1. #1

    Black screen after session opening

    Hi guys, I hope I'm posting in the right place, if not, please move the post.

    I've got a problem when I switch on the computer, after opening the session, I've got error messages (QAEvent errors and explorer.exe error) then a black screen. I can access the desktop if I use the task manager.
    I've restored the safe mode and in that mode everything is back to normal.

    I've ran KIS, Ccleaner, malwarebytes : 4 viruses, 16 malwares. But the problem is still here.

    I've tried sfc /scannow ; chkdsk /r & f ; dism.exe /online /cleanup-image /checkhealth & /restorehealth. But the message then is could not update the file (no internet connexion even with the RJ45 plugged).

    I've done what you request :

    checkup.txt
    Results of screen317's Security Check version 1.005
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Reader XI
    Google Chrome 41.0.2272.101 Google Chrome out of date!
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
    Ran by Christelle-PC (administrator) on CHRISTELLE on 22-07-2015 18:17:49
    Running from C:\Users\TEMP.Christelle.001\Desktop
    Loaded Profiles: UpdatusUser & Christelle-PC (Available Profiles: UpdatusUser & Christelle-PC)
    Platform: Windows 8.1 (X64) OS Language: Français (France)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAToasts.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe




    ==================== Registry (Whitelisted) ==================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
    HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-10-17] (Acer Incorporated)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
    HKU\S-1-5-21-480723060-2539262787-1398444115-1002\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Video Player\SwitchUserVideoKey.reg"
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    HKU\S-1-5-21-480723060-2539262787-1398444115-1002\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    HKU\S-1-5-21-480723060-2539262787-1398444115-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    URLSearchHook: [S-1-5-21-480723060-2539262787-1398444115-1001] ATTENTION ==> Default URLSearchHook is missing
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3CCE706D-56BF-4A3A-9816-C1DF962E2A1C}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{7C4E68AE-33AC-4716-9FAF-BA9F1AAD04E8}: [DhcpNameServer] 192.168.1.1


    FireFox:
    ========
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-24] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-24] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)


    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION


    ==================== Services (Whitelisted) =================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
    S4 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
    S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3096832 2014-10-17] (Acer Incorporated)
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
    S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
    R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
    R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
    S4 841535a4; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterFunc\LighterFunc.dll",serv


    ==================== Drivers (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
    S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
    R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
    S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-07-15] (HandSet Incorporated)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
    S1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
    R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
    R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
    S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
    S3 zghsdiag; C:\Windows\system32\DRIVERS\zghsdiag.sys [129432 2011-07-15] (ZTE Incorporated)
    S3 zghsmdm; C:\Windows\system32\DRIVERS\zghsmdm.sys [129432 2011-07-15] (ZTE Incorporated)
    S3 zghsnmea; C:\Windows\system32\DRIVERS\zghsnmea.sys [129432 2011-07-15] (ZTE Incorporated)


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2015-07-22 18:17 - 2015-07-22 18:17 - 00012623 _____ C:\Users\TEMP.Christelle.001\Desktop\FRST.txt
    2015-07-22 18:14 - 2015-07-22 18:17 - 00000000 ____D C:\FRST
    2015-07-22 18:13 - 2015-07-20 18:57 - 02135552 _____ (Farbar) C:\Users\TEMP.Christelle.001\Desktop\FRST64.exe
    2015-07-22 18:13 - 2015-07-08 00:34 - 00852676 _____ C:\Users\TEMP.Christelle.001\Desktop\SecurityCheck.exe
    2015-07-22 17:42 - 2015-07-22 17:42 - 00000000 ____D C:\Users\TEMP.Christelle.001\PicStream
    2015-07-22 17:42 - 2015-07-22 17:42 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Local\clear.fi
    2015-07-22 17:40 - 2015-07-22 17:42 - 00000000 ____D C:\Users\TEMP.Christelle.001
    2015-07-22 17:40 - 2015-07-22 17:40 - 00001462 _____ C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000020 ___SH C:\Users\TEMP.Christelle.001\ntuser.ini
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Voisinage réseau
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Voisinage d'impression
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Modèles
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Menu Démarrer
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Documents\Mes vidéos
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Documents\Mes images
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Documents\Ma musique
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\AppData\Local\Historique
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Roaming\Adobe
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Local\VirtualStore
    2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Local\Google
    2015-07-22 17:40 - 2015-05-06 22:41 - 00000000 ___RD C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-07-22 17:40 - 2015-05-06 22:41 - 00000000 ___RD C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-07-22 17:40 - 2015-05-06 22:41 - 00000000 ___RD C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-07-22 17:40 - 2014-03-18 12:13 - 00000369 _____ C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2015-07-22 17:40 - 2014-03-18 12:13 - 00000369 _____ C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2015-07-22 17:40 - 2013-08-22 17:36 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-07-13 19:28 - 2015-07-13 19:28 - 00003432 ____N C:\bootsqm.dat
    2015-07-13 14:13 - 2015-07-22 18:10 - 00011046 _____ C:\Windows\WindowsUpdate.log
    2015-07-11 23:21 - 2015-07-11 23:21 - 00000000 ____D C:\$WINDOWS.~BT
    2015-07-11 14:07 - 2015-07-13 10:35 - 00000000 ____D C:\Users\TEMP.Christelle.000\AppData\Local\clear.fi
    2015-07-11 14:04 - 2015-07-13 10:36 - 00000000 ____D C:\Users\TEMP.Christelle.000
    2015-07-11 13:14 - 2015-07-11 13:50 - 00000000 ____D C:\Users\TEMP.Christelle\AppData\Local\clear.fi
    2015-07-11 13:12 - 2015-07-11 13:50 - 00000000 ____D C:\Users\TEMP.Christelle
    2015-07-11 12:51 - 2015-07-11 13:10 - 00021504 _____ C:\Windows\system32\umstartup.etl
    2015-07-11 12:13 - 2015-07-11 12:52 - 00000000 ____D C:\Users\TEMP\AppData\Local\clear.fi
    2015-07-11 12:11 - 2015-07-11 12:52 - 00000000 ____D C:\Users\TEMP
    2015-07-11 11:45 - 2015-07-13 11:08 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-11 11:45 - 2015-07-11 11:45 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-07-11 11:45 - 2015-07-11 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-07-11 11:45 - 2015-07-11 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-07-11 11:45 - 2015-07-11 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-07-11 11:45 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-07-11 11:45 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-07-11 11:45 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-07-10 21:05 - 2015-07-11 03:16 - 00000000 ____D C:\SFCFix
    2015-07-10 09:29 - 2015-07-11 23:39 - 00000000 _____ C:\Recovery.txt
    2015-07-10 09:28 - 2015-07-10 09:28 - 00262144 _____ C:\Windows\system32\config\userdiff
    2015-07-09 19:15 - 2015-07-09 19:11 - 01202036 _____ C:\Windows\system32\dism.log
    2015-07-07 18:48 - 2015-07-07 18:48 - 00000000 __SHD C:\found.000


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2015-07-22 18:03 - 2015-03-24 19:57 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-22 17:40 - 2015-03-24 19:56 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-07-22 17:40 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-13 14:13 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
    2015-07-11 12:09 - 2015-03-20 21:50 - 00000000 ____D C:\Program Files (x86)\LighterFunc
    2015-07-11 12:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Globalization
    2015-07-11 01:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
    2015-07-10 00:24 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2015-07-08 00:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
    2015-07-08 00:16 - 2014-05-31 11:06 - 00812350 _____ C:\Windows\system32\perfh00C.dat
    2015-07-08 00:16 - 2014-05-31 11:06 - 00159412 _____ C:\Windows\system32\perfc00C.dat
    2015-07-08 00:16 - 2014-03-18 12:03 - 01824010 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-08 00:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
    2015-07-07 23:53 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
    2015-07-07 22:12 - 2015-03-24 19:56 - 00000000 ____D C:\Program Files (x86)\Google
    2015-07-07 17:54 - 2014-08-30 20:57 - 00000000 ____D C:\Users\Christelle-PC
    2015-07-07 16:35 - 2015-05-06 18:26 - 00000000 ____D C:\Program Files (x86)\Popular Bookmarks
    2015-07-07 16:35 - 2015-03-20 21:49 - 00000000 ____D C:\Program Files (x86)\Yumprint
    2015-07-07 16:35 - 2014-08-30 15:35 - 00002368 _____ C:\Users\Christelle-PC\Desktop\Internet Explorer.lnk
    2015-07-06 21:10 - 2014-05-31 02:01 - 00000000 ____D C:\ProgramData\Temp


    ==================== Files in the root of some directories =======


    2014-05-31 01:38 - 2014-05-31 01:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl


    Some files in TEMP:
    ====================
    C:\Users\Christelle-PC\AppData\Local\Temp\oct5434.tmp.exe


    ==================== Bamital & volsnap Check =================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-27 08:20


    ==================== End of log ============================

    Addition.txt
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
    Ran by Christelle-PC at 2015-07-22 18:18:13
    Running from C:\Users\TEMP.Christelle.001\Desktop
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrateur (S-1-5-21-480723060-2539262787-1398444115-500 - Administrator - Disabled)
    Christelle-PC (S-1-5-21-480723060-2539262787-1398444115-1002 - Administrator - Enabled) => C:\Users\TEMP.Christelle.001
    Invité (S-1-5-21-480723060-2539262787-1398444115-501 - Limited - Disabled)
    UpdatusUser (S-1-5-21-480723060-2539262787-1398444115-1001 - Limited - Enabled) => C:\Users\UpdatusUser


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)




    ==================== Installed Programs ======================


    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.04.3004 - Acer Incorporated)
    abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2011.0 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2011.1 - Acer Incorporated)
    Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2001 - Acer)
    Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
    Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
    Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
    Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
    Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
    Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
    Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.02.2004.7 - Acer Incorporated)
    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
    DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
    DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.0 - DivXNetworks, Inc.)
    Enjoy 5 (HKLM-x32\...\{0FC81DD3-6F81-4904-9AE0-0F96160CF87D}}_is1) (Version: - Editions Didier)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
    Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
    Join Me (HKLM-x32\...\{91719435-F4B9-4D21-814D-7C66959DB632}) (Version: 1.0.0 - ZTE)
    K-Lite Codec Pack (64-bit) v4.7.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.7.0 - )
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Matroska Pack (HKLM-x32\...\Matroska Pack) (Version: - )
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mises à jour NVIDIA 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
    Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
    NVIDIA Logiciel système PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
    NVIDIA Pilote graphique 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
    Panneau de configuration NVIDIA 332.35 (Version: 332.35 - NVIDIA Corporation) Hidden
    Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
    Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
    StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Watchtower Library 2013 - Français (HKLM-x32\...\{6153D264-43A5-4CAF-B54F-BC00A5FB721E}) (Version: 15.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
    WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
    ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== Restore Points =========================


    Could not list restore points
    Check "winmgmt" service or repair WMI.




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {019AB2ED-70F0-4EC0-9A9A-556D42E1A420} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
    Task: {0DE6AAD1-4841-4E5F-BE09-85C69D8185DF} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
    Task: {47855FCE-742B-4F0B-A554-AA803A5645F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
    Task: {5026DB25-087B-44BE-99EB-5F7839AEA968} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
    Task: {748E85BE-16B5-4F06-8BB5-64893B554D77} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
    Task: {7C922BD8-0936-443D-AA26-A4A817219497} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
    Task: {932F51B1-BA88-4412-86B4-E11076775AC6} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
    Task: {970C5A17-F25F-495A-9DE1-5DC0A0CE72DC} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
    Task: {A44465F9-2542-4A9E-90C0-120775E6FD22} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-01-16] (Acer Incorporated)
    Task: {A77FF52B-FAD5-4A51-816E-C9498682C914} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-06] (Microsoft Corporation)
    Task: {B261AE57-0EE9-46CB-8403-E02DD3C89742} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
    Task: {B76239DB-AA08-40A2-A80A-F155E7B71572} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
    Task: {B89835E3-8EE9-48B1-9313-00D1B518202D} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
    Task: {C676CFAC-C4D1-4FBF-89E5-350E8D6D25D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
    Task: {EF515163-33DF-4426-8AE3-C51A89708E9A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {F5785EC5-6830-4C64-A726-54457B59682A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Loaded Modules (Whitelisted) ==============


    2014-05-31 01:45 - 2014-01-08 02:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-03-17 14:43 - 2015-03-17 14:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
    2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
    2015-03-17 15:15 - 2015-03-17 15:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
    2014-05-31 02:05 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2014-08-30 15:31 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
    2014-05-31 01:41 - 2013-12-10 01:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-02-15 02:40 - 2015-02-15 02:40 - 00381440 _____ () C:\Windows\mod_frst.exe


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)




    ==================== Safe Mode (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""


    ==================== EXE Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-480723060-2539262787-1398444115-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    mpsdrv Firewall Service is not running.
    MpsSvc Firewall Service is not running.
    bfe Firewall Service is not running.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    (Currently there is no automatic fix for this section.)


    MSCONFIG\Services: 841535a4 => 2
    MSCONFIG\Services: AeLookupSvc => 3
    MSCONFIG\Services: ALG => 3
    MSCONFIG\Services: AppIDSvc => 3
    MSCONFIG\Services: AppReadiness => 3
    MSCONFIG\Services: AudioEndpointBuilder => 2
    MSCONFIG\Services: Audiosrv => 2
    MSCONFIG\Services: AxInstSV => 3
    MSCONFIG\Services: BDESVC => 3
    MSCONFIG\Services: BFE => 2
    MSCONFIG\Services: BITS => 2
    MSCONFIG\Services: Browser => 3
    MSCONFIG\Services: BthHFSrv => 3
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: c2cautoupdatesvc => 2
    MSCONFIG\Services: c2cpnrsvc => 2
    MSCONFIG\Services: CertPropSvc => 3
    MSCONFIG\Services: COMSysApp => 3
    MSCONFIG\Services: CryptSvc => 2
    MSCONFIG\Services: defragsvc => 3
    MSCONFIG\Services: DeviceAssociationService => 2
    MSCONFIG\Services: DeviceInstall => 3
    MSCONFIG\Services: Dhcp => 2
    MSCONFIG\Services: Dnscache => 2
    MSCONFIG\Services: dot3svc => 3
    MSCONFIG\Services: DPS => 2
    MSCONFIG\Services: DsmSvc => 3
    MSCONFIG\Services: Eaphost => 3
    MSCONFIG\Services: EFS => 3
    MSCONFIG\Services: EventLog => 2
    MSCONFIG\Services: EventSystem => 2
    MSCONFIG\Services: Fax => 3
    MSCONFIG\Services: fdPHost => 3
    MSCONFIG\Services: FDResPub => 3
    MSCONFIG\Services: fhsvc => 3
    MSCONFIG\Services: FontCache => 2
    MSCONFIG\Services: FontCache3.0.0.0 => 3
    MSCONFIG\Services: hidserv => 3
    MSCONFIG\Services: hkmsvc => 3
    MSCONFIG\Services: HomeGroupListener => 3
    MSCONFIG\Services: HomeGroupProvider => 3
    MSCONFIG\Services: IEEtwCollectorService => 3
    MSCONFIG\Services: IKEEXT => 2
    MSCONFIG\Services: iphlpsvc => 2
    MSCONFIG\Services: KeyIso => 3
    MSCONFIG\Services: KtmRm => 3
    MSCONFIG\Services: LanmanServer => 2
    MSCONFIG\Services: LanmanWorkstation => 2
    MSCONFIG\Services: lfsvc => 3
    MSCONFIG\Services: lltdsvc => 3
    MSCONFIG\Services: lmhosts => 2
    MSCONFIG\Services: MMCSS => 2
    MSCONFIG\Services: MpsSvc => 2
    MSCONFIG\Services: MSDTC => 3
    MSCONFIG\Services: MSiSCSI => 3
    MSCONFIG\Services: napagent => 3
    MSCONFIG\Services: NcaSvc => 3
    MSCONFIG\Services: NcbService => 3
    MSCONFIG\Services: NcdAutoSetup => 3
    MSCONFIG\Services: Netlogon => 3
    MSCONFIG\Services: Netman => 3
    MSCONFIG\Services: netprofm => 3
    MSCONFIG\Services: NlaSvc => 2
    MSCONFIG\Services: nsi => 2
    MSCONFIG\Services: odserv => 3
    MSCONFIG\Services: ose => 3
    MSCONFIG\Services: p2pimsvc => 3
    MSCONFIG\Services: p2psvc => 3
    MSCONFIG\Services: PcaSvc => 2
    MSCONFIG\Services: PerfHost => 3
    MSCONFIG\Services: pla => 3
    MSCONFIG\Services: PlugPlay => 3
    MSCONFIG\Services: PNRPAutoReg => 3
    MSCONFIG\Services: PNRPsvc => 3
    MSCONFIG\Services: PolicyAgent => 3
    MSCONFIG\Services: Power => 2
    MSCONFIG\Services: PrintNotify => 3
    MSCONFIG\Services: QWAVE => 3
    MSCONFIG\Services: RasAuto => 3
    MSCONFIG\Services: RasMan => 3
    MSCONFIG\Services: RpcLocator => 3
    MSCONFIG\Services: SamSs => 2
    MSCONFIG\Services: ScDeviceEnum => 3
    MSCONFIG\Services: SCPolicySvc => 3
    MSCONFIG\Services: seclogon => 3
    MSCONFIG\Services: SENS => 2
    MSCONFIG\Services: SensrSvc => 3
    MSCONFIG\Services: SessionEnv => 3
    MSCONFIG\Services: SharedAccess => 3
    MSCONFIG\Services: ShellHWDetection => 2
    MSCONFIG\Services: smphost => 3
    MSCONFIG\Services: SNMPTRAP => 3
    MSCONFIG\Services: Spooler => 2
    MSCONFIG\Services: SSDPSRV => 3
    MSCONFIG\Services: SstpSvc => 3
    MSCONFIG\Services: stisvc => 2
    MSCONFIG\Services: StorSvc => 3
    MSCONFIG\Services: svsvc => 3
    MSCONFIG\Services: swprv => 3
    MSCONFIG\Services: SysMain => 2
    MSCONFIG\Services: TabletInputService => 3
    MSCONFIG\Services: TapiSrv => 3
    MSCONFIG\Services: TermService => 3
    MSCONFIG\Services: Themes => 2
    MSCONFIG\Services: THREADORDER => 3
    MSCONFIG\Services: TrkWks => 2
    MSCONFIG\Services: TrustedInstaller => 2
    MSCONFIG\Services: UI0Detect => 3
    MSCONFIG\Services: UmRdpService => 3
    MSCONFIG\Services: upnphost => 3
    MSCONFIG\Services: VaultSvc => 3
    MSCONFIG\Services: vds => 3
    MSCONFIG\Services: vmicguestinterface => 3
    MSCONFIG\Services: vmicheartbeat => 3
    MSCONFIG\Services: vmickvpexchange => 3
    MSCONFIG\Services: vmicrdv => 3
    MSCONFIG\Services: vmicshutdown => 3
    MSCONFIG\Services: vmictimesync => 3
    MSCONFIG\Services: vmicvss => 3
    MSCONFIG\Services: VSS => 3
    MSCONFIG\Services: W32Time => 3
    MSCONFIG\Services: wbengine => 3
    MSCONFIG\Services: WbioSrvc => 3
    MSCONFIG\Services: Wcmsvc => 2
    MSCONFIG\Services: wcncsvc => 3
    MSCONFIG\Services: WcsPlugInService => 3
    MSCONFIG\Services: WdiServiceHost => 3
    MSCONFIG\Services: WdiSystemHost => 3
    MSCONFIG\Services: WebClient => 3
    MSCONFIG\Services: Wecsvc => 3
    MSCONFIG\Services: WEPHOSTSVC => 3
    MSCONFIG\Services: wercplsupport => 3
    MSCONFIG\Services: WerSvc => 3
    MSCONFIG\Services: WiaRpc => 3
    MSCONFIG\Services: WinHttpAutoProxySvc => 3
    MSCONFIG\Services: Winmgmt => 2
    MSCONFIG\Services: WinRM => 3
    MSCONFIG\Services: WlanSvc => 2
    MSCONFIG\Services: wlidsvc => 3
    MSCONFIG\Services: wmiApSrv => 3
    MSCONFIG\Services: WMPNetworkSvc => 2
    MSCONFIG\Services: workfolderssvc => 3
    MSCONFIG\Services: WPCSvc => 3
    MSCONFIG\Services: WPDBusEnum => 3
    MSCONFIG\Services: wscsvc => 2
    MSCONFIG\Services: WSearch => 2
    MSCONFIG\Services: wuauserv => 3
    MSCONFIG\Services: wudfsvc => 3
    MSCONFIG\Services: WwanSvc => 3


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{D30DCC3F-FBFB-497F-8204-EB8525B9733B}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
    FirewallRules: [{D43B8C4F-2A3A-4C6C-8A70-642F2F33E99C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
    FirewallRules: [{361A7F45-18CD-4921-A761-3258E81E6DE6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{6A3CD21B-FCA5-422D-B1FD-56D57FAE6B67}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{49C18C92-5294-4E48-99AA-03B148F9EBC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{601618CA-DA7A-4A5E-904C-E393A8CA4B61}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{9B5C7EE7-9829-4143-B43F-E1BB76C1874B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{1875BA21-57E1-4E82-9F15-6D75E517CBFE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{6FDB8AEE-482D-4D01-8ECB-4E7945DD2583}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{0722631C-A55C-4F41-BC5B-F1E5303D4259}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{46B3B8A5-8898-4472-AF29-1E0F0BFF8ECF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{813337E2-0A8A-49CB-A6FD-DF5705658687}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{9727F097-9822-44F4-B336-8186BAA61A46}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
    FirewallRules: [{E20A52A9-A4E9-48B5-A102-E6193B747123}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
    FirewallRules: [{F8EDF0F5-5C9B-4E04-8418-1C1A222B44D7}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
    FirewallRules: [{90322DE2-99D0-4BFA-9DAC-99F8428F1579}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
    FirewallRules: [{A6332FD1-8B5B-44F5-B10F-BC581ACAF28E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
    FirewallRules: [{C882A2B4-7F46-44E3-80D1-9B77071A2738}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
    FirewallRules: [{AD75C450-64A4-49DC-A5DB-8517028FA8C1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
    FirewallRules: [{8F5CC1FC-85B4-485E-8621-C1B180268FF8}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
    FirewallRules: [TCP Query User{F37B86D8-3275-4AD3-8057-4C6877E8B2A7}C:\program files (x86)\acer\abphoto\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\abphoto\dmcdaemon.exe
    FirewallRules: [UDP Query User{5DFEB325-9270-4570-A300-E6F32DDFE957}C:\program files (x86)\acer\abphoto\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\abphoto\dmcdaemon.exe
    FirewallRules: [TCP Query User{408F00FF-2A14-4251-BFBB-F2AEF6303229}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{DC67D6FD-68BE-44C8-AA91-3669F8C91722}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{DE645793-0451-4E3E-ABD6-2F76502CBD7F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{1DBE67C7-ABAC-4E29-AFE5-DB3A3F9C0731}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{A7CAD2E3-7C1D-47F1-8CAD-FF560A42DBEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{104670E3-B1DD-4F2D-A8EF-7C06524A4E8B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{93528979-DF20-4A1F-BD65-1868DA1E9FAD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{48C56267-B715-48EF-BBDF-25C1E8EC3F64}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{BA649ED5-E61F-4693-B631-3C00BD2A7B3E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{66818D12-C1C6-4E03-A94E-C35074BBE32A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [TCP Query User{C6DB6747-A70F-4FCA-AF87-778D2F619E18}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{DE498981-AFD5-4655-B5A8-52182481E382}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{A762478A-7357-4E6F-B9DB-3EFF978C8796}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Faulty Device Manager Devices =============


    Could not list Devices. Check "winmgmt" service or repair WMI.




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (07/22/2015 05:40:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Christelle)
    Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez.


    Error: (07/22/2015 05:40:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Christelle)
    Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion.


    Error: (07/22/2015 05:40:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Christelle)
    Description: Windows ne peut pas charger le profil stocké localement. Les causes possibles de cette erreur incluent des droits de sécurité insuffisants ou un profil local endommagé.


    DÉTAIL - Le Registre de configuration est endommagé.


    Error: (07/22/2015 05:40:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORITE NT)
    Description: Windows ne peut pas charger le Registre. Ce problème est souvent causé par une mémoire insuffisante ou des droits d’accès insuffisants.


    DÉTAIL - Le Registre de configuration est endommagé.
    pour C:\Users\Christelle-PC\ntuser.dat


    Error: (07/08/2015 12:14:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
    Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x0000000000022eee
    ID du processus défaillant : 0x12b0
    Heure de début de l’application défaillante : 0xexplorer.exe0
    Chemin d’accès de l’application défaillante : explorer.exe1
    Chemin d’accès du module défaillant: explorer.exe2
    ID de rapport : explorer.exe3
    Nom complet du package défaillant : explorer.exe4
    ID de l’application relative au package défaillant : explorer.exe5


    Error: (07/08/2015 12:14:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante Explorer.EXE, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
    Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x00000000000231ae
    ID du processus défaillant : 0x754
    Heure de début de l’application défaillante : 0xExplorer.EXE0
    Chemin d’accès de l’application défaillante : Explorer.EXE1
    Chemin d’accès du module défaillant: Explorer.EXE2
    ID de rapport : Explorer.EXE3
    Nom complet du package défaillant : Explorer.EXE4
    ID de l’application relative au package défaillant : Explorer.EXE5


    Error: (07/08/2015 12:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Christelle)
    Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez.


    Error: (07/08/2015 12:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Christelle)
    Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion.


    Error: (07/08/2015 12:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Christelle)
    Description: Windows ne peut pas charger le profil stocké localement. Les causes possibles de cette erreur incluent des droits de sécurité insuffisants ou un profil local endommagé.


    DÉTAIL - Le Registre de configuration est endommagé.


    Error: (07/08/2015 12:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORITE NT)
    Description: Windows ne peut pas charger le Registre. Ce problème est souvent causé par une mémoire insuffisante ou des droits d’accès insuffisants.


    DÉTAIL - Le Registre de configuration est endommagé.
    pour C:\Users\Christelle-PC\ntuser.dat




    System errors:
    =============
    Error: (07/22/2015 06:12:13 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
    Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}


    Error: (07/22/2015 06:12:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
    %%1058


    Error: (07/22/2015 06:11:59 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
    Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}


    Error: (07/22/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
    %%1058


    Error: (07/22/2015 06:11:59 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
    Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}


    Error: (07/22/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
    %%1058


    Error: (07/22/2015 06:11:54 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
    Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}


    Error: (07/22/2015 06:11:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
    %%1058


    Error: (07/22/2015 06:11:53 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
    Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}


    Error: (07/22/2015 06:11:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
    %%1058




    Microsoft Office:
    =========================


    CodeIntegrity Errors:
    ===================================
    Date: 2015-07-07 22:39:06.188
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2015-07-07 22:39:05.737
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2015-05-05 22:26:49.762
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2015-05-05 22:26:49.487
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2015-03-12 08:42:29.709
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2015-03-12 08:42:29.466
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2015-03-05 09:59:17.179
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2015-03-05 09:59:16.994
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2015-02-21 09:52:39.075
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2015-02-21 09:52:38.855
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
    Percentage of memory in use: 21%
    Total physical RAM: 3987.27 MB
    Available physical RAM: 3123.6 MB
    Total Virtual: 4947.27 MB
    Available Virtual: 4066.1 MB


    ==================== Drives ================================


    Drive c: (Acer) (Fixed) (Total:914.2 GB) (Free:824.09 GB) NTFS
    Drive e: () (Removable) (Total:0.12 GB) (Free:0.07 GB) FAT


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: E3C767D2)


    Partition: GPT Partition Type.


    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 123 MB) (Disk ID: 42E84C37)
    Partition 1: (Active) - (Size=123 MB) - (Type=06)


    ==================== End of log ============================


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,041

    Re: Black screen after session opening

    Hi, Vivyka. Welcome to Sysnative Forums.

    1. The log shows that your are booting to normal. mode. That being the case, the very first thing you need to do is to change the msconfig settings. Please do the following:
    • Click Start > type msconfig > Enter (alternatively, Open System Configuration by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search), entering msconfig in the search box, and then tapping or clicking msconfig.)
    • On the General tab, ensure Normal startup is checked.
    • On the Services tab, select Enable all
    • Click Apply > Click OK


    2. CHR dev: Chrome dev build detected! <======= ATTENTION: Chrome is wide open to infection. I strongly advise you uninstall this version of Chrome.

    3. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\URLSearchHook: [S-1-5-21-480723060-2539262787-1398444115-1001] ATTENTION ==> Default URLSearchHook is missing
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Policies\Google: Policy restriction <======= ATTENTION
    2014-05-31 01:38 - 2014-05-31 01:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    4. Please download Adware Cleaner by Xplode. Please save it to your desktop!
    • Close all open programs and internet browsers.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Logfile button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Black screen after session opening

    Hello Corrine, thanks for answering me. I did the 1st step, the computer reboots opening StartisBack configuration box.

    I also removed Chrome. Please find below the results of steps 3 & 4 :

    Fixlog.txt
    Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
    Ran by Christelle-PC at 2015-07-22 23:58:27 Run:2
    Running from C:\Users\TEMP.Christelle.001\Desktop
    Loaded Profiles: UpdatusUser & Christelle-PC (Available Profiles: UpdatusUser & Christelle-PC)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\URLSearchHook: [S-1-5-21-480723060-2539262787-1398444115-1001] ATTENTION ==> Default URLSearchHook is missing
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Policies\Google: Policy restriction <======= ATTENTION
    2014-05-31 01:38 - 2014-05-31 01:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    EmptyTemp:
    end


    *****************


    Restore point was successfully created.
    Processes closed successfully.
    Could not restore Default URLSearchHook.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "C:\ProgramData\DP45977C.lfl" => File/Folder not found.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => key not found.
    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => key not found.
    EmptyTemp: => 6.9 MB temporary data Removed.




    The system needed a reboot..


    ==== End of Fixlog 23:58:48 ====

    AdwCleaner[R0].txt
    # AdwCleaner v4.208 - Rapport crÈÈ le 22/07/2015 ‡ 23:34:53
    # Mis ‡ jour le 09/07/2015 par Xplode
    # Base de donnÈes : 2015-07-09.2 [Locale]
    # SystËme d'exploitation : Windows 8.1 (x64)
    # Nom d'utilisateur : Christelle-PC - CHRISTELLE
    # ExÈcutÈ depuis : C:\Users\TEMP.Christelle.001\Desktop\adwcleaner_4.208.exe
    # Option : Scanner


    ***** [ Services ] *****


    Service TrouvÈ : 841535a4


    ***** [ Fichiers / Dossiers ] *****


    Dossier TrouvÈ : C:\Program Files (x86)\BBestSaveFOrYou
    Dossier TrouvÈ : C:\ProgramData\{3c813800-7834-c234-3c81-13800783e001}
    Dossier TrouvÈ : C:\ProgramData\7813591689496387423


    ***** [ T‚ches planifiÈes ] *****




    ***** [ Raccourcis ] *****




    ***** [ Registre ] *****


    ClÈ TrouvÈe : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    ClÈ TrouvÈe : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    ClÈ TrouvÈe : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    ClÈ TrouvÈe : HKLM\SOFTWARE\104729bd-c9b2-b3b2-f759-e6fbb7e72a99
    ClÈ TrouvÈe : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
    ClÈ TrouvÈe : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
    ClÈ TrouvÈe : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    ClÈ TrouvÈe : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    ClÈ TrouvÈe : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    ClÈ TrouvÈe : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}


    ***** [ Navigateurs ] *****


    -\\ Internet Explorer v11.0.9600.17416




    *************************


    AdwCleaner[R0].txt - [1705 octets] - [22/07/2015 23:34:53]


    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1765 octets] ##########

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,041

    Re: Black screen after session opening

    Hi, Vyvika. Thanks for letting me know that start is back! Now let's do some additional cleanup.

    1. Double-click AdwCleaner.exe to run the tool again.
    • Click the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • After the scan has finished,
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    2. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Is your computer back to normal now?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Black screen after session opening

    Hello Corinne,

    I still have the black screen but after changing the startup setting, the session took longer to open and after I had a popup "StartIsBack". I then pressed OK and back to the black screen.

    AdwCleaner[S0].txt

    # AdwCleaner v4.208 - Rapport créé le 22/07/2015 à 23:35:41
    # Mis à jour le 09/07/2015 par Xplode
    # Base de données : 2015-07-09.2 [Locale]
    # Système d'exploitation : Windows 8.1 (x64)
    # Nom d'utilisateur : Christelle-PC - CHRISTELLE
    # Exécuté depuis : C:\Users\TEMP.Christelle.001\Desktop\adwcleaner_4.208.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    [#] Service Supprimé : 841535a4

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:\ProgramData\7813591689496387423
    Dossier Supprimé : C:\ProgramData\{3c813800-7834-c234-3c81-13800783e001}
    Dossier Supprimé : C:\Program Files (x86)\BBestSaveFOrYou

    ***** [ Tâches planifiées ] *****


    ***** [ Raccourcis ] *****


    ***** [ Registre ] *****

    Clé Supprimée : HKLM\SOFTWARE\104729bd-c9b2-b3b2-f759-e6fbb7e72a99
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
    Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    Clé Supprimée : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Clé Supprimée : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Clé Supprimée : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

    ***** [ Navigateurs ] *****

    -\\ Internet Explorer v11.0.9600.17416


    *************************

    AdwCleaner[R0].txt - [1853 octets] - [22/07/2015 23:34:53]
    AdwCleaner[S0].txt - [1685 octets] - [22/07/2015 23:35:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1745 octets] ##########

    JRT.txt
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.5.1 (07.16.2015:1)
    OS: Windows 8.1 x64
    Ran by Christelle-PC on 23/07/2015 at 14:16:16,98
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 23/07/2015 at 14:22:00,81
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    I still can't connect to the internet, so the FRST tool can't be updated even if needed.

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,041

    Re: Black screen after session opening

    Please download MiniToolBox, save it to your desktop and run it.

    Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
    • List Minidump Files

    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: Black screen after session opening

    Here is the log :

    MiniToolBox by Farbar Version: 01-07-2015
    Ran by Christelle-PC (administrator) on 23-07-2015 at 15:22:27
    Running from "C:\Users\TEMP.Christelle.001\Desktop"
    Microsoft Windows 8.1 (X64)
    Model: Aspire E5-571G Manufacturer: Acer
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Configuration IP de Windows

    Cache de r�solution DNS vid�.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.
    ========================= Hosts content: =================================



    ========================= IP Configuration: ================================

    Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
    Qualcomm Atheros AR956x Wireless Network Adapter = Wi-Fi (Media disconnected)
    Intel(R) Technology Access TAP Driver (NDIS 6.30) = Ethernet 2 (Media disconnected)


    # ----------------------------------
    # Configuration du protocole IPv4
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled
    set interface interface="Connexion au r�seau local* 6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Connexion au r�seau local* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Connexion au r�seau local* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


    popd
    # Fin de la configuration du protocole IPv4



    Configuration IP de Windows

    Nom de l'h�te . . . . . . . . . . : Christelle
    Suffixe DNS principal . . . . . . :
    Type de noeud. . . . . . . . . . : Hybride
    Routage IP activ� . . . . . . . . : Non
    Proxy WINS activ� . . . . . . . . : Non

    Carte r�seau sans fil Connexion au r�seau local* 2�:

    Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
    Suffixe DNS propre � la connexion. . . :
    Description. . . . . . . . . . . . . . : Carte virtuelle directe Wi-Fi Microsoft
    Adresse physique . . . . . . . . . . . : 12-48-9A-88-91-1F
    DHCP activ�. . . . . . . . . . . . . . : Oui
    Configuration automatique activ�e. . . : Oui

    Carte Ethernet Ethernet 2 :

    Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
    Suffixe DNS propre � la connexion. . . :
    Description. . . . . . . . . . . . . . : Intel(R) Technology Access TAP Driver (NDIS 6.30)
    Adresse physique . . . . . . . . . . . : 02-50-F2-D0-BD-7A
    DHCP activ�. . . . . . . . . . . . . . : Oui
    Configuration automatique activ�e. . . : Oui

    Carte r�seau sans fil Connexion au r�seau local* 3�:

    Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
    Suffixe DNS propre � la connexion. . . :
    Description. . . . . . . . . . . . . . : Carte virtuelle de r�seau h�berg� Microsoft
    Adresse physique . . . . . . . . . . . : 52-48-9A-88-91-1F
    DHCP activ�. . . . . . . . . . . . . . : Oui
    Configuration automatique activ�e. . . : Oui

    Carte r�seau sans fil Wi-Fi�:

    Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
    Suffixe DNS propre � la connexion. . . : home
    Description. . . . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter
    Adresse physique . . . . . . . . . . . : 90-48-9A-88-91-1F
    DHCP activ�. . . . . . . . . . . . . . : Oui
    Configuration automatique activ�e. . . : Oui

    Carte Ethernet Ethernet :

    Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
    Suffixe DNS propre � la connexion. . . : home
    Description. . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Adresse physique . . . . . . . . . . . : F8-A9-63-76-50-97
    DHCP activ�. . . . . . . . . . . . . . : Oui
    Configuration automatique activ�e. . . : Oui
    Serveur : UnKnown
    Address: 127.0.0.1

    La requ�te Ping n'a pas pu trouver l'h�te google.com. V�rifiez le nom et essayez � nouveau.
    Serveur : UnKnown
    Address: 127.0.0.1

    La requ�te Ping n'a pas pu trouver l'h�te yahoo.com. V�rifiez le nom et essayez � nouveau.

    Envoi d'une requ�te 'Ping' 127.0.0.1 avec 32 octets de donn�es�:
    R�ponse de 127.0.0.1�: octets=32 temps<1ms TTL=128
    R�ponse de 127.0.0.1�: octets=32 temps<1ms TTL=128

    Statistiques Ping pour 127.0.0.1:
    Paquets�: envoy�s = 2, re�us = 2, perdus = 0 (perte 0%),
    Dur�e approximative des boucles en millisecondes :
    Minimum = 0ms, Maximum = 0ms, Moyenne = 0ms
    ===========================================================================
    Liste d'Interfaces
    17...12 48 9a 88 91 1f ......Carte virtuelle directe Wi-Fi Microsoft
    8...02 50 f2 d0 bd 7a ......Intel(R) Technology Access TAP Driver (NDIS 6.30)
    5...52 48 9a 88 91 1f ......Carte virtuelle de r�seau h�berg� Microsoft
    4...90 48 9a 88 91 1f ......Qualcomm Atheros AR956x Wireless Network Adapter
    3...f8 a9 63 76 50 97 ......Realtek PCIe GBE Family Controller
    1...........................Software Loopback Interface 1
    ===========================================================================

    IPv4 Table de routage
    ===========================================================================
    Itin�raires actifs�:
    Destination r�seau Masque r�seau Adr. passerelle Adr. interface M�trique
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    ===========================================================================
    Itin�raires persistants�:
    Aucun

    IPv6 Table de routage
    ===========================================================================
    Itin�raires actifs�:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    1 306 ff00::/8 On-link
    ===========================================================================
    Itin�raires persistants�:
    Aucun
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
    Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
    x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
    x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (07/23/2015 02:47:30 PM) (Source: Application Error) (User: )
    Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
    Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x0000000000022eee
    ID du processus défaillant : 0x588
    Heure de début de l’application défaillante : 0xexplorer.exe0
    Chemin d’accès de l’application défaillante : explorer.exe1
    Chemin d’accès du module défaillant: explorer.exe2
    ID de rapport : explorer.exe3
    Nom complet du package défaillant : explorer.exe4
    ID de l’application relative au package défaillant : explorer.exe5

    Error: (07/23/2015 02:47:29 PM) (Source: Application Error) (User: )
    Description: Nom de l’application défaillante Explorer.EXE, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
    Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x00000000000231ae
    ID du processus défaillant : 0x728
    Heure de début de l’application défaillante : 0xExplorer.EXE0
    Chemin d’accès de l’application défaillante : Explorer.EXE1
    Chemin d’accès du module défaillant: Explorer.EXE2
    ID de rapport : Explorer.EXE3
    Nom complet du package défaillant : Explorer.EXE4
    ID de l’application relative au package défaillant : Explorer.EXE5

    Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez.

    Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion.

    Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows ne peut pas charger le profil stocké localement. Les causes possibles de cette erreur incluent des droits de sécurité insuffisants ou un profil local endommagé.

    DÉTAIL - Le Registre de configuration est endommagé.

    Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: AUTORITE NT)
    Description: Windows ne peut pas charger le Registre. Ce problème est souvent causé par une mémoire insuffisante ou des droits d’accès insuffisants.

    DÉTAIL - Le Registre de configuration est endommagé.
    pour C:\Users\Christelle-PC\ntuser.dat

    Error: (07/23/2015 02:04:03 PM) (Source: Application Error) (User: )
    Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
    Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x0000000000022eee
    ID du processus défaillant : 0x880
    Heure de début de l’application défaillante : 0xexplorer.exe0
    Chemin d’accès de l’application défaillante : explorer.exe1
    Chemin d’accès du module défaillant: explorer.exe2
    ID de rapport : explorer.exe3
    Nom complet du package défaillant : explorer.exe4
    ID de l’application relative au package défaillant : explorer.exe5

    Error: (07/23/2015 02:04:03 PM) (Source: Application Error) (User: )
    Description: Nom de l’application défaillante Explorer.EXE, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
    Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x00000000000231ae
    ID du processus défaillant : 0x778
    Heure de début de l’application défaillante : 0xExplorer.EXE0
    Chemin d’accès de l’application défaillante : Explorer.EXE1
    Chemin d’accès du module défaillant: Explorer.EXE2
    ID de rapport : Explorer.EXE3
    Nom complet du package défaillant : Explorer.EXE4
    ID de l’application relative au package défaillant : Explorer.EXE5

    Error: (07/23/2015 02:02:34 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez.

    Error: (07/23/2015 02:02:34 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion.


    System errors:
    =============
    Error: (07/23/2015 02:16:50 PM) (Source: Service Control Manager) (User: )
    Description: Le service User Experience Improvement Program s’est terminé de façon inattendue pour la 1ème fois.

    Error: (07/23/2015 02:16:50 PM) (Source: Service Control Manager) (User: )
    Description: Le service Service Partage réseau du Lecteur Windows Media s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

    Error: (07/23/2015 02:16:50 PM) (Source: Service Control Manager) (User: )
    Description: Le service NVIDIA Update Service Daemon s’est terminé de façon inattendue pour la 1ème fois.

    Error: (07/23/2015 02:16:50 PM) (Source: Service Control Manager) (User: )
    Description: Le service Nero Update s’est terminé de façon inattendue pour la 1ème fois.

    Error: (07/23/2015 02:16:49 PM) (Source: Service Control Manager) (User: )
    Description: Le service Intel(R) Dynamic Application Loader Host Interface Service s’est terminé de façon inattendue pour la 1ème fois.

    Error: (07/23/2015 02:16:49 PM) (Source: Service Control Manager) (User: )
    Description: Le service Quick Access RadioMgr Service s’est terminé de façon inattendue pour la 1ème fois.

    Error: (07/23/2015 02:16:49 PM) (Source: Service Control Manager) (User: )
    Description: Le service ePower Service s’est terminé de façon inattendue pour la 1ème fois.

    Error: (07/23/2015 02:16:49 PM) (Source: Service Control Manager) (User: )
    Description: Le service Quick Access Service s’est terminé de façon inattendue pour la 1ème fois.

    Error: (07/23/2015 02:16:48 PM) (Source: Service Control Manager) (User: )
    Description: Le service Cache de police de Windows Presentation Foundation 3.0.0.0 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service.

    Error: (07/23/2015 02:16:48 PM) (Source: Service Control Manager) (User: )
    Description: Le service Cyberlink RichVideo Service(CRVS) s’est terminé de façon inattendue pour la 1ème fois.


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-07-22 23:15:33.085
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-07-22 23:15:32.817
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-07-07 22:39:06.188
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-07-07 22:39:05.737
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-05 22:26:49.762
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-05 22:26:49.487
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-12 08:42:29.709
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-12 08:42:29.466
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-05 09:59:17.179
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-03-05 09:59:16.994
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    =========================== Installed Programs ============================

    abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.04.3004 - Acer Incorporated)
    abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2011.0 - Acer Incorporated)
    abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2011.1 - Acer Incorporated)
    Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2001 - Acer)
    Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
    Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
    Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
    Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
    Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
    Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
    Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.02.2004.7 - Acer Incorporated)
    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
    DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
    DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.0 - DivXNetworks, Inc.)
    Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
    Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
    Join Me (HKLM-x32\...\{91719435-F4B9-4D21-814D-7C66959DB632}) (Version: 1.0.0 - ZTE)
    K-Lite Codec Pack (64-bit) v4.7.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.7.0 - )
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Matroska Pack (HKLM-x32\...\Matroska Pack) (Version: - )
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mises à jour NVIDIA 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
    Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
    NVIDIA Logiciel système PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
    NVIDIA Pilote graphique 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
    Panneau de configuration NVIDIA 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 332.35 - NVIDIA Corporation) Hidden
    Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
    Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
    StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Watchtower Library 2013 - Français (HKLM-x32\...\{6153D264-43A5-4CAF-B54F-BC00A5FB721E}) (Version: 15.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
    WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
    ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)

    ========================= Devices: ================================


    ========================= Memory info: ===================================

    Percentage of memory in use: 27%
    Total physical RAM: 3987.27 MB
    Available physical RAM: 2907.79 MB
    Total Virtual: 4947.27 MB
    Available Virtual: 3545.64 MB

    ========================= Partitions: =====================================

    1 Drive c: (Acer) (Fixed) (Total:914.2 GB) (Free:824.86 GB) NTFS
    3 Drive e: () (Removable) (Total:0.12 GB) (Free:0.03 GB) FAT

    ========================= Users: ========================================

    comptes d'utilisateurs de \\CHRISTELLE

    Administrateur Christelle-PC Invit‚
    UpdatusUser
    La commande s'est termin‚e correctement.

    ========================= Minidump Files ==================================

    No minidump file found


    **** End of log ****

    Sorry in advance, it's a "french" computer. The answers are provided in french. User profile couldn't be loaded, connexion with a temporary profile.

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,041

    Re: Black screen after session opening

    I could figure out enough of the French to tell that there is a problem with your user account as well as StartIsBack but ran the Application errors through Bing Translator to get a better picture (copied below). Since the Microsoft account settings are corrupt, let's see if the Microsoft Accounts Troubleshooter can repair the corruption. It is described with images here: Microsoft Accounts Troubleshooter: Fix Sync settings problems. The download link from Microsoft is at the end of the article.




    Application errors:
    ==================
    Error: (07/23/2015 02:47:30 PM) (Source: Application Error) (User:)
    Description: The name of the application failing explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
    Faulting module name: StartIsBack64.dll, version: 3.5.0.39, time stamp: 0x52b9f014
    Exception code: 0xc0000005
    Offset error: 0x0000000000022eee
    Faulting process ID: 0 x 588
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    The faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Full name of the failed package: explorer.exe4
    Relative to the package application ID failed: explorer.exe5

    Error: (07/23/2015 02:47:29 PM) (Source: Application Error) (User:)
    Description: The name of the faulting application Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
    Faulting module name: StartIsBack64.dll, version: 3.5.0.39, time stamp: 0x52b9f014
    Exception code: 0xc0000005
    Offset error: 0x00000000000231ae
    Faulting process ID: 0 x 728
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    The faulting module path: Explorer.EXE2
    Report ID: Explorer.EXE3
    Full name of the failed package: Explorer.EXE4
    Relative to the package application ID failed: Explorer.EXE5

    Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows cannot find the local profile and tries to log in with a temporary profile. Changes to this profile will be lost when you log off.

    Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows saved user's profile. Windows will automatically attempt to use the profile saved the next time that the user opens a connection.

    Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or corrupt local profile.

    DETAIL - The configuration registry is damaged.

    Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT Authority)
    Description: Windows cannot load the registry. This problem is often caused by insufficient memory or insufficient access rights.

    DETAIL - The configuration registry is damaged.
    for C:\Users\Christelle-PC\ntuser.dat

    Error: (07/23/2015 02:04:03 PM) (Source: Application Error) (User:)
    Description: The name of the application failing explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
    Faulting module name: StartIsBack64.dll, version: 3.5.0.39, time stamp: 0x52b9f014
    Exception code: 0xc0000005
    Offset error: 0x0000000000022eee
    Faulting process ID: 0 x 880
    Faulting application start time: 0xexplorer.exe0
    Faulting application path: explorer.exe1
    The faulting module path: explorer.exe2
    Report ID: explorer.exe3
    Full name of the failed package: explorer.exe4
    Relative to the package application ID failed: explorer.exe5

    Error: (07/23/2015 02:04:03 PM) (Source: Application Error) (User:)
    Description: The name of the faulting application Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
    Faulting module name: StartIsBack64.dll, version: 3.5.0.39, time stamp: 0x52b9f014
    Exception code: 0xc0000005
    Offset error: 0x00000000000231ae
    Faulting process ID: 0 x 778
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    The faulting module path: Explorer.EXE2
    Report ID: Explorer.EXE3
    Full name of the failed package: Explorer.EXE4
    Relative to the package application ID failed: Explorer.EXE5

    Error: (07/23/2015 02:02:34 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows cannot find the local profile and tries to log in with a temporary profile. Changes to this profile will be lost when you log off.

    Error: (07/23/2015 02:02:34 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
    Description: Windows saved user's profile. Windows will automatically attempt to use the profile saved the next time that the user opens a connection.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9

    Re: Black screen after session opening

    Hello, it is not solving the problem either. I really don't know what to do.
    Thanks to your help, I know that the HD is clean from any viruses, malwares. And one bug is fixed, I can connect it to the Internet using an ethernet wire.

    So I've decided to run dism.exe /online /cleanup-image /checkhealth & /restorehealth. For the first time it said : problem could be solved. But after restarting the computer, same black screen. I'll have to search for sessions problems then.

  10. #10

    Re: Black screen after session opening

    Problem solved, the PC being cleansed with your advices and after the dism.exe and the sfc /scannow, I could perform a restoration of the system.

    Thank you very much for your help.

  11. #11
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,041

    Re: Black screen after session opening

    That is great news, Vyvika! My help along with your persistence and follow-though.

    Let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  12. #12

    Re: Black screen after session opening

    I've done it with Delfix. Thanks again.

  13. #13
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,041

    Re: Black screen after session opening

    You are very welcome!


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  14. #14

    Re: Black screen after session opening

    I am having similar issue on my dell computer. Let me know what I need to do, to hopefully resolve it. Thank you.

  15. #15
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,041

    Re: Black screen after session opening

    Hi, niw. Welcome to Sysnative.

    Please follow the instructions at Malware Removal Posting Instructions and create a new thread of your own.

    Thank you.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. Black screen with cursor issue
    By paulmac in forum Windows Update
    Replies: 1
    Last Post: 05-30-2015, 11:18 AM
  2. black screen + app crashes
    By reece6506 in forum Windows Update
    Replies: 1
    Last Post: 04-11-2015, 06:33 AM
  3. Windows 8 PC Black screen non responsive - CBS log
    By johntaylor730 in forum Windows Update
    Replies: 1
    Last Post: 08-27-2014, 06:02 AM
  4. Black screen of death?
    By r4kolb in forum Windows 7 | Windows Vista
    Replies: 128
    Last Post: 03-15-2014, 06:56 AM

Log in

Log in