 | 000,000,000 | ---D | C] -- C:\Users\JOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2015/12/13 09:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthis
[2015/12/12 07:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2015/12/12 07:09:46 | 065,605,692 | ---- | C] (Camel Audio) -- C:\Users\JOB\Desktop\AlchemyWin-1-55-0.exe
[2015/12/12 06:16:40 | 000,000,000 | ---D | C] -- C:\Users\JOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio
[2015/12/09 09:40:05 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2015/12/09 09:40:04 | 003,170,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/12/09 09:40:04 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/12/09 09:40:04 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/12/09 09:40:04 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/12/09 09:40:04 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/12/09 09:40:04 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/12/09 09:40:04 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/12/09 09:40:04 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/12/09 09:40:04 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/12/09 09:40:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/12/09 09:40:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/12/09 09:40:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/12/09 09:40:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/12/09 09:40:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/12/09 09:40:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/12/09 09:40:03 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2015/12/09 09:40:03 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2015/12/09 09:40:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2015/12/09 09:40:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2015/12/09 09:40:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2015/12/09 09:40:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2015/12/09 09:40:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2015/12/09 09:40:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2015/12/09 09:40:01 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015/12/09 09:40:01 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2015/12/09 09:39:58 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2015/12/09 09:39:58 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2015/12/09 09:39:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2015/12/09 09:39:57 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/12/09 09:39:57 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/12/09 09:39:57 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/12/09 09:39:57 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/12/09 09:39:56 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/12/09 09:39:56 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/12/09 09:39:56 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/12/09 09:39:56 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/12/09 09:39:56 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/12/09 09:39:56 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/12/09 09:39:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/12/09 09:39:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/12/09 09:39:56 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/12/09 09:39:56 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/12/09 09:39:56 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/12/09 09:39:55 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/12/09 09:39:55 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/12/09 09:39:55 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/12/09 09:39:55 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/12/09 09:39:55 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/12/09 09:39:55 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/12/09 09:39:55 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/12/09 09:39:55 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/12/09 09:39:55 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/12/09 09:39:55 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/12/09 09:39:55 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/12/09 09:39:55 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/12/09 09:39:55 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/12/09 09:39:54 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/12/09 09:39:54 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/12/09 09:39:54 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/12/09 09:39:54 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/12/09 09:39:54 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/12/09 09:39:54 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/12/09 09:39:54 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/12/09 09:39:54 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/12/09 09:39:53 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/12/09 09:39:53 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/12/09 09:39:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/12/09 09:39:53 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/12/09 09:39:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/12/09 09:39:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/12/09 09:39:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/12/09 09:39:52 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/12/09 09:39:52 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/12/09 09:35:53 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2015/12/09 09:35:53 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2015/12/05 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Borderlands The Pre-Sequel DLCs
[2015/12/05 16:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2015/12/04 13:16:38 | 000,000,000 | ---D | C] -- C:\Users\JOB\Documents\Introspection
[2015/12/04 12:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015/12/04 12:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2015/11/26 15:41:18 | 015,122,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2015/11/26 15:41:18 | 001,905,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6435900.dll
[2015/11/26 15:41:18 | 001,564,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6435900.dll
[2015/11/25 19:39:21 | 000,000,000 | ---D | C] -- C:\Cymatics.Slugs.Vol.1.For.XFER.RECORDS.SERUM.SCD-DISCOVER
[2015/11/14 15:34:56 | 000,000,000 | ---D | C] -- C:\Users\JOB\AppData\Roaming\PACE Anti-Piracy
[2015/11/14 15:34:56 | 000,000,000 | ---D | C] -- C:\Users\JOB\AppData\Local\PACE Anti-Piracy
[2015/11/14 15:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2015/11/14 15:34:26 | 000,000,000 | ---D | C] -- C:\Users\JOB\Documents\Max
[2015/11/14 15:34:26 | 000,000,000 | ---D | C] -- C:\Users\JOB\AppData\Roaming\Cycling '74
[2015/11/14 15:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cycling '74
[2015/11/14 15:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cycling '74
========== Files - Modified Within 30 Days ==========
[2015/12/14 08:24:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/14 08:01:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/12/13 23:56:08 | 000,016,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/12/13 23:56:08 | 000,016,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/12/13 21:53:31 | 001,671,678 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/12/13 21:53:31 | 000,748,358 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2015/12/13 21:53:31 | 000,654,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/12/13 21:53:31 | 000,150,380 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2015/12/13 21:53:31 | 000,122,338 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/12/13 21:46:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/12/13 21:46:13 | 4250,005,502 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/13 21:33:33 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/13 21:26:32 | 000,013,322 | ---- | M] () -- C:\Users\JOB\Desktop\AdwCleaner - Raccourci.lnk
[2015/12/13 19:51:28 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2015/12/13 19:51:28 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2015/12/13 19:51:28 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/12/13 18:47:12 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Renoise (x64).lnk
[2015/12/13 09:45:43 | 652,503,799 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/12/13 09:06:39 | 000,002,987 | ---- | M] () -- C:\Users\JOB\Desktop\HiJackThis.lnk
[2015/12/13 08:43:17 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/12/12 22:14:55 | 000,008,831 | ---- | M] () -- C:\Users\JOB\Desktop\calculs marie.ods
[2015/12/10 03:20:40 | 005,036,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/12/09 10:35:17 | 000,002,096 | ---- | M] () -- C:\Users\JOB\Desktop\BorderlandsPreSequel - FR.lnk
[2015/12/09 10:01:56 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/12/09 10:01:56 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/12/05 19:24:47 | 000,001,456 | ---- | M] () -- C:\Users\JOB\AppData\Local\Adobe Save for Web 13.0 Prefs
[2015/12/02 08:19:51 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/11/28 21:56:47 | 000,009,278 | ---- | M] () -- C:\Users\JOB\Desktop\Films.rtf
[2015/11/25 00:10:29 | 042,913,912 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2015/11/25 00:10:29 | 037,882,488 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2015/11/25 00:10:29 | 022,310,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015/11/25 00:10:29 | 018,363,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015/11/25 00:10:29 | 017,516,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2015/11/25 00:10:29 | 016,553,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015/11/25 00:10:29 | 015,717,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2015/11/25 00:10:29 | 015,122,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2015/11/25 00:10:29 | 014,835,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015/11/25 00:10:29 | 013,527,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015/11/25 00:10:29 | 012,770,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2015/11/25 00:10:29 | 012,034,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015/11/25 00:10:29 | 003,579,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2015/11/25 00:10:29 | 003,159,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2015/11/25 00:10:29 | 002,870,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015/11/25 00:10:29 | 002,490,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015/11/25 00:10:29 | 001,905,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6435906.dll
[2015/11/25 00:10:29 | 001,564,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6435906.dll
[2015/11/25 00:10:29 | 000,877,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015/11/25 00:10:29 | 000,861,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015/11/25 00:10:29 | 000,689,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015/11/25 00:10:29 | 000,673,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015/11/25 00:10:29 | 000,501,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2015/11/25 00:10:29 | 000,467,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015/11/25 00:10:29 | 000,422,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2015/11/25 00:10:29 | 000,413,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2015/11/25 00:10:29 | 000,388,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015/11/25 00:10:29 | 000,369,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2015/11/25 00:10:29 | 000,177,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015/11/25 00:10:29 | 000,155,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015/11/25 00:10:29 | 000,151,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015/11/25 00:10:29 | 000,128,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015/11/25 00:10:29 | 000,112,760 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2015/11/25 00:10:29 | 000,105,080 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2015/11/25 00:10:29 | 000,033,607 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2015/11/24 19:40:40 | 006,358,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2015/11/24 19:40:40 | 002,983,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2015/11/24 19:40:37 | 002,554,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2015/11/24 19:40:37 | 000,385,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2015/11/24 19:40:37 | 000,062,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2015/11/24 19:29:55 | 000,102,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2015/11/23 11:38:08 | 006,049,858 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2015/11/20 19:54:59 | 003,170,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/11/20 19:54:59 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/11/20 19:54:59 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/11/20 19:54:59 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/11/20 19:54:59 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/11/20 19:54:58 | 000,709,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/11/20 19:54:28 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/11/20 19:54:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/11/20 19:54:15 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/11/20 19:54:15 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/11/20 19:34:36 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/11/20 19:34:36 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/11/20 19:34:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/11/20 19:34:35 | 000,573,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/11/20 19:33:56 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/11/16 04:35:52 | 001,905,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6435900.dll
[2015/11/16 04:35:52 | 001,564,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6435900.dll
========== Files Created - No Company Name ==========
[2015/12/13 21:26:32 | 000,013,322 | ---- | C] () -- C:\Users\JOB\Desktop\AdwCleaner - Raccourci.lnk
[2015/12/13 14:00:23 | 042,913,912 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2015/12/13 14:00:23 | 037,882,488 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2015/12/13 09:35:14 | 652,503,799 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015/12/13 09:06:39 | 000,002,987 | ---- | C] () -- C:\Users\JOB\Desktop\HiJackThis.lnk
[2015/12/12 22:14:54 | 000,008,831 | ---- | C] () -- C:\Users\JOB\Desktop\calculs marie.ods
[2015/12/12 07:49:54 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2015/12/09 10:35:17 | 000,002,096 | ---- | C] () -- C:\Users\JOB\Desktop\BorderlandsPreSequel - FR.lnk
[2015/11/26 10:00:08 | 000,112,712 | ---- | C] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[2015/10/18 16:20:01 | 000,720,373 | ---- | C] () -- C:\Windows\unins000.exe
[2015/10/18 16:20:01 | 000,018,126 | ---- | C] () -- C:\Windows\unins000.dat
[2015/08/16 09:15:42 | 000,001,184 | ---- | C] () -- C:\ProgramData\content.ie5
[2015/03/13 17:22:00 | 000,003,584 | ---- | C] () -- C:\Users\JOB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/10/15 08:01:35 | 000,001,456 | ---- | C] () -- C:\Users\JOB\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/09/13 15:43:11 | 005,158,608 | ---- | C] () -- C:\Windows\PE_File.dll
[2014/09/13 15:43:10 | 005,093,088 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2014/09/13 09:32:50 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2014/09/13 09:14:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/09/13 09:13:40 | 001,645,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/13 09:12:38 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2014/09/13 09:12:08 | 000,068,296 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2014/09/13 09:12:08 | 000,000,463 | ---- | C] () -- C:\Windows\scd.ini
[2014/09/13 09:12:08 | 000,000,000 | ---- | C] () -- C:\Windows\Ascd_err.ini
[2014/09/13 09:11:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/09/13 09:11:04 | 000,047,712 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2014/02/24 10:49:22 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 19:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 
And here's the content of the extras log that came with it

OTL Extras logfile created on: 14/12/2015 08:41:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JOB\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
15,94 Gb Total Physical Memory | 13,22 Gb Available Physical Memory | 82,94% Memory free
31,57 Gb Paging File | 28,79 Gb Available in Paging File | 91,20% Paging File free
Paging file location(s): i:\pagefile.sys 16000 24000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 66,17 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 244,14 Gb Total Space | 67,41 Gb Free Space | 27,61% Space Free | Partition Type: NTFS
Drive G: | 244,14 Gb Total Space | 180,64 Gb Free Space | 73,99% Space Free | Partition Type: NTFS
Drive H: | 244,14 Gb Total Space | 240,16 Gb Free Space | 98,37% Space Free | Partition Type: NTFS
Drive I: | 198,96 Gb Total Space | 89,50 Gb Free Space | 44,98% Space Free | Partition Type: NTFS
Drive K: | 325,52 Gb Total Space | 143,41 Gb Free Space | 44,05% Space Free | Partition Type: NTFS
Drive L: | 283,72 Gb Total Space | 138,78 Gb Free Space | 48,91% Space Free | Partition Type: NTFS
Drive M: | 322,26 Gb Total Space | 43,89 Gb Free Space | 13,62% Space Free | Partition Type: NTFS
Computer Name: JOB-PC | User Name: JOB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{193D3C1E-F5E8-4484-9E45-329AD53F7A4C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{279E8FE5-0168-49A9-A7BF-4D9B41F03A59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AE13F26-7A0F-447C-A4C4-C19717802222}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DB7FD06-4500-40E8-A957-64388856E4BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{32EAC370-6258-44D8-A541-15708D2E464D}" = lport=1688 | protocol=6 | dir=in | name=kms emulator port |
"{35835D5D-26DE-4771-919C-F136EA87051B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A789A8C-3AC2-4418-913C-5B4171B0355E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B42739D-DF16-48AD-82B6-5F823683B1D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D0B1A4C-6E32-44E4-A3D5-029690334AE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{4E4759DF-CCE3-4D23-9DFA-0689B18BB729}" = rport=137 | protocol=17 | dir=out | app=system |
"{4E6D4BC0-3312-4419-8B03-ABDE2916EF64}" = rport=139 | protocol=6 | dir=out | app=system |
"{560B6EDD-E2D4-4A17-B220-F1CBA89DAA69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F93B43E-D7A6-462B-8B9B-D01BBF9DA093}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{60492B9D-E1B8-4075-A0E8-109B320F0B1E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63AF13C6-EC54-4F7D-9E9D-A65C7F4F4CED}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{778F3158-59EA-45A7-A98E-172481B6F826}" = lport=10243 | protocol=6 | dir=in | app=system |
"{830B83AE-90A1-419A-9F22-4F210A3925DD}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{876ABFA0-2B64-4419-9E75-AF43167A5C5C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BB8A538-8703-49B0-AF4C-A4EF862968A4}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{A961EFB4-A6FC-4E26-951B-69CAAD67E145}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BAD20504-4A23-46F7-9593-689F3AD5FB34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD70496E-E7B0-4D05-BB6A-272B1BFAE5F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BD827838-95DE-4F17-BCCC-5FC0DB0A5274}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C3E7E423-DECB-49FE-975B-9EF28827CA45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C6E1DC70-B64A-4F96-B4ED-184528441DBA}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{CF52EC53-7409-479F-95DA-29B0BA502E41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D285B1CA-764A-4F36-BC71-55CADE7A1C9A}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{E17140CB-955B-457F-BC1A-0416C441B457}" = lport=139 | protocol=6 | dir=in | app=system |
"{F1810342-ED1D-4831-9658-048A8DE7FA64}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{F539261A-45FC-413A-8420-82D0ADF5A6E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{F8F3091F-E969-42F9-9847-C24778E32FEA}" = rport=138 | protocol=17 | dir=out | app=system |
"{FD860C01-1F97-4849-8C16-B82F31FB0514}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01860E68-DA04-48BB-A22F-8C5D4A640861}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0358C309-C972-444C-BD10-3307E5DACE23}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{09E56B22-3B09-4C0B-99FB-B0566CEB6EBA}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 18\programs\umi.exe |
"{21510A4F-A494-41CA-8E77-560297BD02FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D077A7A-E9EB-4913-8294-EF1FAD8BEA6F}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{363ABF3C-7347-42C0-B804-47A7475D0A16}" = protocol=58 | dir=out | [email protected],-28546 |
"{3D952711-55B9-4685-BD25-4B2383DE6189}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite iii\push notice\pushnotifyserver.exe |
"{45BAC3F7-6332-4E4B-BCA5-4AA8FFA8667A}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{461F601D-121D-4394-9CE9-2FBE54FA71D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{561384B6-350B-40F0-B184-D024A03A9DFF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E16545C-09DB-4736-9C4D-1318496323E5}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 18\programs\ngstudio.exe |
"{5E181398-6EF9-457D-B975-414FFCEB51DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F914795-05A7-4E0B-B653-60B0E3579C21}" = protocol=58 | dir=in | [email protected],-28545 |
"{6AAC2618-0EE4-4305-BE34-A172AB237AC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BA4730F-2CE2-4BAB-8571-BBF35788425E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D8B021E-A071-41D4-8230-BD6B16F24AA3}" = dir=in | app=c:\program files (x86)\fawkes engineering\accurip\ripcore.exe |
"{7B1B3269-4CFD-459B-A6A2-702E6FD42E88}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F9D08BD-8242-4158-B045-20CAC7386A60}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81833CFA-715B-4194-8DF1-1EF2BF98848C}" = protocol=6 | dir=in | app=c:\users\job\appdata\roaming\utorrent\utorrent.exe |
"{8277B852-CBE0-4D4B-BC26-0F0B3BBFDA78}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{884497EB-B6C8-41CF-BCBC-BED71AFC87BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{892F434C-8C9B-47BB-B0B5-602F3FB4D240}" = dir=in | app=c:\program files (x86)\fawkes engineering\accurip\accurip.exe |
"{8C836A1C-FA2F-46E1-84C7-676C9941A78A}" = protocol=6 | dir=out | app=system |
"{A0228B89-2064-4436-B221-0B5B967773AA}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 18\programs\umi.exe |
"{B181CD20-531C-4352-BF49-0143FB6612C4}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite iii\push notice\pushnotifyserver.exe |
"{B2B1AD58-49A0-4C06-9ADA-501292C725BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B5E5CC8D-B1F5-4B49-9B1C-30343BA35ADD}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{BAB30326-4D60-4B0B-8FF4-3450740FFC63}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 18\programs\ngstudio.exe |
"{C90B4CA6-078F-47F2-B465-E7F4DAAA5124}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 18\programs\rm.exe |
"{D0167170-E480-47CF-A58A-B438B78D4F43}" = protocol=1 | dir=out | [email protected],-28544 |
"{D0725F74-65D2-4274-B950-0C66A9425939}" = protocol=6 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"{D2C19015-5CAC-4AA9-BCF8-AA709CFBBEE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD302028-8848-469A-A304-4164597BBEC9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEF31189-90B0-480D-BEDE-237427E6474F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF793544-EE0F-4BDF-B195-7D969FADAA01}" = protocol=17 | dir=in | app=c:\users\job\appdata\roaming\utorrent\utorrent.exe |
"{F413CFE9-D37F-4A62-A7A2-27E3DE624501}" = protocol=1 | dir=in | [email protected],-28543 |
"{F5A09CEF-73C1-4EFE-A499-9754A53582E4}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 18\programs\rm.exe |
"{FA59962A-73A0-4B3C-B646-E1F5E3957AB4}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{FFE02982-2C7F-456E-B966-1C0622B11270}" = protocol=17 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"TCP Query User{114DA111-B0D7-41C2-BE9B-D3729D999551}C:\program files (x86)\borderlands the pre-sequel dlcs\binaries\win32\borderlandspresequel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\borderlands the pre-sequel dlcs\binaries\win32\borderlandspresequel.exe |
"TCP Query User{254B3869-E7F7-4B62-8F10-9C3263178479}C:\program files (x86)\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe |
"TCP Query User{3046DB59-4E2B-418A-9F58-94B92077C8F0}C:\program files (x86)\motu\audio\cuemix fx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motu\audio\cuemix fx.exe |
"TCP Query User{58780F14-7030-4DB9-B552-ECABE61A8A2B}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe |
"TCP Query User{5D28E49B-F029-417A-92EE-39E2B7949A33}C:\program files (x86)\soulseekqt\soulseekqt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekqt\soulseekqt.exe |
"TCP Query User{A6907D66-48AD-4B38-9F7E-FE5D1E4163FA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B13A656F-12C0-4911-8E0D-974440CAC67D}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe |
"UDP Query User{3B0F93F0-CF29-4368-8B14-4B716E2DD161}C:\program files (x86)\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe |
"UDP Query User{4832F221-A626-41C5-BD54-82208A029C2D}C:\program files (x86)\borderlands the pre-sequel dlcs\binaries\win32\borderlandspresequel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\borderlands the pre-sequel dlcs\binaries\win32\borderlandspresequel.exe |
"UDP Query User{5319B5B8-770E-46A5-A13C-D831CFD36643}C:\program files (x86)\motu\audio\cuemix fx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motu\audio\cuemix fx.exe |
"UDP Query User{5D301130-6314-4580-B856-5183996FB886}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe |
"UDP Query User{84F887D7-D39D-4F77-9A26-A03F264A0EA0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{B4A67DAC-3D4E-4AF1-96C5-92905EC9B469}C:\program files (x86)\soulseekqt\soulseekqt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekqt\soulseekqt.exe |
"UDP Query User{DCDB1AD5-31BE-46F9-B86B-0F74B487B301}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{043EEF79-513F-4666-B340-B8556AB0EADC}" = Native Instruments Studio Drummer
"{079419C3-9DFC-4571-BAFC-CD79854C684E}" = Native Instruments West Africa
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0B9D5D50-1530-496F-81FF-CB1B4A298FCA}" = Intel(R) Chipset Device Software
"{1244CC88-97DF-4694-A720-6F073845DEE2}" = Native Instruments Kontakt Factory Library
"{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs
"{188A5482-9167-4177-8916-C13A7F379CB0}" = Native Instruments Solid EQ FX
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2bfe5e99-6caa-4c5d-86d0-75d97c14d1dc}" = Native Instruments The Giant
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{3DE97849-544D-4D68-9255-11DF6F9F10D8}" = Intel® Trusted Connect Service Client
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{481F95A7-229D-4116-82EB-4760F320907A}" = Native Instruments Transient Master FX
"{4864A628-EB43-4DB5-8DA3-B12F2C549E9E}" = Max 6.1.3 (x64)
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4b98677f-ef75-4f71-8ef3-5603e3b0cbf7}" = Native Instruments Scarbee Vintage Keys
"{4D1548AC-86A9-49AE-AED2-62ECCC10FA4A}" = Native Instruments Battery 4 Factory Library
"{4FEF843C-5829-4F1B-AC4A-02B1C1D9CD1D}" = Native Instruments Reflektor for Maschine
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism
"{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{835e9421-5f20-4491-9a75-baa7af1ea14d}" = Native Instruments Vienna Concert Grand
"{84042B7C-F238-11DF-9960-356CDFD72085}" = Native Instruments Berlin Concert Grand
"{86F4B370-079C-4EF9-B727-452B85CFA415}" = Native Instruments Retro Machines Mk2
"{8812511F-8D8C-49D3-A711-C9650B2F5566}" = Native Instruments Guitar Rig Pro Library for Maschine
"{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1" = KMSpico
"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2
"{8D0A0EC6-9A3C-354F-9BFC-A61E96BE1846}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA
"{90140000-001A-0000-1000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{908177CD-FC53-4B56-8BF4-DE422F8D3C75}" = Native Instruments Traktors 12 for Maschine
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036" = Microsoft .NET Framework 4.5.1 (Français)
"{93E2F252-D0F1-461A-9823-A2535D779E6E}" = Native Instruments Rammfire for Maschine
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95140000-0081-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{979F642F-D2CF-44BE-8272-24733F85D6D9}" = Native Instruments Komplete 9
"{99C4D476-0AF0-4045-998F-E11CA4957BDB}" = Ableton Live 9 Suite
"{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand
"{9D3BAEFB-5DDD-43D4-8BB2-D9989521F003}" = Native Instruments Razor
"{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF382DDE-EBE2-4AD5-BA1E-4A69450D6C5B}" = Native Instruments Solid Dynamics FX
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 359.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 359.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 359.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.7.4.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Pilote du contrôleur 3D Vision 352.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 2.7.4.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Pilote audio HD : 1.3.34.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.7.4.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.31
"{B9C27F57-AB84-425F-9D00-E18C5D65C18D}" = Intel(R) Rapid Storage Technology
"{BED5CC32-11B2-4EF7-9C9C-8C0160D0C465}" = Native Instruments Battery 4
"{C22759DB-BA8B-30E7-99EE-8B47DB43AE56}" = Microsoft .NET Framework 4.5.1 (FRA)
"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12
"{CED9FF0B-8D06-484E-857F-3584CE167952}" = Native Instruments Session Strings
"{CF14C576-C523-4754-A46C-F6D16EDE8A0A}" = Native Instruments Solid Bus Comp FX
"{D48935E8-E293-4731-B1CB-079AC079587C}" = Native Instruments Supercharger
"{D4FC649C-0247-4873-930D-D9E6904DCAF5}" = Intel(R) Management Engine Components
"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire
"{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano
"{E1CBE9A2-1323-488E-9F3B-736DF6399F38}" = Intel(R) Management Engine Components
"{e72f86b6-d2cd-4ec8-a510-286eee52b446}" = Native Instruments Monark
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F6C14032-9CA3-410E-8563-9EA55BE93BC4}" = Native Instruments North India
"{FD42EE05-18F9-459F-935D-770E75B3BEE5}" = Intel(R) Network Connections 19.1.51.0
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"7-Zip" = 7-Zip 15.12 (x64)
"CCleaner" = CCleaner
"CF1FC201D237269A9CD51A3A6B14ADBF67175C32" = Package de pilotes Windows - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.70
"elysia niveau filter_is1" = elysia niveau filter 1.4
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.5.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA" = Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA
"Office14.OUTLOOK" = Microsoft Outlook 2010
"PROSetDX" = Intel(R) Network Connections 19.1.51.0
"Recuva" = Recuva
"Renoise (x64)_is1" = Renoise 3.1.0 (x64)
"SPL De-Verb_is1" = SPL De-Verb 1.7.2
"Voxengo Elephant_is1" = Voxengo Elephant
"Voxengo GlissEQ_is1" = Voxengo GlissEQ
"Voxengo SPAN Plus_is1" = Voxengo SPAN Plus
"Voxengo SPAN_is1" = Voxengo SPAN
"WinRAR archiver" = WinRAR 4.00 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B5B98BE-B1A3-4AB4-A05E-B190E1FBA625}" = INSPECTOR
"{121727D5-FDF3-4723-BA57-EB383440ED72}" = OpenOffice 4.1.1
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39B53CC2-EE72-44E6-800D-C61A6465BF1A}" = Pinnacle Studio 18 - Install Manager
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6853D390-3682-11E4-8510-0800200C9A66}_is1" = Cataract version 1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A048F6D6-BECE-D521-9BC9-B8806BFB118C}" = Beatport Downloader
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BC50290F-4643-11E3-9E4C-F04DA23A5C58}" = Sound Forge Audio Studio 10.0
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0A30870-4643-11E3-BA5B-F04DA23A5C58}" = MSVCRT Redists
"{C7FBAF9B-1E3C-4E1A-8C22-4A4FAEB641CC}_is1" = Pinnale Systems 32bit Software Keys
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4DE3DB4-7734-47E5-8D92-B80146311406}" = Samsung Data Migration
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link DWA-140
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}" = Logiciel pour périphérique à chipset Intel®
"{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1432213337_is1" = Tales from the Borderlands
"7-Zip" = 7-Zip 9.38 beta
"AccuRIP" = AccuRIP 01.03.012 - Fawkes Engineering
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Audacity_is1" = Audacity 2.1.0
"Avast" = Avast Free Antivirus
"Borderlands The Pre-Sequel_is1" = Borderlands The Pre-Sequel
"Camel Audio Alchemy" = Camel Audio Alchemy
"Camel Audio CamelCrusher64" = Camel Audio CamelCrusher64
"Camel Audio CamelPhat64" = Camel Audio CamelPhat64
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.beatport.BeatportDownloader" = Beatport Downloader
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"IL Minihost Modular" = IL Minihost Modular
"IL Shared Libraries" = IL Shared Libraries
"IL Vocodex" = IL Vocodex
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 42.0 (x86 fr)" = Mozilla Firefox 42.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Battery 4" = Native Instruments Battery 4
"Native Instruments Battery 4 Factory Library" = Native Instruments Battery 4 Factory Library
"Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Guitar Rig Pro Library for Maschine" = Native Instruments Guitar Rig Pro Library for Maschine
"Native Instruments Komplete 9" = Native Instruments Komplete 9
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Factory Library" = Native Instruments Kontakt Factory Library
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Monark" = Native Instruments Monark
"Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand
"Native Instruments North India" = Native Instruments North India
"Native Instruments Rammfire" = Native Instruments Rammfire
"Native Instruments Rammfire for Maschine" = Native Instruments Rammfire for Maschine
"Native Instruments Razor" = Native Instruments Razor
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism
"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2
"Native Instruments Reflektor" = Native Instruments Reflektor
"Native Instruments Reflektor for Maschine" = Native Instruments Reflektor for Maschine
"Native Instruments Retro Machines Mk2" = Native Instruments Retro Machines Mk2
"Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass
"Native Instruments Scarbee Vintage Keys" = Native Instruments Scarbee Vintage Keys
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session Strings" = Native Instruments Session Strings
"Native Instruments Solid Bus Comp FX" = Native Instruments Solid Bus Comp FX
"Native Instruments Solid Dynamics FX" = Native Instruments Solid Dynamics FX
"Native Instruments Solid EQ FX" = Native Instruments Solid EQ FX
"Native Instruments Studio Drummer" = Native Instruments Studio Drummer
"Native Instruments Supercharger" = Native Instruments Supercharger
"Native Instruments The Finger R2" = Native Instruments The Finger R2
"Native Instruments The Giant" = Native Instruments The Giant
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktors 12" = Native Instruments Traktors 12
"Native Instruments Traktors 12 for Maschine" = Native Instruments Traktors 12 for Maschine
"Native Instruments Transient Master FX" = Native Instruments Transient Master FX
"Native Instruments Upright Piano" = Native Instruments Upright Piano
"Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand
"Native Instruments Vintage Organs" = Native Instruments Vintage Organs
"Native Instruments West Africa" = Native Instruments West Africa
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Ohmboyz VST2" = OhmForce Ohmboyz VST2
"Ohmicide VST" = Ohm Force - Ohmicide VST
"PM VST 64-bit Installer3.2.0" = PM VST 64-bit Installer
"PSP N2O" = PSP N2O
"PSP PianoVerb 1.7.1 64bit" = PSP PianoVerb 1.7.1 64bit
"Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1" = Borderlands: The Pre-Sequel
"SoulseekQt" = SoulseekQt
"Tone2 BiFilter2_is1" = BiFilter v2.3
"VLC media player" = VLC media player
"Winamp" = Winamp
"Z3TA+ 2_x64_is1" = Z3TA+ 2 (x64)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07/11/2015 14:35:20 | Computer Name = JOB-PC | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Pinnacle\Studio 18\programs\PinnacleStudio.EXE ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Pinnacle\Studio 18\programs\Avid.vfcore\Avid.vfcore.MANIFEST »
à la ligne 4. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
La
définition est Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Utilisez
sxstrace.exe pour un diagnostic détaillé.
Error - 07/11/2015 14:36:50 | Computer Name = JOB-PC | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Pinnacle\Studio 18\programs\PinnacleStudio.EXE ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Pinnacle\Studio 18\programs\Avid.vfcore\Avid.vfcore.MANIFEST »
à la ligne 4. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
La
définition est Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Utilisez
sxstrace.exe pour un diagnostic détaillé.
Error - 07/11/2015 14:37:05 | Computer Name = JOB-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante BorderlandsPreSequel.exe, version
: 1.0.23714.23714, horodatage : 0x543879bb Nom du module défaillant : BorderlandsPreSequel.exe,
version : 1.0.23714.23714, horodatage : 0x543879bb Code d’exception : 0xc0000005
Décalage
d’erreur : 0x00afd1ed ID du processus défaillant : 0x1520 Heure de début de l’application
défaillante : 0x01d1198b4a98d075 Chemin d’accès de l’application défaillante : C:\Program
Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exe
Chemin
d’accès du module défaillant: C:\Program Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exe
ID
de rapport : 8a9eca74-857e-11e5-b7ff-10c37b6f5284
Error - 07/11/2015 14:37:56 | Computer Name = JOB-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante BorderlandsPreSequel.exe, version
: 1.0.23714.23714, horodatage : 0x543879bb Nom du module défaillant : XAudio2_7.dll_unloaded,
version : 0.0.0.0, horodatage : 0x4c0641e5 Code d’exception : 0xc0000005 Décalage
d’erreur : 0x69a7a5e0 ID du processus défaillant : 0x16d4 Heure de début de l’application
défaillante : 0x01d1198b52cb1da6 Chemin d’accès de l’application défaillante : C:\Program
Files (x86)\ Borderlands The Pre-Sequel\Binaries\Win32\BorderlandsPreSequel.exe
Chemin
d’accès du module défaillant: XAudio2_7.dll ID de rapport : a9192833-857e-11e5-b7ff-10c37b6f5284
Error - 07/11/2015 14:39:06 | Computer Name = JOB-PC | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Pinnacle\Studio 18\programs\PinnacleStudio.EXE ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Pinnacle\Studio 18\programs\Avid.vfcore\Avid.vfcore.MANIFEST »
à la ligne 4. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
La
définition est Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Utilisez
sxstrace.exe pour un diagnostic détaillé.
Error - 07/11/2015 18:27:50 | Computer Name = JOB-PC | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Pinnacle\Studio 18\programs\PinnacleStudio.EXE ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Pinnacle\Studio 18\programs\Avid.vfcore\Avid.vfcore.MANIFEST »
à la ligne 4. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
La
définition est Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Utilisez
sxstrace.exe pour un diagnostic détaillé.
Error - 07/11/2015 18:47:32 | Computer Name = JOB-PC | Source = Application Hang | ID = 1002
Description = Le programme E_IARNCAE.EXE version 5.0.0.0 a cessé d’interagir avec
Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
disponibles, consultez l’historique du problème dans le Centre de maintenance. ID
de processus : 5f0 Heure de début : 01d119ae3553b9da Heure de fin : 4 Chemin d’accès
de l’application : C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNCAE.EXE ID de rapport
:
Error - 08/11/2015 02:42:47 | Computer Name = JOB-PC | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Pinnacle\Studio 18\programs\PinnacleStudio.EXE ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Pinnacle\Studio 18\programs\Avid.vfcore\Avid.vfcore.MANIFEST »
à la ligne 4. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
La
définition est Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Utilisez
sxstrace.exe pour un diagnostic détaillé.
Error - 08/11/2015 02:45:00 | Computer Name = JOB-PC | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Pinnacle\Studio 18\programs\PinnacleStudio.EXE ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Pinnacle\Studio 18\programs\Avid.vfcore\Avid.vfcore.MANIFEST »
à la ligne 4. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
La
définition est Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Utilisez
sxstrace.exe pour un diagnostic détaillé.
Error - 10/11/2015 15:08:54 | Computer Name = JOB-PC | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Pinnacle\Studio 18\programs\PinnacleStudio.EXE ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Pinnacle\Studio 18\programs\Avid.vfcore\Avid.vfcore.MANIFEST »
à la ligne 4. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est Avid.vfcore,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
La
définition est Avid.vfcore,processorArchitecture="x86",type="win32",version="1.0.0.0".
Utilisez
sxstrace.exe pour un diagnostic détaillé.
[ System Events ]
Error - 17/05/2015 05:47:33 | Computer Name = JOB-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 17/05/2015 05:47:34 | Computer Name = JOB-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 17/05/2015 05:47:36 | Computer Name = JOB-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 17/05/2015 05:56:31 | Computer Name = JOB-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 17/05/2015 06:00:09 | Computer Name = JOB-PC | Source = nvlddmkm | ID = 11141134
Description =
Error - 17/05/2015 06:00:10 | Computer Name = JOB-PC | Source = nvlddmkm | ID = 11141134
Description =
< End of report >
 
Please run the following and post the log.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:
  • The ComboFix log
 
@ Okedokey : I read some people still had this issue after reinstalling Windows that's why I'd prefer to fix it in the 1st place.
@ johnb35 : what kind of error/problem are you trying to spot ?

ComboFix 15-12-16.01 - JOB 17/12/2015 7:29:24.1.8 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.16327.13034 [GMT 1:00]
Lancé depuis: C:\Users\JOB\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


H:\install.exe


((((((((((((((((((((((((((((( Fichiers créés du 2015-11-17 au 2015-12-17 ))))))))))))))))))))))))))))))))))))


2015-12-17 06:33:00 . 2015-12-17 06:33:00 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-12-16 22:10:02 . 2015-12-16 22:10:02 -------- d-----w- C:\Users\JOB\AppData\Roaming\chc
2015-12-15 07:46:50 . 2015-10-29 09:28:50 11138400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{36FBF397-671C-4C4E-BCDB-6E3FC6BAA460}\mpengine.dll
2015-12-14 09:55:46 . 2015-12-14 09:55:46 119808 ----a-r- C:\Users\JOB\AppData\Roaming\Microsoft\Installer\{5F8683B5-5056-411C-B808-B289E29E9BBB}\icons.exe
2015-12-14 09:55:46 . 2015-12-14 09:55:46 -------- d-----w- C:\Users\JOB\AppData\Local\Apps
2015-12-13 20:25:34 . 2015-12-13 20:29:29 -------- d-----w- C:\AdwCleaner
2015-12-13 13:01:39 . 2015-11-24 18:29:55 102704 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-12-13 08:06:39 . 2015-12-13 08:06:39 388096 ----a-r- C:\Users\JOB\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2015-12-12 06:49:53 . 2015-12-12 06:49:57 -------- d-----w- C:\Program Files\Recuva
2015-12-09 08:39:58 . 2015-11-05 19:05:04 17408 ----a-w- C:\Windows\system32\wshrm.dll
2015-12-09 08:35:53 . 2015-11-03 19:04:37 241664 ----a-w- C:\Windows\system32\els.dll
2015-12-09 08:35:53 . 2015-11-03 18:55:58 179712 ----a-w- C:\Windows\SysWow64\els.dll
2015-12-05 16:40:20 . 2015-12-05 16:40:20 -------- d-----w- C:\Program Files (x86)\Borderlands The Pre-Sequel DLCs
2015-12-05 15:12:16 . 2015-12-05 15:12:17 -------- d-----w- C:\Program Files\7-Zip
2015-12-04 11:35:12 . 2015-12-04 11:35:12 -------- d-----w- C:\Program Files\Common Files\AV
2015-12-04 11:35:12 . 2015-12-04 11:35:12 -------- d-----w- C:\Program Files (x86)\Common Files\AV
2015-11-26 14:41:18 . 2015-11-24 23:10:29 15122296 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2015-11-26 14:41:18 . 2015-11-16 03:35:52 1905272 ----a-w- C:\Windows\system32\nvdispco6435900.dll
2015-11-26 14:41:18 . 2015-11-16 03:35:52 1564792 ----a-w- C:\Windows\system32\nvdispgenco6435900.dll
2015-11-26 09:00:08 . 2015-11-12 18:37:11 112712 ----a-w- C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-25 18:39:21 . 2015-10-01 18:32:23 -------- d-----w- C:\Cymatics.Slugs.Vol.1
.


(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2015-12-13 20:33:33 . 2014-09-13 15:43:53 192216 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-12-10 02:00:59 . 2014-09-13 15:24:07 140158008 ----a-w- C:\Windows\system32\MRT.exe
2015-12-09 09:01:56 . 2014-09-13 09:01:52 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-12-09 09:01:56 . 2014-09-13 09:01:52 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-02 12:18:58 . 2014-09-13 08:49:38 301728 ------w- C:\Windows\system32\MpSigStub.exe
2015-11-24 23:10:29 . 2014-09-13 08:51:38 17516040 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2015-11-24 23:10:29 . 2014-09-13 08:29:10 112760 ----a-w- C:\Windows\system32\OpenCL.dll
2015-11-24 23:10:29 . 2014-09-13 08:29:10 105080 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2015-11-24 23:10:29 . 2014-09-13 08:28:53 3159248 ----a-w- C:\Windows\SysWow64\nvapi.dll
2015-11-24 23:10:29 . 2014-09-13 08:28:50 12770752 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2015-11-24 23:10:29 . 2014-09-13 08:28:38 3579696 ----a-w- C:\Windows\system32\nvapi64.dll
2015-11-24 18:40:40 . 2014-09-13 08:29:15 6358648 ----a-w- C:\Windows\system32\nvcpl.dll
2015-11-24 18:40:40 . 2014-09-13 08:29:15 2983032 ----a-w- C:\Windows\system32\nvsvc64.dll
2015-11-24 18:40:37 . 2014-09-13 08:29:15 938616 ----a-w- C:\Windows\system32\nvvsvc.exe
2015-11-24 18:40:37 . 2014-09-13 08:29:15 62584 ----a-w- C:\Windows\system32\nvshext.dll
2015-11-24 18:40:37 . 2014-09-13 08:29:15 385144 ----a-w- C:\Windows\system32\nvmctray.dll
2015-11-24 18:40:37 . 2014-09-13 08:29:15 2554488 ----a-w- C:\Windows\system32\nvsvcr.dll
2015-11-23 10:38:08 . 2014-09-13 08:29:15 6049858 ----a-w- C:\Windows\system32\nvcoproc.bin
2015-11-12 18:37:22 . 2014-09-13 08:47:02 1316000 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-11-12 18:37:22 . 2014-09-13 08:44:49 1509824 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-11-12 18:37:11 . 2014-09-13 08:47:02 1756424 ----a-w- C:\Windows\system32\nvspbridge64.dll
2015-11-12 18:37:11 . 2014-09-13 08:44:49 1828160 ----a-w- C:\Windows\system32\nvspcap64.dll
2015-11-06 16:27:14 . 2014-09-13 09:17:11 1059656 ----a-w- C:\Windows\system32\drivers\aswsnx.sys
2015-11-06 16:27:14 . 2014-09-13 09:17:10 449992 ----a-w- C:\Windows\system32\drivers\aswsp.sys
2015-11-05 17:13:38 . 2015-11-13 06:59:32 1905272 ----a-w- C:\Windows\system32\nvdispco6435891.dll
2015-11-05 17:13:38 . 2015-11-13 06:59:32 1564792 ----a-w- C:\Windows\system32\nvdispgenco6435891.dll
2015-11-02 22:48:25 . 2015-11-07 05:11:39 39240 ----a-w- C:\Windows\system32\nvhdap64.dll
2015-11-02 22:48:25 . 2015-11-07 05:11:39 205456 ----a-w- C:\Windows\system32\drivers\nvhda64v.sys
2015-11-02 22:48:25 . 2015-02-03 13:36:47 1572496 ----a-w- C:\Windows\system32\nvhdagenco6420103.dll
2015-11-02 17:10:55 . 2015-11-07 05:11:39 1905456 ----a-w- C:\Windows\system32\nvdispco6435887.dll
2015-11-02 17:10:55 . 2015-11-07 05:11:39 1564976 ----a-w- C:\Windows\system32\nvdispgenco6435887.dll
2015-10-29 17:50:44 . 2015-11-10 21:00:40 6656 ----a-w- C:\Windows\system32\shimeng.dll
2015-10-29 17:50:30 . 2015-11-10 21:00:40 342016 ----a-w- C:\Windows\system32\apphelp.dll
2015-10-29 17:50:29 . 2015-11-10 21:00:40 72192 ----a-w- C:\Windows\system32\aelupsvc.dll
2015-10-29 17:50:29 . 2015-11-10 21:00:40 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50:29 . 2015-11-10 21:00:40 309248 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50:29 . 2015-11-10 21:00:40 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50:29 . 2015-11-10 21:00:40 103424 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50:21 . 2015-11-10 21:00:40 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-10-29 17:50:14 . 2015-11-10 21:00:40 23552 ----a-w- C:\Windows\system32\sdbinst.exe
2015-10-29 17:49:58 . 2015-11-10 21:00:40 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-10-29 17:49:57 . 2015-11-10 21:00:40 562176 ----a-w- C:\Windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 . 2015-11-10 21:00:40 470528 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 . 2015-11-10 21:00:40 2178560 ----a-w- C:\Windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 . 2015-11-10 21:00:40 211968 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2015-10-29 17:49:35 . 2015-11-10 21:00:40 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-10-29 17:39:57 . 2015-11-10 21:00:40 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2015-10-20 01:12:12 . 2015-11-10 21:24:35 5570496 ----a-w- C:\Windows\system32\ntoskrnl.exe
2015-10-20 01:12:10 . 2015-11-10 21:24:35 154560 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2015-10-20 01:12:10 . 2015-11-10 21:24:34 95680 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2015-10-20 01:09:05 . 2015-11-10 21:24:35 1730496 ----a-w- C:\Windows\system32\ntdll.dll
2015-10-20 01:06:18 . 2015-11-10 21:24:34 362496 ----a-w- C:\Windows\system32\wow64win.dll
2015-10-20 01:06:18 . 2015-11-10 21:24:34 243712 ----a-w- C:\Windows\system32\wow64.dll
2015-10-20 01:06:18 . 2015-11-10 21:24:34 215040 ----a-w- C:\Windows\system32\winsrv.dll
2015-10-20 01:06:18 . 2015-11-10 21:24:34 13312 ----a-w- C:\Windows\system32\wow64cpu.dll
2015-10-20 01:05:54 . 2015-11-10 21:24:34 210944 ----a-w- C:\Windows\system32\wdigest.dll
2015-10-20 01:05:51 . 2015-11-10 21:24:34 86528 ----a-w- C:\Windows\system32\TSpkg.dll
2015-10-20 01:05:49 . 2015-11-10 21:24:34 503808 ----a-w- C:\Windows\system32\srcore.dll
2015-10-20 01:05:49 . 2015-11-10 21:24:34 50176 ----a-w- C:\Windows\system32\srclient.dll
2015-10-20 01:05:49 . 2015-11-10 21:24:34 29184 ----a-w- C:\Windows\system32\sspisrv.dll
2015-10-20 01:05:49 . 2015-11-10 21:24:34 136192 ----a-w- C:\Windows\system32\sspicli.dll
2015-10-20 01:05:48 . 2015-11-10 21:24:34 28160 ----a-w- C:\Windows\system32\secur32.dll
2015-10-20 01:05:47 . 2015-11-10 21:24:35 344064 ----a-w- C:\Windows\system32\schannel.dll
2015-10-20 01:05:47 . 2015-11-10 21:24:34 1216512 ----a-w- C:\Windows\system32\rpcrt4.dll
2015-10-20 01:05:44 . 2015-11-10 21:24:35 312320 ----a-w- C:\Windows\system32\ncrypt.dll
2015-10-20 01:05:44 . 2015-11-10 21:24:34 16384 ----a-w- C:\Windows\system32\ntvdm64.dll
2015-10-20 01:05:43 . 2015-11-10 21:24:34 315392 ----a-w- C:\Windows\system32\msv1_0.dll
2015-10-20 01:05:40 . 2015-11-10 21:24:35 729600 ----a-w- C:\Windows\system32\kerberos.dll
2015-10-20 01:05:40 . 2015-11-10 21:24:35 1461760 ----a-w- C:\Windows\system32\lsasrv.dll
2015-10-20 01:05:40 . 2015-11-10 21:24:35 1164800 ----a-w- C:\Windows\system32\kernel32.dll
2015-10-20 01:05:40 . 2015-11-10 21:24:34 424960 ----a-w- C:\Windows\system32\KernelBase.dll
2015-10-20 01:05:34 . 2015-11-10 21:24:34 44032 ----a-w- C:\Windows\system32\cryptbase.dll
2015-10-20 01:05:34 . 2015-11-10 21:24:34 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2015-10-20 01:05:34 . 2015-11-10 21:24:34 22016 ----a-w- C:\Windows\system32\credssp.dll
2015-10-20 01:05:13 . 2015-11-10 21:24:34 112640 ----a-w- C:\Windows\system32\smss.exe
2015-10-20 01:05:07 . 2015-11-10 21:24:34 296960 ----a-w- C:\Windows\system32\rstrui.exe
2015-10-20 01:04:53 . 2015-11-10 21:24:34 31232 ----a-w- C:\Windows\system32\lsass.exe
2015-10-20 01:04:40 . 2015-11-10 21:24:34 338432 ----a-w- C:\Windows\system32\conhost.exe
2015-10-20 01:04:35 . 2015-11-10 21:24:34 64000 ----a-w- C:\Windows\system32\auditpol.exe
2015-10-20 01:00:20 . 2015-11-10 21:24:34 60416 ----a-w- C:\Windows\system32\msobjs.dll
2015-10-20 00:59:20 . 2015-11-10 21:24:34 146432 ----a-w- C:\Windows\system32\msaudite.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 6656 ----a-w- C:\Windows\system32\apisetschema.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 5120 ---ha-w- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 4608 ---ha-w- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 4096 ---ha-w- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3584 ---ha-w- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-20 00:53:47 . 2015-11-10 21:24:34 3072 ---ha-w- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll


((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 09:19:52 3696912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" [2015-11-06 16:27:14 6133520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [x]
R2 aswStm;aswStm;C:\Windows\system32\drivers\aswStm.sys;C:\Windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys;C:\Windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;C:\Windows\system32\drivers\MFWAMIDI64.sys;C:\Windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]
R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;C:\Windows\system32\drivers\MFWAWAVE64.sys;C:\Windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]
R3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus64.sys;C:\Windows\SYSNATIVE\drivers\MotuBus64.sys [x]
R3 MotuFWA64;MotuFWA64;C:\Windows\system32\drivers\Motufwa64.sys;C:\Windows\SYSNATIVE\drivers\Motufwa64.sys [x]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys;D:\CDriver64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 D_Link_DWA-140_WPS;D_Link_DWA-140_WPS Service;C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe;C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [x]
R4 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
R4 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R4 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
R4 RipCore;RipCore;C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe;C:\Program Files (x86)\Fawkes Engineering\AccuRIP\RipCore.exe [x]
R4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;C:\Windows\system32\DRIVERS\iaStorA.sys;C:\Windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;C:\Windows\system32\DRIVERS\iaStorF.sys;C:\Windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys;C:\Windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys;C:\Windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys;C:\Windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe;C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe;C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [x]
S2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe;C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe [x]
S2 aswHwid;avast! HardwareID;C:\Windows\system32\drivers\aswHwid.sys;C:\Windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe;C:\Windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\system32\DRIVERS\e1d62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\system32\DRIVERS\ffusb2audio.sys;C:\Windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - NAL
*Deregistered* - NAL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-17 05:35:44 1000264 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe

Contenu du dossier 'Tâches planifiées'

2015-12-17 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13 09:01:52 . 2015-12-09 09:01:56]

2015-12-17 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 09:07:37 . 2015-08-30 09:07:27]

2015-12-02 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 09:07:37 . 2015-08-30 09:07:27]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-19 09:09:01 780616 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

------- Examen supplémentaire -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E4D9A147-3B70-4E8A-B018-E6E9D66B6B27}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\JOB\AppData\Roaming\Mozilla\Firefox\Profiles\ac016pot.default\
FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/

- - - - ORPHELINS SUPPRIMES - - - -

Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - C:\Windows\System32\SPReview\SPReview.exe
 
Last edited:
OK so it appeared it's just Avast Anti-virus that started blocking some apps without warning...
Not sure why it's behaving like this.

Thanks for help anyway.
 
Last edited:
You must log in or register to reply here.
Back
Top