Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by Administrateur at 2015-06-01 19:07:46 Running from C:\Users\Administrateur\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrateur (S-1-5-21-627492379-3408299021-2934323566-500 - Administrator - Enabled) => C:\Users\Administrateur HomeGroupUser$ (S-1-5-21-627492379-3408299021-2934323566-1001 - Limited - Enabled) Invité (S-1-5-21-627492379-3408299021-2934323566-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-627492379-3408299021-2934323566-500\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) 2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Belkin F5D8053 N Wireless USB Adapter (HKLM-x32\...\InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}) (Version: 2.0.0.10 - Belkin) Belkin F5D8053 N Wireless USB Adapter (x32 Version: 2.0.0.10 - Belkin) Hidden Belkin Wireless Micro USB Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0155 - Belkin International, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Glary Utilities 3.8 (HKLM-x32\...\Glary Utilities 3) (Version: 3.8.0.136 - Glarysoft Ltd) globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft) Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft) Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft) MKLOL (HKU\S-1-5-21-627492379-3408299021-2934323566-500\...\MKLOL) (Version: - ) Mumble 1.2.4 (HKLM-x32\...\{4D933DC4-EA10-4CDA-99F3-7F6AE9AE491F}) (Version: 1.2.4 - Thorvald Natvig) REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.) Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Snap.Do (HKLM-x32\...\{F33C8209-E8E0-49C8-8D7E-363CD346C801}) (Version: 11.117.1.19710 - ReSoft Ltd.) <==== ATTENTION Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.00 (32 bits) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-627492379-3408299021-2934323566-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrateur\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File ==================== Restore Points ========================= 23-05-2015 23:03:42 Windows Update 24-05-2015 23:03:06 Windows Update 28-05-2015 10:57:14 Windows Update 01-06-2015 10:42:13 Windows Update 01-06-2015 13:21:22 Uniblue SpeedUpMyPC installation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-05-23 15:03 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F860ECD-7355-4202-8495-D90A6B4A7E55} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {103B2E91-0A74-4639-9657-EE5077CA40A2} - System32\Tasks\idnik => C:\Users\Administrateur\AppData\Local\idnik.bat [2014-07-02] () Task: {1D5DFBF4-76AE-4F23-BBF1-FA78133669E5} - System32\Tasks\GlaryInitialize 3 => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe [2013-08-07] (Glarysoft Ltd) Task: {1E037764-ADE0-4D6D-AA29-CEBC0E477948} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.) Task: {20B8F2D3-44C4-46E0-9AB4-C05DBD7844DE} - \Pricora 2.0-firefoxinstaller No Task File <==== ATTENTION Task: {21B4C278-C2B9-4768-89B7-5115162868BF} - System32\Tasks\bexboc => C:\Users\Administrateur\AppData\Local\bexboc.bat [2014-07-02] () Task: {27DD17BF-E589-4023-A6D2-8B1C6A1A20D5} - System32\Tasks\dhmaf => C:\Users\Administrateur\AppData\Local\dhmaf.bat [2014-07-02] () Task: {28A76EC0-0FF4-43ED-936A-3F9AEED9A69B} - \Pricora 2.0-updater No Task File <==== ATTENTION Task: {32B16E80-1D43-4C04-AAE2-A5EBA3976E5B} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-14] (Microsoft Corporation) Task: {35860A84-5901-4784-A280-6C7A96BA6D80} - System32\Tasks\jmfcfadg => C:\Users\Administrateur\AppData\Local\jmfcfadg.bat [2014-07-02] () Task: {3CFAE9FE-91DF-4E48-8E55-68E3EA814816} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\Administrateur\AppData\Roaming\~lrnioyx.exe Task: {42C80029-F95A-4072-B721-7C80E11B4423} - System32\Tasks\{015D53B5-3CE0-48A9-A49D-665C7CBDA24F} => Chrome.exe http://ui.skype.com/ui/0/7.0.85.102/fr/abandoninstall?page=tsMain Task: {44AFAA94-7F51-434D-A5FB-40FD3F18520B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {467E2F6A-979C-4983-9D66-45026A12E2BC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {4BAF4627-D5FC-4BE3-A657-A037C4880DA6} - System32\Tasks\cnbwrwkf => C:\Users\Administrateur\AppData\Local\cnbwrwkf.bat [2014-07-02] () Task: {53F7F429-9D23-484B-B4BA-71CBC8D3BF9F} - System32\Tasks\cfbxu => C:\Users\Administrateur\AppData\Local\cfbxu.bat [2014-07-02] () Task: {5B48C807-7461-47F2-AA5F-33A35758E8D6} - System32\Tasks\ebcyhf => C:\Users\Administrateur\AppData\Local\ebcyhf.bat [2014-07-02] () Task: {5BE47AA4-1DBF-4DA1-9AAF-5FEE83A1AB0E} - \Pricora 2.0-chromeinstaller No Task File <==== ATTENTION Task: {5C720FB2-F268-4421-8086-0B7604F9C14E} - System32\Tasks\blesm => C:\Users\Administrateur\AppData\Local\blesm.bat [2014-07-02] () Task: {5D64F639-68D3-47A9-B4BF-DF59A33A3B20} - System32\Tasks\ljgtrp => C:\Users\Administrateur\AppData\Local\ljgtrp.bat [2014-07-02] () Task: {65A254BF-CA04-4CF0-9F67-AF1328E530C1} - System32\Tasks\tchmb => C:\Users\Administrateur\AppData\Local\tchmb.bat [2014-07-02] () Task: {66886A23-F2E4-418A-BDA8-3582998C87CA} - System32\Tasks\bvrnbf => C:\Users\Administrateur\AppData\Local\bvrnbf.bat [2014-07-02] () Task: {6DB7D4C7-1FB9-443B-81FD-B2083D76BA18} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\Administrateur\AppData\Roaming\~izziypw.exe Task: {7520B7C1-990E-4CFE-8393-04D07AE76B2D} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION Task: {7598C451-44E6-40C7-8D1B-1B59EA506C5E} - System32\Tasks\livtxvah => C:\Users\Administrateur\AppData\Local\livtxvah.bat [2014-07-02] () Task: {76CC0635-FD3C-4FB5-8067-CEC29301D66F} - \8d8db532-02b3-40c7-9062-c933d9fca1a5-1 No Task File <==== ATTENTION Task: {7F150AD6-858D-4AE6-986B-62814F388CD3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {89172CC4-7113-461D-AB95-602BB5F581B4} - System32\Tasks\mkjigf => C:\Users\Administrateur\AppData\Local\mkjigf.bat [2014-07-02] () Task: {8B11EE52-F6FC-4016-B09C-875D3546CE37} - System32\Tasks\ecaeca => C:\Users\Administrateur\AppData\Local\ecaeca.bat [2014-07-02] () Task: {8CEFA5E3-554D-44B9-B5E2-BD04D04897B5} - \8d8db532-02b3-40c7-9062-c933d9fca1a5-2 No Task File <==== ATTENTION Task: {8E596108-019A-433A-964F-414C941D1F13} - \8d8db532-02b3-40c7-9062-c933d9fca1a5-5 No Task File <==== ATTENTION Task: {9471F9DB-2DEE-451F-8E4D-8E9488148DD7} - System32\Tasks\N2bSEordKcgoRf7 => C:\Users\Administrateur\AppData\Roaming\KoaMc4Y\91mk204.exe Task: {9EFDAD7F-840A-419A-AFAE-00A90CCFD66B} - System32\Tasks\WIN-statsAdmin => C:\Users\Administrateur\AppData\Local\Microsoft\WinU\~hixmsuu.exe <==== ATTENTION Task: {A468479F-C455-47D0-BBB9-63CBCAD3F30E} - \8d8db532-02b3-40c7-9062-c933d9fca1a5-3 No Task File <==== ATTENTION Task: {A96FEC18-5EAA-41B1-A992-50AFDE563A60} - \Pricora 2.0-codedownloader No Task File <==== ATTENTION Task: {AFCE0685-4001-4A4A-8C69-F45FA1C0322B} - System32\Tasks\bbxdry => C:\Users\Administrateur\AppData\Local\bbxdry.bat [2014-07-02] () Task: {B6F6758B-9188-45E5-9880-5954DD687922} - System32\Tasks\koagcos => C:\Users\Administrateur\AppData\Local\koagcos.bat [2014-07-02] () Task: {BBF3E3B4-A8EB-4283-BF8C-094029E6207A} - System32\Tasks\bdwreh => C:\Users\Administrateur\AppData\Local\bdwreh.bat [2014-07-02] () Task: {BC707684-3CD1-468E-AE64-AD6BB519EB0A} - System32\Tasks\bxebob => C:\Users\Administrateur\AppData\Local\bxebob.bat [2014-07-02] () Task: {BF29FBE5-5BCE-4CAA-9649-FC1CD2C7C551} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated) Task: {C05E2685-4FD5-48C9-8AA6-7242AA59A8D0} - System32\Tasks\CilxETTDDXtZ8HX => C:\Users\Administrateur\AppData\Roaming\3pbeXCz\UU9d3Vz.exe Task: {C8E8C2AF-76C5-494A-B876-03EFDA266725} - \8d8db532-02b3-40c7-9062-c933d9fca1a5-4 No Task File <==== ATTENTION Task: {CFB7CF48-8F7A-4FC5-BEE7-90CF4CCD5826} - System32\Tasks\pkeoidni => C:\Users\Administrateur\AppData\Local\pkeoidni.bat [2014-07-02] () Task: {D1351981-4EC7-4EDA-9386-9D321C85DF60} - \Pricora 2.0-enabler No Task File <==== ATTENTION Task: {D5493AFC-5280-438A-9719-A96A08B7EACF} - System32\Tasks\bvrmanh => C:\Users\Administrateur\AppData\Local\bvrmanh.bat [2014-07-02] () Task: {DEA2A494-6DB8-4F23-853F-9DA88B281A01} - System32\Tasks\16m7aRYhQ8v4mf6 => C:\Users\Administrateur\AppData\Roaming\9lGq96R\gvAKfE2.exe Task: {DF38EC22-5CF5-42F4-AB93-DB1B2D1788A2} - System32\Tasks\WIN-statsSystem => C:\Users\Administrateur\AppData\Local\Microsoft\WinU\~dzlsudt.exe Task: {E081FAAF-4A3F-4738-B349-523B6A1A1C18} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {E4B223A5-6BDA-4FE8-BE06-473C8F4B5302} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {EA8EECB7-40D8-4AC7-8662-C9AF1BF77AEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.) Task: {F6D8FA20-A4C6-4B0D-A962-F7F054E7B50A} - System32\Tasks\xpiarbul => C:\Users\Administrateur\AppData\Local\xpiarbul.bat [2014-07-02] () Task: {FF3D4281-6589-4AD3-AF4C-E1988952ADFD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize 3.job => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-08-07 04:30 - 2013-08-07 04:30 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 3\zlib1.dll 2015-04-18 15:55 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-04-18 15:55 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-04-18 15:55 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-04-18 15:55 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-04-18 15:55 - 2015-05-15 03:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll 2015-04-18 15:54 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-04-18 15:54 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-04-18 15:54 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-04-18 15:54 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-04-18 15:54 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-04-18 15:54 - 2015-05-15 03:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-01-04 22:14 - 2012-11-06 10:47 - 00114688 _____ () C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll 2015-05-26 09:38 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-05-26 09:38 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll 2015-04-18 15:54 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-05-26 09:38 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7866 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-627492379-3408299021-2934323566-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Administrateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: uTorrent => "C:\Users\Administrateur\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{B14CE4EC-F2F0-4A68-9A0F-D304415F8DA5}C:\users\administrateur\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\administrateur\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [UDP Query User{C344B865-6BAD-4238-8D34-303192FE0AAD}C:\users\administrateur\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\administrateur\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [{E84E190E-C687-41DF-8722-E963FFF63024}] => (Allow) C:\Users\Administrateur\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2269A33C-A3FD-4813-A880-3653DAD6AFFE}] => (Allow) C:\Users\Administrateur\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{46A5AA57-C7F7-4A57-B24E-645418236E46}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{98FCF6F4-1616-4BA9-8E12-1A1C6DC4E5EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{623B5515-E8CC-4F87-AFA6-3D670BB223E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2C2FF8E4-EC4D-4049-BC44-729511ADB2A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B4555FC7-782E-481A-8A8E-A3381B0F2D10}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C2A5375E-9435-4EE5-867C-3919962FDB12}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{12927632-6E80-4AA0-961E-8D9DF0FB0986}C:\users\administrateur\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\administrateur\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [UDP Query User{4CE469CD-222E-47C9-B4A4-84CE4D6252A4}C:\users\administrateur\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\administrateur\appdata\roaming\cacaoweb\cacaoweb.exe FirewallRules: [{38C000FA-ADB9-486F-902F-8BA3A26CA656}] => (Allow) C:\Users\Administrateur\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{98255F14-B987-4FA4-942D-7CEFF3988BA5}] => (Allow) C:\Users\Administrateur\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{3A362A4D-487F-4494-AB58-38433A1DBB4C}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{39366715-770D-43D9-91BF-C57FCB0B724F}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{FCCAD0A9-EC6E-40B6-9ACC-9CD556A4E0D1}] => (Allow) LPort=1542 FirewallRules: [{7CC44EE2-A434-426D-9208-C82561EAB4CB}] => (Allow) LPort=1542 FirewallRules: [{5DDE3FA6-3894-428A-875C-BE6E0044AA4C}] => (Allow) LPort=53 FirewallRules: [{ADEE70C9-6DA6-4F85-8507-F45CDEA7C9A7}] => (Allow) LPort=67 FirewallRules: [{551497F8-73DA-4F89-81D3-1D8EFFC57738}] => (Allow) LPort=68 FirewallRules: [{8BDE9AD1-9249-4FF4-991A-C2411C00F180}] => (Allow) LPort=53 FirewallRules: [{8DA2C866-59B2-4306-96C3-BE14A0DAF517}] => (Allow) LPort=53 FirewallRules: [{B7018694-4A93-4164-889E-71DF5F6A5CDD}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe FirewallRules: [{5E9FF0D4-CBA1-4CC4-8C0D-17CE1D2707E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D0DEF0D5-112C-4314-9400-39E17E62535C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{FE5C5CF7-2509-4F41-A5D7-0C1EFE683BE3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{CBCE7116-55E9-47B8-AB2D-4D1F717380B8}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [UDP Query User{D27CE4AE-AA3E-4652-B96D-96304DF18492}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [{B68551E2-0C53-425A-834C-CA9F78D446FD}] => (Allow) C:\Users\Administrateur\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DD283006-B0C5-4817-B46B-514785F680B4}] => (Allow) C:\Users\Administrateur\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DE0F5052-62DA-4948-8CD3-153CA56B7DD7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [{FF410790-8432-457B-93DF-58F926662378}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe FirewallRules: [TCP Query User{A870624B-8C99-4467-9E8F-09FCBB6324D4}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe FirewallRules: [UDP Query User{35A8AA22-175C-4C43-9FB9-076D5462AA35}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe FirewallRules: [TCP Query User{E0564864-8EDB-4F92-864B-437EBD8BABED}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [UDP Query User{110047AE-2240-40C2-A7BF-7F2BCB34F8D9}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe FirewallRules: [TCP Query User{26FF9D4C-D7BF-41B7-A453-E7B2BB38032A}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe FirewallRules: [UDP Query User{09BB92A4-22CB-4758-8C16-10D3CE246D0A}C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\jp2launcher.exe FirewallRules: [TCP Query User{1F5E765B-667C-429A-805C-CE981E1419B3}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [UDP Query User{6F671173-4E28-4F13-8371-C621A5F4BE7C}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [TCP Query User{361AB040-6458-4B30-8952-094D247BCF65}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [UDP Query User{CE2D7121-2CE4-4525-B9B9-652AFB9E03E2}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [{73900907-70F9-4F83-8667-7803A6E0B246}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{66DE4FB7-21D9-4E17-A3EF-DC0E3D3E26C5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{11F661EC-C698-41A3-ACB0-88975855233E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{FD5E9E33-51DC-47F2-9612-F54760E76557}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{D799C469-00D4-4350-A29B-253156DC63B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{392AA84E-0B03-4A75-8B77-06080E24B1A4}] => (Allow) C:\Program Files (x86)\mystarttb\dtuser.exe FirewallRules: [{FC9A7327-8111-49E3-AA96-DAC4238DE6D5}] => (Allow) C:\Program Files (x86)\mystarttb\dtuser.exe FirewallRules: [{8CB42002-5E10-4D43-BBBB-D4A9064AF401}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe FirewallRules: [{0F054C6E-72AD-408D-8328-B06128EF5A10}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe FirewallRules: [{F47B5893-9D38-4E38-A855-DB3F5D7315D3}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{9FD2AD3C-0A07-45D5-AEA5-30F7559FDB29}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/01/2015 07:04:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2015 01:40:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2015 10:31:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2015 10:26:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2015 09:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2015 09:45:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2015 09:18:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/01/2015 09:15:29 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme SDScan.exe version 2.4.40.181 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 1730 Heure de début : 01d09c36448036a6 Heure de fin : 78 Chemin d’accès de l’application : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe ID de rapport : f7a4924c-082d-11e5-a285-d43d7ed82485 Error: (06/01/2015 08:33:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/31/2015 07:07:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/01/2015 10:31:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Spybot-S&D 2 Scanner Service n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (06/01/2015 10:31:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Spybot-S&D 2 Scanner Service. Error: (06/01/2015 10:26:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : cdrom Error: (06/01/2015 09:59:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Spybot-S&D 2 Scanner Service n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (06/01/2015 09:59:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Spybot-S&D 2 Scanner Service. Error: (06/01/2015 09:59:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Spybot-S&D 2 Scanner Service n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (06/01/2015 09:59:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Spybot-S&D 2 Scanner Service. Error: (06/01/2015 09:45:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Spybot-S&D 2 Scanner Service n’a pas pu démarrer en raison de l’erreur : %%1053 Error: (06/01/2015 09:45:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Spybot-S&D 2 Scanner Service. Error: (06/01/2015 09:44:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Le service Spybot-S&D 2 Scanner Service n’a pas pu démarrer en raison de l’erreur : %%1053 Microsoft Office: ========================= Error: (04/21/2014 10:08:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1202 seconds with 780 seconds of active time. This session ended with a crash. Error: (04/01/2014 10:53:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/26/2014 06:10:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz Percentage of memory in use: 56% Total physical RAM: 4024.6 MB Available physical RAM: 1747.58 MB Total Pagefile: 8047.39 MB Available Pagefile: 5560.06 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:736.1 GB) (Free:346.6 GB) NTFS Drive d: (BACKUP) (Fixed) (Total:195.31 GB) (Free:192.2 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 52469F2E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=736.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) ==================== End of log ============================