--------------- QuickDiag | g3n-h@ckm@n | 2_02.11.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 04/12/2016 18:14:35 Updated 02/11/2016 | 17.15 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Moi (Administrator)] - [MONPC] (S-1-5-21-1226033637-2517802057-377062516-1000) System: Microsoft Windows 7 Édition Familiale Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Édition Familiale Premium |C:\Windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: Aspire XC600 - Acer - IdNumber: DTSLJEF040251030563000 - UUID: 000A5261-3935-E111-ACA3-ECA86BDFDBDD Processor : X64 - 2893 Mhz - Intel(R) Pentium(R) CPU G645 @ 2.90GHz BIOS Date: 10/08/12 19:37:02 Ver: 04.06.05 - en|US|iso8859-1 - American Megatrends Inc. - S/N: DTSLJEF040251030563000 - P11-A2 - ACRSYS - 1072009 CoreTemp : 30 Celsius ----------| Xspeed ---------- | SoundDevice Périphérique High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10258100&REV_1001\4&7633C53&0&0001 Périphérique High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80860101&REV_1000\4&7633C53&0&0301 ---------- | Video Intel(R) HD Graphics - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumd32,igd10umd32,igd10umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0102&SUBSYS_04921025&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1867679744 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics - DriverVersion: 9.17.10.4229 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % Total Overall CPU Usage value:0 % ---------- | Network Intel[R] 82579V Gigabit Network Connection : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{252331E6-D64C-4D09-9551-E6B14158CE11} : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Adaptateur USB DWA-110 D-Link sans fil G - - - Status: - PnPID : WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000 RAS Async Adapter - - - Status: - PnPID : Intel(R) 82579V Gigabit Network Connection - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_1503&SUBSYS_04921025&REV_05\3&11583659&0&C8 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000 ---------- | Memory RAM = Total (MB) : 4107 | Free (MB) : 1984 Pagefile = Total (MB) : 8211 | Free (MB) : 6312 Virtual = Total (MB) : 4194 | Free (MB) : 4033 Physical Memory 0 : Capacity: 4294967296 - DIMM1 - Posit.: 1 - Manufacturer: Kingston - PartNumber: ACR512X64D3U16C11G - S/N: 17120E7A ---------- | SID Users Administrateur : [S-1-5-21-1226033637-2517802057-377062516-500] Invité : [S-1-5-21-1226033637-2517802057-377062516-501] Moi : [S-1-5-21-1226033637-2517802057-377062516-1000] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Utilisateurs : [S-1-5-32-545] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | Drives F:\ -> [Removable] | [] | Total : 14.98 Go | Free : 9.54 Go -> FAT32 [USB] E:\ -> [Fixed] | [Data] | Total : 1465.55 Go | Free : 1422.81 Go -> NTFS [SATA] C:\ -> [Fixed] | [OS] | Total : 396.97 Go | Free : 353.01 Go -> NTFS [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [C:, E:] : Read:0 bytes/sec, Written:1,745,421 bytes/sec Max Read:0 bytes/sec, Max Write:1,745,421 bytes/sec Physical Drive #1 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:1,745,421 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKST2000DM001-1CH164______________________CC24____\5&1A064CE6&0&0.0.0 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\7CCFEBB2&0 ---------- | Windows updates Last detection : 2016-11-19 10:52:08 Downloaded last ones : 2016-12-02 15:15:58 Installed last ones : 2016-12-02 16:14:03 Next search : 2016-12-04 16:56:27 Windows Is Activated ---------- | Browsers IE : 11.0.9600.18523 (© Microsoft Corporation. Tous droits réservés.) GC : 54.0.2840.99 (Copyright 2016 Google Inc.) Default : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" ---------- | FlashPlayer ---------- | Security FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 348 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23569) = C:\Windows\System32\smss.exe [09/11/2016 16:46:02] CPU Usage:0 % 532 | [Owner : | Parent : 428() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 00:52:37] CPU Usage:0 % 580 | [Owner : | Parent : 532(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [11/05/2016 20:23:19] CPU Usage:0 % 596 | [Owner : | Parent : 532(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23571) = C:\Windows\System32\lsass.exe [09/11/2016 16:46:00] CPU Usage:0 % 604 | [Owner : | Parent : 532(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [08/05/2016 09:51:07] CPU Usage:0 % 732 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 776 | [Owner : | Parent : 524() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [11/05/2016 19:57:25] CPU Usage:0 % 840 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 932 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 972 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 1000 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 112 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 476 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 1112 | [Owner : | Parent : 580(services.exe) | ?????] - (.AVAST Software - avast! Service.) - (12.3.3154.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [10/09/2016 07:19:35] CPU Usage:0 % 1340 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe [08/05/2016 09:51:02] CPU Usage:0 % 1360 | [Owner : Moi | Parent : 580(services.exe) | 14.56 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [11/05/2016 19:58:17] CPU Usage:0 % 1416 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 1516 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Updates Skype Click to Call.) - (7.0.14735.1561) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [03/01/2014 00:32:12] CPU Usage:0 % 1640 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 1676 | [Owner : | Parent : 580(services.exe) | ?????] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe [09/05/2016 17:16:43] CPU Usage:0 % 1712 | [Owner : | Parent : 580(services.exe) | ?????] - (.SEIKO EPSON CORPORATION - MyEpson Portal Service.) - (1.0.3.1) = C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe [08/08/2016 13:16:06] CPU Usage:0 % 1796 | [Owner : Moi | Parent : 1712(mepService.exe) | 38.28 Mo] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) - (1.1.2.4) = C:\Program Files (x86)\epson\MyEpson Portal\mep.exe [04/08/2016 16:27:48] CPU Usage:0 % 1872 | [Owner : | Parent : 580(services.exe) | ?????] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - (2.5.44.79) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [06/05/2016 14:56:18] CPU Usage:0 % 2036 | [Owner : Moi | Parent : 972(svchost.exe) | 46.91 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 00:37:38] CPU Usage:0 % 1252 | [Owner : Moi | Parent : 2020() | 53.47 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe [12/10/2016 15:16:00] CPU Usage:0 % 2068 | [Owner : | Parent : 1712(mepService.exe) | ?????] - (.Microsoft Corporation - Print driver host for 32bit applications.) - (6.1.7601.17514) = C:\Windows\splwow64.exe [08/05/2016 09:50:56] CPU Usage:0 % 2204 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 2244 | [Owner : | Parent : 580(services.exe) | ?????] - (.TeamViewer GmbH - TeamViewer 11.) - (11.0.1159.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [14/11/2016 19:00:43] CPU Usage:0 % 2336 | [Owner : | Parent : 580(services.exe) | ?????] - (.TuneUp Software - TuneUp Utilities Service.) - (9.0.6000.10) = C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [31/05/2011 16:24:58] CPU Usage:0 % 2472 | [Owner : | Parent : 580(services.exe) | ?????] - (.Safer-Networking Ltd. - Windows Security Center integration..) - (2.3.39.2) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [06/05/2016 14:56:19] CPU Usage:0 % 2680 | [Owner : Moi | Parent : 2336(TuneUpUtilitiesService64.exe) | 9.92 Mo] - (.TuneUp Software - TuneUp Utilities.) - (9.0.6000.10) = C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe [31/05/2011 16:25:02] CPU Usage:0 % 2060 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 2380 | [Owner : Moi | Parent : 1796(mep.exe) | 25.22 Mo] - (.Microsoft Corporation - Print driver host for 32bit applications.) - (6.1.7601.17514) = C:\Windows\splwow64.exe [08/05/2016 09:50:56] CPU Usage:0 % 2616 | [Owner : Moi | Parent : 1252(explorer.exe) | 7.31 Mo] - (.Intel Corporation - igfxTray Module.) - (8.15.10.4229) = C:\Windows\System32\igfxtray.exe [01/06/2015 20:00:40] CPU Usage:0 % 368 | [Owner : Moi | Parent : 1252(explorer.exe) | 7.13 Mo] - (.Intel Corporation - hkcmd Module.) - (8.15.10.4229) = C:\Windows\System32\hkcmd.exe [01/06/2015 20:00:12] CPU Usage:0 % 3108 | [Owner : Moi | Parent : 1252(explorer.exe) | 6.72 Mo] - (.SFX TEAM - SuperCopier 2 (explorer file copy replacement).) - (2.2.0.650) = C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [16/08/2009 20:36:06] CPU Usage:0 % 3248 | [Owner : Moi | Parent : 1252(explorer.exe) | 22.86 Mo] - (.1&1 Internet AG - 1&1 Office-Drive Manager.) - (2.0.687.0) = C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE [24/09/2012 16:50:54] CPU Usage:0 % 3296 | [Owner : Moi | Parent : 1252(explorer.exe) | 10.21 Mo] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - (9.0.0.0) = C:\Windows\System32\spool\drivers\x64\3\E_YATIMBE.EXE [09/05/2016 17:16:22] CPU Usage:0 % 3452 | [Owner : Moi | Parent : 1252(explorer.exe) | 70.41 Mo] - (.Microsoft Corporation - Gadgets du Bureau Windows.) - (6.1.7601.17514) = C:\Program Files\Windows Sidebar\sidebar.exe [08/05/2016 09:51:15] CPU Usage:0 % 3492 | [Owner : Moi | Parent : 1252(explorer.exe) | 86.36 Mo] - (.Skype Technologies S.A. - Skype.) - (7.30.0.105) = C:\Program Files (x86)\Skype\Phone\Skype.exe [15/11/2016 16:33:56] CPU Usage:0 % 3568 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [11/05/2016 20:19:29] CPU Usage:0 % 3816 | [Owner : Moi | Parent : 1252(explorer.exe) | 9.48 Mo] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - (7.0.1.0) = C:\Windows\System32\spool\drivers\x64\3\E_YATIHVE.EXE [25/10/2016 18:01:51] CPU Usage:0 % 3868 | [Owner : Moi | Parent : 3824() | 10.45 Mo] - (.AVAST Software - avast! Antivirus.) - (12.3.3154.23) = C:\Program Files\AVAST Software\Avast\avastui.exe [15/11/2016 17:14:03] CPU Usage:0 % 4028 | [Owner : Moi | Parent : 3824() | 8.62 Mo] - (.SEIKO EPSON CORPORATION - EEventManager Application.) - (3.2.0.0) = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [20/01/2016 11:21:14] CPU Usage:0 % 4036 | [Owner : Moi | Parent : 3984() | 8.48 Mo] - (.Skillbrains - Lightshot.) - (5.4.0.1) = C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe [07/08/2016 07:43:03] CPU Usage:0 % 4060 | [Owner : Moi | Parent : 3976() | 2.04 Mo] - (.Piriform Ltd - CCleaner.) - (5.24.0.5841) = C:\Program Files\CCleaner\CCleaner64.exe [15/11/2016 21:24:00] CPU Usage:0 % 1636 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe [08/05/2016 09:50:54] CPU Usage:0 % 3988 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [08/05/2016 09:50:29] CPU Usage:0 % 444 | [Owner : | Parent : 932(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [12/10/2016 15:17:03] CPU Usage:0 % 2728 | [Owner : | Parent : 580(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:31:13] CPU Usage:0 % 488 | [Owner : Moi | Parent : 1252(explorer.exe) | 23.75 Mo] - (.SosVirus - QuickDiag.) - (2.11.2016.1) = F:\QuickDiag.exe [04/12/2016 18:03:46] CPU Usage:0 % ---------- | MD5 [MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 15:16:00] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3154 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe [MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [08/05/2016 09:51:06] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 00:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 00:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.BBCAD604A848F959CCF81ECBDC8BB8C4] - [09/11/2016 16:46:01] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.23569) : C:\Windows\System32\Kernel32.dll [MD5.92DAF7D21711117B007608CB50FBD2E2] - [09/11/2016 16:46:00] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23571) : C:\Windows\System32\lsass.exe [MD5.622C96AFB07BB82C8650B47172137AC4] - [11/05/2016 20:22:47] - (.© Microsoft Corporation. - Distributed COM Services.) - [499.5 Ko] - (6.1.7601.19143) : C:\Windows\System32\rpcss.dll [MD5.DD81D91FF3B0763C392422865C9AC12E] - [14/07/2009 00:57:20] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [44.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.71C85477DF9347FE8E7BC55768473FCA] - [11/05/2016 20:23:19] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.8F4B991E7837E8E0F90C856659456652] - [14/09/2016 20:14:09] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [985.5 Ko] - (6.1.7601.23528) : C:\Windows\System32\user32.dll [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [08/05/2016 09:50:25] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 00:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [11/05/2016 19:57:25] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe [MD5.9A4A1EEE802BF2F878EE8EAB407B21B7] - [11/05/2016 20:11:52] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [486 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 00:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.059F00DEF82BF41E433B7ED465847726] - [11/05/2016 20:13:38] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys [MD5.B8BD2BB284668C84865658C77574381A] - [14/07/2009 00:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.F036CE71586E93D94DAB220D7BDF4416] - [08/05/2016 09:49:19] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.9B38580063D281A99E68EF5813022A5F] - [12/10/2016 15:17:02] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [104 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [08/05/2016 09:49:19] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [14/07/2009 00:19:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 01:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.25F918BB5D57C99FFEB0255143D0DF9A] - [09/11/2016 16:46:02] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23571) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.F7309F42555F8AAB7144A51A1F2585B0] - [11/05/2016 19:57:39] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [928.44 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys [MD5.E47D571FEC2C76E867935109AB2A770C] - [15/06/2016 17:47:20] - (.© Microsoft Corporation. - MBT Transport driver.) - [256 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys [MD5.47B2D0B31BDC3EBE6090228E2BA3764D] - [11/05/2016 20:13:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1644.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys [MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 01:00:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.471815800AE33E6F1C32FB1B97C490CA] - [08/05/2016 09:50:55] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 01:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.B2875D7ABB82867DC3AA03D991940201] - [14/09/2016 20:14:08] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1851.73 Ko] - (6.1.7601.23496) : C:\Windows\System32\Drivers\tcpip.sys [MD5.AA77EB517D2F07A947294F260E3ACA83] - [11/05/2016 20:11:52] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.5 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [08/05/2016 09:51:01] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.1&1 Internet AG.-.1&1 Office-Drive Manager.) - (2.0.687.0) -- C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64.DLL (.AVAST Software.-.avast! Shell Extension.) - (12.3.3154.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.1&1 Internet AG.-.1&1 Office-Drive Manager Network Provider.) - (2.0.687.0) -- C:\Windows\System32\ui11dnp.dll (.1&1 Internet AG.-.1&1 Office-Drive Manager.) - (2.0.687.0) -- C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\SHNDLERS64-fr.dll (.TuneUp Software.-.TuneUp Shredder Shell Extension.) - (9.0.6000.10) -- C:\Program Files (x86)\TuneUp Utilities 2010\SDShelEx-x64.dll (.Safer-Networking Ltd..-.Windows Explorer context menu integration.) - (2.3.39.113) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.TuneUp Software.-.TuneUp Theme Extension.) - (9.0.6000.10) -- C:\windows\system32\uxtuneup.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up SpybotPostWindows10UpgradeReInstall - ("C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKU\S-1-5-18\...\Run]) - User: AUTORITE NT\Système Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU SuperCopier2.exe - (C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi DAEMON Tools Lite - ("C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi 1&1_1&1 Office-Drive Manager - ("C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" /hide [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi EPLTarget\P0000000000000000 - (C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2650 Series" [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi Foxmail - ("E:\Downloads\Foxmail 727b166fr\Foxmail\Foxmail.exe" -min [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi Sidebar - (C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi Skype - ("C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi Spybot-S&D Cleaning - ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi EPLTarget\P0000000000000001 - (C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX635FWD" [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\...\Run]) - User: MonPC\Moi SpybotPostWindows10UpgradeReInstall - ("C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKU\.DEFAULT\...\Run]) - User: .DEFAULT Adobe Reader Synchronizer - (C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [Common Startup]) - User: Public IgfxTray - ("C:\Windows\system32\igfxtray.exe" [HKLM\...\Run]) - User: Public HotKeysCmds - ("C:\Windows\system32\hkcmd.exe" [HKLM\...\Run]) - User: Public [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\Software\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"=C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [16/08/2009 20:36:06] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun "1&1_1&1 Office-Drive Manager"="C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" /hide "EPLTarget\P0000000000000000"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2650 Series" "Foxmail"="E:\Downloads\Foxmail 727b166fr\Foxmail\Foxmail.exe" -min "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR "Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean "EPLTarget\P0000000000000001"=C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX635FWD" [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" "Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [08/05/2016 18:03:53] "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder ---------- | .LNK C:\Users\Moi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Exam1F0F4.lnk () C:\Users\Moi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk ( /recycle) C:\Users\Moi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk (/prefetch:1) C:\Users\Moi\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\Moi\AppData\Roaming\Microsoft\Windows\SendTo\Foxmail.LNK (/min) C:\Users\Moi\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk (/sendto:) C:\Users\Moi\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk (--sendto) C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk (/name Microsoft.EaseOfAccessCenter) C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( -extoff) C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software\Download Navigator.lnk (/ST) C:\Users\Public\Desktop\Exam1F0F4.lnk () C:\Users\Public\Desktop\Manuels EPSON.lnk ( /LA "FR" /FR "DESKTOP") C:\Users\Public\Desktop\MyEpson Portal.lnk (/S) C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk (/name Microsoft.DefaultPrograms) C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk (startmenu) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk (/showgadgets) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk (/open) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk (%SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk (-NoExit -ImportSystemModules) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\MyEpson Portal.lnk (/S) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON BX635FWD Series\Désinstallation du pilote d'impression EPSON.lnk (/R /APD /P:"EPSON BX635FWD Series") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON BX635FWD Series\Mise à jour du pilote.lnk (/RUN /D "EPSON BX635FWD Series") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON BX635FWD Series\Support technique.lnk (C:\Windows\system32\spool\DRIVERS\x64\3\E_YGEPHVE.DLL,GE_OpenELINK "Epson Stylus Office BX635FWD") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON WF-2650 Series\Comment acheter.lnk (/T "MENU" /D "EPSON WF-2650 Series" /M "WF-2650 Series" /A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON WF-2650 Series\Désinstallation du pilote d'impression EPSON.lnk (/R /APD /P:"EPSON WF-2650 Series") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON WF-2650 Series\Mise à jour du logiciel.lnk (/RUN /D "EPSON WF-2650 Series") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON WF-2650 Series\Support technique.lnk (C:\Windows\system32\spool\DRIVERS\x64\3\E_YGEPMBE.DLL,GE_OpenELINK "WF-2650 Series") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\EPSON Software Updater.lnk (/ST) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Manuels EPSON.lnk ( /LA "FR" /FR "STARTMENU") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exam1F0F4\Exam1F0F4.lnk () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk ( -setDX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk ( -setOGL) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk (/x {A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk (/name Microsoft.BackupAndRestore) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk () rp2�6 V59� ADOBEC~1.EXET�V59��H�m*� AdobeCollabSync.exes C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities\Toutes les fonctions\TuneUp StartUp Manager.lnk () 2@��>�{ STARTU~1.EXER﾿>�{�H�u*`�StartUpManager.exep/ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities\Toutes les fonctions\TuneUp StartUp Optimizer.lnk () 2K�>�{ STARTU~2.EXEV﾿>�{�H�u*c�StartupOptimizer.exer C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk (--reset-config --reset-plugins-cache vlc://quit) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk (--reset-config --reset-plugins-cache vlc://quit) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk (-Iskins) C:\ProgramData\TuneUp Software\TuneUp Utilities\StartUp Manager\Objets désactivés pour tous les utilisateurs\Lancement rapide d'Adobe Reader.lnk () rd2p�V5 � READER~1.EXEH�V5 ��H�m*� reader_sl.exem/ ---------- | AppCertDlls | AppInit_DLLs ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com [15588] More lines ---------- | @ [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=https://www.google.fr/?gws_rd=ssl "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2700000027000000470300007F020000 "IE8RunOnceLastShown"=1 "IE8RunOnceLastShown_TIMESTAMP"=0x646AB57399A7D101 "IE8TourShown"=1 "IE8TourShownTime"=0x14DBA87999A7D101 "DisableScriptDebuggerIE"=yes "OperationalData"=5 "ImageStoreRandomFolder"=qeji867 "DoNotTrack"=1 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x59B8AF6203DAD101 "IE10TourShown"=1 "IE10TourShownTime"=0x64E4B66203DAD101 "Use FormSuggest"=no "Start Page_TIMESTAMP"=0xB3466E83E4FED101 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [HKU\S-1-5-21-1226033637-2517802057-377062516-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0xBE85DE8971ACD101 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "GlobalUserOffline"=0 "MaxConnectionsPer1_0Server"=8 "MaxConnectionsPerServer"=4 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"= "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"= "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon] : SDWinLogon.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [24/10/2016 15:19:03] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] -> (Skype Browser Helper) : C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [20/11/2013 08:45:00] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] -> (Aide pour le lien d'Adobe PDF Reader) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [22/10/2006 22:08:42] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] -> (E-Web Print) : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [27/11/2014 10:38:00] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [24/10/2016 15:19:03] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] -> (Skype Browser Helper) : C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [20/11/2013 08:45:00] ---------- | Chrome C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\fejeknoakjeblidffkajbioncodnmhge = : Increase your pageviews and improve your blog posts with related posts images and links! - Related Content by Zemanta - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\ffhhaadihgfcgmlefioblaahpnglnkbk = : __MSG_ext_description__ - http://flashplayer.fullstacks.net/ - __MSG_ext_name__ - [http://flashplayer.fullstacks.net/] - http://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\flliilndjeohchalpbbcdekjklbdgfkk = : __MSG_extDescription__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\jpioijkajeealmbplnmlabgfmidjjmao = : With TV Hero you can keep up to date with the latest tv shows and gossip from your Chrome new tab! - TV Hero - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\nckgahadagoaajjgafhacjanaoiihapd = : __MSG_CHROME_EXT_DESCRIPTION__ - __MSG_CHROME_HANGOUTS_SHORT_NAME__ - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF "sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF "sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF "e-webprint@epson.com"=C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] - (Google Earth in your browser) : C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.0] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll ---------- | Active Connections TCP 127.0.0.1:49190 www.007guard.com:49191 ESTABLISHED 1112 TCP 127.0.0.1:49191 www.007guard.com:49190 ESTABLISHED 1112 TCP 127.0.0.1:49193 www.007guard.com:49194 ESTABLISHED 1112 TCP 127.0.0.1:49194 www.007guard.com:49193 ESTABLISHED 1112 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "NameServer"=82.163.143.171 82.163.142.173 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{252331E6-D64C-4D09-9551-E6B14158CE11}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{AFDB0DBC-C38F-4CF2-8CE3-7C1C93A4776F}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{252331E6-D64C-4D09-9551-E6B14158CE11}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{AFDB0DBC-C38F-4CF2-8CE3-7C1C93A4776F}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{252331E6-D64C-4D09-9551-E6B14158CE11}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{AFDB0DBC-C38F-4CF2-8CE3-7C1C93A4776F}] "DhcpNameServer"=192.168.1.254 ---------- | Drives F: [02/12/2016 11:05:12] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2411520] - (30.11.2016.0) - F:\FRST64.exe [02/12/2016 11:05:34] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [1761280] - (30.11.2016.0) - F:\FRST.exe [02/12/2016 14:38:56] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [3910208] - (6.0.3.0) - F:\adwcleaner_6.030.exe [03/12/2016 11:36:46] - |A| - (.Nicolas Coolman - ZHPDiag.) - [2105344] - (2016.1.31.23) - F:\ZHPDiag3.exe [04/12/2016 18:03:46] - |A| - (.Copyright (C) 2013-2016 SosVirus Software - QuickDiag.) - [2367400] - (2.11.2016.1) - F:\QuickDiag.exe E: ---------- | C: [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/05/2016 11:14:34] - |ASH| - (.-.) - [3153838080] - (0.0.0.0) - C:\hiberfil.sys [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/05/2016 11:14:35] - |ASH| - (.-.) - [4205121536] - (0.0.0.0) - C:\pagefile.sys [MD5.3098812F2AB3675FDFAE8EC95EADA4FC] - [04/12/2016 18:14:35] - |A| - (.-.) - [55380] - (0.0.0.0) - C:\QuickDiag.txt ---------- | C:\Windows [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [10/09/2016 07:19:36] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\Windows\avastSS.scr [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [08/05/2016 09:49:40] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [MD5.43995364228EF7FD382070513BBA9950] - [14/07/2009 06:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 15:16:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3229696] - (6.1.7601.23537) - C:\Windows\explorer.exe [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 00:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [MD5.CD47548A52B02D254BF6D7F7A5F2BFD3] - [14/07/2009 01:29:53] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 01:29:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe [MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [14/07/2009 16:35:58] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 01:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [11/05/2016 20:07:09] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe [MD5.FBFF53CB5CF674B6F3BED034A0EF5540] - [02/12/2016 12:11:48] - |A| - (.-.) - [35612] - (0.0.0.0) - C:\Windows\PFRO.log [MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 00:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe [MD5.164A8F74F9DC469BD71EA8DB4C59DECB] - [17/11/2016 16:53:56] - |A| - (.-.) - [1978] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/11/2016 16:53:56] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [MD5.D01628AF9F7FB3F415B357D446FBE6D9] - [08/05/2016 09:50:56] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17514) - C:\Windows\splwow64.exe [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 06:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 22:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [MD5.163A95975E1D8819E653AA3E961371CA] - [08/05/2016 09:49:45] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 23:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 01:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - [14/07/2009 03:34:57] - |A| - (.-.) - [478] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 05:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.2B7AD4D9B674E13767467453465CC4DE] - [06/05/2016 11:17:40] - |A| - (.-.) - [1172471] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 01:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [MD5.0137A76FC75D7C43B031D4BE25F36BE8] - [02/10/2016 15:26:57] - |A| - (.-.) - [1804] - (0.0.0.0) - C:\Windows\wininit.ini [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 21:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 00:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [29/01/2016 11:09:58] - C:\Windows\Installer\1b7a14.msi : (Epson Event Manager - Seiko Epson Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2016 11:20:00] - C:\Windows\Installer\1b7a1a.msi : (MyEpson Portal Setup - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/03/2016 23:00:00] - C:\Windows\Installer\1c9875a.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/12/2016 11:13:06] - C:\Windows\Installer\1eaf06.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/06/2016 03:41:00] - C:\Windows\Installer\2dd9fbe.msi : (Epson Software Updater - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/09/2016 16:51:55] - C:\Windows\Installer\337e2a.msi : (Facebook Games Arcade 0.11.2.4 - Facebook) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/10/2015 16:37:24] - C:\Windows\Installer\42478b.msi : (OpenOffice 4.1.2 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/05/2015 07:45:36] - C:\Windows\Installer\490e5e.msi : (Epson E-Web Print - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/04/2011 02:01:02] - C:\Windows\Installer\5c4af65.msi : (Epson Download Navigator - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/10/2016 15:02:37] - C:\Windows\Installer\85b72.msi : (Google Earth - Google) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/05/2016 11:58:02] - C:\Windows\Installer\9a623.msi : (TuneUp Utilities Language Pack (fr-FR) - TuneUp Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/05/2016 11:57:46] - C:\Windows\Installer\9a627.msi : (TuneUp Utilities - TuneUp Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/07/2016 19:56:43] - C:\Windows\Installer\a13a6.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/10/2006 11:13:32] - C:\Windows\Installer\b6e20.msi : (Adobe Reader 8 - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/05/2016 16:32:17] - C:\Windows\Installer\e082f.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | [Moi] [06/05/2016 11:27:34] - |HD| - [801624516] - C:\Users\Moi\AppData [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\Application Data [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\Cookies [06/05/2016 14:44:29] - |RD| - [402] - C:\Users\Moi\Documents [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\Local Settings [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\Menu Démarrer [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\Mes documents [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\Modèles [06/05/2016 11:27:34] - |ASH| - [7602176] - C:\Users\Moi\ntuser.dat [06/05/2016 11:27:34] - |ASH| - [262144] - C:\Users\Moi\ntuser.dat.LOG1 [06/05/2016 11:27:34] - |ASH| - [0] - C:\Users\Moi\ntuser.dat.LOG2 [06/05/2016 11:27:34] - |ASH| - [65536] - C:\Users\Moi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [06/05/2016 11:27:34] - |ASH| - [524288] - C:\Users\Moi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [06/05/2016 11:27:34] - |ASH| - [524288] - C:\Users\Moi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [02/12/2016 10:42:37] - |ASH| - [65536] - C:\Users\Moi\ntuser.dat{0cb02903-b873-11e6-b2b0-b7adabcc33f0}.TM.blf [02/12/2016 10:42:37] - |ASH| - [524288] - C:\Users\Moi\ntuser.dat{0cb02903-b873-11e6-b2b0-b7adabcc33f0}.TMContainer00000000000000000001.regtrans-ms [02/12/2016 10:42:37] - |ASH| - [524288] - C:\Users\Moi\ntuser.dat{0cb02903-b873-11e6-b2b0-b7adabcc33f0}.TMContainer00000000000000000002.regtrans-ms [06/05/2016 11:27:34] - |SH| - [20] - C:\Users\Moi\ntuser.ini [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\Recent [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\SendTo [09/05/2016 17:40:16] - |A| - [1456] - C:\Users\Moi\Sti_Trace.log [18/05/2016 17:14:26] - |D| - [32464896] - C:\Users\Moi\Tracing [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\Voisinage d'impression [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\Voisinage réseau ---------- | [AppData\Roaming] [15/09/2016 18:07:10] - |D| - [0] - C:\Users\Moi\AppData\Roaming\.mono [08/05/2016 14:46:47] - |D| - [3468] - C:\Users\Moi\AppData\Roaming\1&1 [06/05/2016 16:22:49] - |D| - [251933] - C:\Users\Moi\AppData\Roaming\Adobe [06/05/2016 14:48:45] - |D| - [25941441] - C:\Users\Moi\AppData\Roaming\AVAST Software [06/05/2016 11:57:34] - |D| - [1464] - C:\Users\Moi\AppData\Roaming\Canneverbe Limited [06/05/2016 14:15:58] - |D| - [0] - C:\Users\Moi\AppData\Roaming\DAEMON Tools Lite [09/05/2016 17:18:39] - |D| - [348936] - C:\Users\Moi\AppData\Roaming\Epson [18/05/2016 16:11:09] - |D| - [333820] - C:\Users\Moi\AppData\Roaming\Foxmail7 [06/05/2016 11:27:44] - |D| - [0] - C:\Users\Moi\AppData\Roaming\Identities [09/05/2016 17:16:51] - |D| - [0] - C:\Users\Moi\AppData\Roaming\InstallShield [06/05/2016 11:27:34] - |D| - [0] - C:\Users\Moi\AppData\Roaming\Media Center Programs [06/05/2016 11:27:34] - |SD| - [1738535] - C:\Users\Moi\AppData\Roaming\Microsoft [08/07/2016 20:54:11] - |D| - [23421684] - C:\Users\Moi\AppData\Roaming\OpenOffice [06/05/2016 14:55:00] - |D| - [33946642] - C:\Users\Moi\AppData\Roaming\Skype [14/11/2016 19:00:47] - |D| - [2710] - C:\Users\Moi\AppData\Roaming\TeamViewer [06/05/2016 11:58:44] - |D| - [33836] - C:\Users\Moi\AppData\Roaming\TuneUp Software [06/05/2016 17:10:25] - |D| - [87035] - C:\Users\Moi\AppData\Roaming\vlc ---------- | [AppData\Local] [08/05/2016 10:45:51] - |D| - [11047215] - C:\Users\Moi\AppData\Local\1&1 [06/05/2016 14:44:29] - |D| - [230911] - C:\Users\Moi\AppData\Local\Adobe [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\AppData\Local\Application Data [27/05/2016 20:15:48] - |D| - [0] - C:\Users\Moi\AppData\Local\Bluestacks [01/07/2016 19:24:08] - |D| - [443696] - C:\Users\Moi\AppData\Local\CEF [27/05/2016 20:17:16] - |D| - [8381114] - C:\Users\Moi\AppData\Local\Chromium [06/05/2016 15:05:53] - |D| - [0] - C:\Users\Moi\AppData\Local\Diagnostics [06/05/2016 13:31:53] - |D| - [156030] - C:\Users\Moi\AppData\Local\ElevatedDiagnostics [15/09/2016 16:52:15] - |D| - [489] - C:\Users\Moi\AppData\Local\FacebookGames [06/05/2016 11:28:50] - |A| - [115304] - C:\Users\Moi\AppData\Local\GDIPFONTCACHEV1.DAT [06/05/2016 14:46:16] - |D| - [113557762] - C:\Users\Moi\AppData\Local\Google [14/05/2016 06:35:30] - |D| - [71] - C:\Users\Moi\AppData\Local\GWX [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\AppData\Local\Historique [02/12/2016 11:30:50] - |AH| - [1142023] - C:\Users\Moi\AppData\Local\IconCache.db [06/05/2016 11:27:34] - |D| - [561831625] - C:\Users\Moi\AppData\Local\Microsoft [19/05/2016 18:17:15] - |D| - [360256] - C:\Users\Moi\AppData\Local\Microsoft Games [06/05/2016 14:18:08] - |D| - [309828] - C:\Users\Moi\AppData\Local\Microsoft Help [06/05/2016 11:55:50] - |D| - [0] - C:\Users\Moi\AppData\Local\Programs [06/05/2016 14:55:23] - |D| - [0] - C:\Users\Moi\AppData\Local\Skype [06/05/2016 11:27:34] - |D| - [9464134] - C:\Users\Moi\AppData\Local\Temp [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\AppData\Local\Temporary Internet Files [08/05/2016 14:58:41] - |A| - [3] - C:\Users\Moi\AppData\Local\updater.log [08/05/2016 14:58:42] - |A| - [424] - C:\Users\Moi\AppData\Local\UserProducts.xml [06/05/2016 11:27:40] - |D| - [258] - C:\Users\Moi\AppData\Local\VirtualStore [20/06/2016 17:30:03] - |D| - [203] - C:\Users\Moi\AppData\Local\WDSetup [27/05/2016 20:15:16] - |D| - [1863152] - C:\Users\Moi\AppData\Local\{0D6C3B30-29C4-5788-445C-726060348EF8} [04/08/2016 16:44:31] - |A| - [0] - C:\Users\Moi\AppData\Local\{F75F1497-72DB-417E-9564-62700A7859CF} ---------- | [AppData\Roaming\Microsoft\Windows\Start Menu] [06/05/2016 11:27:52] - |ASH| - [174] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [06/05/2016 11:27:34] - |SHD| - [0] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [06/05/2016 11:27:34] - |RD| - [18708] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs ---------- | [AppData\Roaming\Microsoft\Windows\Start Menu\Programs] [06/05/2016 11:27:34] - |RD| - [14641] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [06/05/2016 11:27:52] - |RD| - [174] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [06/05/2016 11:27:52] - |ASH| - [476] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [25/10/2016 18:03:04] - |D| - [1232] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software [06/05/2016 11:27:53] - |A| - [1431] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [28/11/2016 17:38:29] - |D| - [0] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logger32 [06/05/2016 11:27:34] - |RD| - [580] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [06/05/2016 11:27:52] - |RD| - [174] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ---------- | [AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] [06/05/2016 11:27:52] - |ASH| - [174] - C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\ProgramData [15/09/2016 18:07:10] - |D| - [0] - C:\ProgramData\.mono [08/05/2016 10:45:51] - |D| - [1438] - C:\ProgramData\1&1 [06/05/2016 14:44:21] - |D| - [795] - C:\ProgramData\Adobe [14/07/2009 06:08:56] - |SHD| - [12955774653] - C:\ProgramData\Application Data [06/05/2016 14:31:09] - |D| - [185708602] - C:\ProgramData\AVAST Software [27/05/2016 20:15:49] - |D| - [0] - C:\ProgramData\BlueStacksSetup [06/05/2016 11:27:28] - |SHD| - [24627] - C:\ProgramData\Bureau [06/05/2016 16:41:46] - |D| - [0] - C:\ProgramData\Canneverbe Limited [06/05/2016 14:15:38] - |D| - [1500] - C:\ProgramData\DAEMON Tools Lite [14/07/2009 06:08:56] - |SHD| - [24627] - C:\ProgramData\Desktop [14/07/2009 06:08:56] - |SHD| - [278] - C:\ProgramData\Documents [09/05/2016 17:10:27] - |D| - [17698133] - C:\ProgramData\Epson [06/05/2016 11:27:28] - |SHD| - [0] - C:\ProgramData\Favoris [14/07/2009 06:08:56] - |SHD| - [0] - C:\ProgramData\Favorites [06/05/2016 11:27:28] - |SHD| - [252477] - C:\ProgramData\Menu Démarrer [14/07/2009 04:20:08] - |SD| - [605212238] - C:\ProgramData\Microsoft [06/05/2016 14:18:06] - |D| - [65262] - C:\ProgramData\Microsoft Help [06/05/2016 11:27:28] - |SHD| - [31386] - C:\ProgramData\Modèles [27/05/2016 20:15:18] - |RASH| - [290] - C:\ProgramData\ntuser.pol [06/05/2016 14:54:49] - |D| - [120016896] - C:\ProgramData\Skype [06/05/2016 14:56:15] - |D| - [198927082] - C:\ProgramData\Spybot - Search & Destroy [14/07/2009 06:08:56] - |SHD| - [252477] - C:\ProgramData\Start Menu [14/07/2009 06:08:56] - |SHD| - [31386] - C:\ProgramData\Templates [06/05/2016 11:58:04] - |D| - [8268511] - C:\ProgramData\TuneUp Software [06/05/2016 11:57:46] - |SHD| - [18528256] - C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [06/05/2016 14:44:23] - |A| - [2081] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [14/07/2009 05:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [08/05/2016 10:45:44] - |D| - [15908061] - C:\Program Files (x86)\1&1 [06/05/2016 14:44:18] - |D| - [126416293] - C:\Program Files (x86)\Adobe [06/05/2016 11:57:33] - |D| - [13820177] - C:\Program Files (x86)\CDBurnerXP [14/07/2009 04:20:08] - |D| - [332297068] - C:\Program Files (x86)\Common Files [06/05/2016 14:15:57] - |D| - [28300703] - C:\Program Files (x86)\DAEMON Tools Lite [14/07/2009 05:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [09/05/2016 17:16:40] - |D| - [105229408] - C:\Program Files (x86)\epson [09/05/2016 17:18:34] - |D| - [68836491] - C:\Program Files (x86)\Epson Software [06/05/2016 14:46:16] - |D| - [736613312] - C:\Program Files (x86)\Google [09/05/2016 17:17:10] - |HD| - [7052288] - C:\Program Files (x86)\InstallShield Installation Information [06/05/2016 16:13:54] - |D| - [36869819] - C:\Program Files (x86)\Intel [14/07/2009 04:20:08] - |D| - [10535665] - C:\Program Files (x86)\Internet Explorer [06/05/2016 11:52:12] - |D| - [8678168] - C:\Program Files (x86)\IZArc [06/05/2016 14:18:06] - |D| - [588400082] - C:\Program Files (x86)\Microsoft Office [06/05/2016 14:21:16] - |D| - [14904] - C:\Program Files (x86)\Microsoft Visual Studio [06/05/2016 14:18:36] - |D| - [1387249] - C:\Program Files (x86)\Microsoft Visual Studio 8 [06/05/2016 14:21:25] - |D| - [3726168] - C:\Program Files (x86)\Microsoft Works [06/05/2016 14:21:10] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [14/07/2009 06:32:38] - |D| - [26521] - C:\Program Files (x86)\MSBuild [08/07/2016 20:52:50] - |D| - [326547768] - C:\Program Files (x86)\OpenOffice 4 [14/07/2009 06:32:38] - |D| - [39175425] - C:\Program Files (x86)\Reference Assemblies [08/05/2016 14:58:40] - |D| - [4932740] - C:\Program Files (x86)\Skillbrains [06/05/2016 14:54:53] - |RD| - [107742088] - C:\Program Files (x86)\Skype [06/05/2016 14:56:08] - |D| - [201430600] - C:\Program Files (x86)\Spybot - Search & Destroy 2 [06/05/2016 11:52:53] - |D| - [1226139] - C:\Program Files (x86)\SuperCopier2 [14/11/2016 19:00:41] - |D| - [47408368] - C:\Program Files (x86)\TeamViewer [06/05/2016 11:58:41] - |D| - [59243655] - C:\Program Files (x86)\TuneUp Utilities 2010 [14/07/2009 05:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [06/05/2016 11:53:35] - |D| - [134080622] - C:\Program Files (x86)\VideoLAN [29/11/2016 19:01:16] - |D| - [0] - C:\Program Files (x86)\Visicom Media [14/07/2009 06:32:38] - |D| - [524800] - C:\Program Files (x86)\Windows Defender [14/07/2009 04:20:08] - |D| - [6181376] - C:\Program Files (x86)\Windows Mail [14/07/2009 06:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player [14/07/2009 04:20:08] - |D| - [12197556] - C:\Program Files (x86)\Windows NT [14/07/2009 06:32:38] - |D| - [4417800] - C:\Program Files (x86)\Windows Photo Viewer [14/07/2009 06:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices [14/07/2009 06:32:38] - |D| - [5994626] - C:\Program Files (x86)\Windows Sidebar ---------- | C:\Program Files [06/05/2016 14:45:46] - |D| - [1204274124] - C:\Program Files\AVAST Software [13/07/2016 18:13:10] - |D| - [19618248] - C:\Program Files\CCleaner [14/07/2009 04:20:08] - |D| - [70877659] - C:\Program Files\Common Files [14/07/2009 05:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini [14/07/2009 06:32:38] - |D| - [90256916] - C:\Program Files\DVD Maker [25/10/2016 18:03:15] - |D| - [4578329] - C:\Program Files\EpsonNet [06/05/2016 11:27:28] - |SHD| - [70877659] - C:\Program Files\Fichiers communs [14/07/2009 04:20:08] - |D| - [30572412] - C:\Program Files\Internet Explorer [14/07/2009 06:32:38] - |D| - [149237810] - C:\Program Files\Microsoft Games [06/05/2016 14:18:42] - |D| - [593814] - C:\Program Files\Microsoft Office [14/07/2009 06:32:38] - |D| - [25757] - C:\Program Files\MSBuild [14/07/2009 06:32:38] - |D| - [36834473] - C:\Program Files\Reference Assemblies [14/07/2009 06:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information [14/07/2009 06:32:38] - |D| - [4039680] - C:\Program Files\Windows Defender [14/07/2009 04:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail [14/07/2009 06:32:38] - |D| - [7687085] - C:\Program Files\Windows Media Player [14/07/2009 04:20:08] - |D| - [12627636] - C:\Program Files\Windows NT [14/07/2009 06:32:38] - |D| - [5516056] - C:\Program Files\Windows Photo Viewer [14/07/2009 06:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices [14/07/2009 06:32:38] - |D| - [7612014] - C:\Program Files\Windows Sidebar ---------- | Tasks [MD5.9206FAB2478EB259E87D3AB44393DF8D] - [09/05/2016 17:27:52] - |A| - [913] - C:\Windows\Tasks\EPSON WF-2650 Series Update {C47BFECF-CA67-42BF-8BF9-650BFFA23BFF}.job [MD5.05D22A0EF94305C85E1C2752BC78F57B] - [06/05/2016 16:32:21] - |A| - [1066] - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [MD5.A68BD00D8D12CB072ED0D21E0B663DFB] - [06/05/2016 16:32:23] - |A| - [1070] - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 06:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.47426554683E0F268F3D50D8EE05230D] - [14/07/2009 06:08:49] - |A| - [32594] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.AA9263B08F54396968903870840138BD] - [08/05/2016 14:58:42] - |A| - [384] - C:\Windows\Tasks\update-S-1-5-21-1226033637-2517802057-377062516-1000.job [MD5.973A9B8DE059DBA1EAF11B4CFF44AE82] - [08/05/2016 14:58:41] - |A| - [384] - C:\Windows\Tasks\update-sys.job [MD5.00000000000000000000000000000000] - [06/05/2016 15:59:57] - |D| - [3860] - C:\Windows\System32\Tasks\AVAST Software [MD5.14A216C007837DD4E25E826DB87317E7] - [06/05/2016 14:47:39] - |A| - [3922] - C:\Windows\System32\Tasks\avast! Emergency Update : C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [MD5.100723B51033D5E2F9421F4C8BA223B1] - [13/07/2016 18:13:13] - |A| - [2780] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.FDE22F97A05919AB7974550670B32C20] - [09/05/2016 17:27:52] - |A| - [3980] - C:\Windows\System32\Tasks\EPSON WF-2650 Series Update {C47BFECF-CA67-42BF-8BF9-650BFFA23BFF} : C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [MD5.B653F538DBA0465BFEC224FE8AE3DAC1] - [06/05/2016 16:32:21] - |A| - [3814] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.23BBE1B9C40152BC0ABD2BDEEFD1081F] - [06/05/2016 16:32:23] - |A| - [4066] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [14/07/2009 04:20:13] - |D| - [266584] - C:\Windows\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [06/05/2016 14:56:30] - |D| - [12072] - C:\Windows\System32\Tasks\Safer-Networking [MD5.96F8D1BCC8D625B4313D085B93E523A5] - [02/12/2016 12:45:40] - |A| - [3910] - C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1462548149 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe [MD5.DB95F43B8076826B2C65123E7588AB0D] - [09/05/2016 18:28:11] - |A| - [2770] - C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance : C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [MD5.E3647C283F1B6D91D1A240EA78CCA71C] - [08/05/2016 14:58:42] - |A| - [3254] - C:\Windows\System32\Tasks\update-S-1-5-21-1226033637-2517802057-377062516-1000 : C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [MD5.3C81663C6C9FB37423C132940F766E9D] - [08/05/2016 14:58:41] - |A| - [3280] - C:\Windows\System32\Tasks\update-sys : C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [MD5.00000000000000000000000000000000] - [14/07/2009 06:09:57] - |D| - [0] - C:\Windows\System32\Tasks\WPD [MD5.00000000000000000000000000000000] - [14/07/2009 04:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R2 - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys S2 - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys R2 - AudioEndpointBuilder (@%SystemRoot%\system32\audiosrv.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - AudioSrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - avast! Antivirus (Avast Antivirus) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - c2cautoupdatesvc (Skype Click to Call Updater) -> "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service S2 - clr_optimization_v4.0.30319_32 (Microsoft .NET Framework NGEN v4.0.30319_X86) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe S2 - clr_optimization_v4.0.30319_64 (Microsoft .NET Framework NGEN v4.0.30319_X64) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DcomLaunch (@oleres.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - DiagTrack (@%SystemRoot%\system32\UtcResources.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork R2 - EpsonScanSvc (Epson Scanner Service) -> C:\Windows\system32\EscSvc64.exe R2 - eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - gupdate (Service Google Update (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys S2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys R2 - MMCSS (@%systemroot%\system32\mmcss.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - MyEpson Portal Service (MyEpson Portal Service) -> "C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe" R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS R2 - RpcSs (@oleres.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss R2 - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - SDScannerService (Spybot-S&D 2 Scanner Service) -> "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" R2 - SDUpdateService (Spybot-S&D 2 Updating Service) -> "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" R2 - SDWSCService (Spybot-S&D 2 Security Center Service) -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs S2 - SkypeUpdate (Skype Updater) -> "C:\Program Files (x86)\Skype\Updater\Updater.exe" R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe R2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys R2 - TeamViewer (TeamViewer 11) -> "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - TuneUp.UtilitiesSvc (TuneUp Utilities Service) -> "C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe" R2 - UxSms (@%SystemRoot%\system32\dwm.exe,-2000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - UxTuneUp (@%SystemRoot%\System32\uxtuneup.dll,-4096) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - Wlansvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding R2 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs ---------- | Installer [HKCR\Installer\Products\28F2473DA1C1CCD4BADBE0C7C31058CC] : TuneUp Utilities [HKCR\Installer\Products\473F9FB676CE80849AC01F72EDD689D9] : Epson E-Web Print -> C:\Windows\Installer\{6BF9F374-EC67-4808-A90C-F127DE6D989D}\icon.exe [HKCR\Installer\Products\49E502F924E968449AA2FDF3C68B4544] : Epson Event Manager -> C:\Windows\Installer\{9F205E94-9E42-4486-A92A-DF3F6CB85444}\icon.exe [HKCR\Installer\Products\514D163353AB34143B10669119AB2691] : MyEpson Portal [HKCR\Installer\Products\56D3AA7C48F10954FAAA70770AB46678] : Epson Software Updater -> C:\Windows\Installer\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}\icon.ico [HKCR\Installer\Products\68AB67CA7DA76301B7448A0000000020] : Adobe Reader 8 - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-A80000000002}\SC_Reader.exe [HKCR\Installer\Products\69B81C0A97BADB643812F68AE3D6529B] : Google Earth -> C:\Windows\Installer\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}\MainIcon.ico [HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.30 -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe [HKCR\Installer\Products\843B1BCDE49CD6D4C80ED7D95AFC66E3] : OpenOffice 4.1.2 -> C:\Windows\Installer\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}\soffice.ico [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\B1CCEC48FE121B14A919E327E4D5993D] : Manuels EPSON -> C:\Windows\Installer\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}\EPSMICO.ICO [HKCR\Installer\Products\F9C582BB128C07749807654CBA258CE7] : Skype Click to Call -> C:\Windows\Installer\{BB285C9F-C821-4770-8970-56C4AB52C87E}\ICON_PRODUCT ---------- | ADS ---------- | Drives Disk: 0 Size=19.1T Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 499M Yes No 2,048 1,024,000 1 1 07-NTFS 406G No No 1,026,048 832,512,000 2 2 07-NTFS 15.0T No No 833,538,048 073,486,848 ---------- | MBR Windows Version: Windows 7 Home Premium Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: American Megatrends Inc. System Manufacturer: Acer System Product Name: Aspire XC600 Logical Drives Mask: 0x0000003c Analysis of file "C:\QuickDiag\MBR.bin": Windows 7 MBR code detected 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ----------( EOF)---------- - 1047 | 18:18:34