Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by pro pc cleaner, anvisoft & cracks


  • This topic is locked This topic is locked
5 replies to this topic

#1 datwin-bordo

datwin-bordo

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 18 April 2016 - 07:19 PM

Hello, i'm jonathan,

I have going yesterday installed pro pc cleaner,

And installed anvisoft:
-anvi smart defender
-anvi uninstaller
-anvi ultimate defrag
-anvi ad blocker
-anvi startup manager
-cloud system booster

And cracked by keygen paid softwares:
-nero 2016 platinum
-auslogics file recovery
-voodooshield pro
-roguekiller premium technician edition
-paragon hard disk manager 15
-easeus partition master proffessionnal
-tweakbit pcspeedup 2016
-tweakbit driver updater
-cyberlink mediaespresso 7,5

My ad-aware total security by lavasoft detected 208 trojans because of this situations:
-http://botcrawl.com/how-to-remove-anvisoft-malware/
-http://forum.malekal.com/danger-des-cracks-keygen-t893.html

And later i have activated (only anvisoft by crack, a comble !!!) Anvi smart defender pro with keygen, causes lavasoft's ad-aware detected 22 others trojans !,

What it is ?...

Is sufficient if i passes adsfix & pre_scan by sosvirus or combofix ?

BC AdBot (Login to Remove)

 


#2 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 19 April 2016 - 08:46 AM

and now the FRST logs;

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Exécuté par Jean-Marie (administrateur) sur LFS_ULTRA (19-04-2016 15:32:55)
Exécuté depuis C:\Users\Jean-Marie\Desktop
Profils chargés: Jean-Marie (Profils disponibles: Jean-Marie)
Platform: Windows 10 Home Version 1511 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Edge)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe


==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM\...\RunOnce: [ZHPCleaner_File1] => C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-19] (DotC United Inc)
HKLM\...\RunOnce: [ZHPCleaner_File2] => C:\Windows\System32\drivers\MPCKpt.sys [60136 2016-04-19] (DotC United Inc)
HKLM\...\RunOnce: [ZHPCleaner_Folder1] => CMD /c DEL "C:\Program Files (x86)\MPC Cleaner" /F /Q
HKLM\...\RunOnce: [ZHPCleaner_Key1] => REG delete "HKLM\SYSTEM\CurrentControlSet\Services\MPCProtectService" /F
HKLM\...\RunOnce: [ZHPCleaner_Key2] => REG delete "HKLM\SYSTEM\CurrentControlSet\Services\MPCKpt" /F
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Anvisoft\OneStart\x64\SkipMetro.exe,
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll [2016-04-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll [2016-04-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll [2016-04-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll [2016-04-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll [2016-04-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncShell.dll [2016-04-15] (Microsoft Corporation)
BootExecute: C:\WINDOWS\system32\autochk.exeC:\WINDOWS\system32\SBBD.exe

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{b389ab24-c362-4fab-b29c-601c91b5a911}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.fr/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.fr/?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.fr/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.fr/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.fr/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.fr/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.fr/
HKU\S-1-5-21-3113239180-1891651084-317732970-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKU\S-1-5-21-3113239180-1891651084-317732970-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/CQDSK13/3
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D} URL = hxxp://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  Pas de fichier

FireFox:
========
FF ProfilePath: C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\6c92o1lb.default
FF NewTab: about:home
FF Homepage: about:home
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-3113239180-1891651084-317732970-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [Pas de fichier]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi
FF Extension: Wondershare AllMyTube - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com_xpi [2016-04-15]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <non trouvé(e)>

==================== Services (Avec liste blanche) ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S2 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249192 2013-12-13] (Avanquest Software)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [Fichier non signé]
S2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [113536 2013-12-13] (Avanquest Software)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-11-26] (Microsoft Corp.)
S2 Fix-It Task Manager; C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe [534472 2013-12-13] (Avanquest Software)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [Fichier non signé]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-19] (DotC United Inc)
S2 SBAMSvc; C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBAMSvc.exe [3677000 2012-11-06] (GFI Software)
S2 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [133504 2013-12-13] (Avanquest Software North America)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2  AnviStartupTime; C:\Program Files (x86)\Anvisoft\StartupBooster\StartupTimeSrv.exe [X]
S3 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

===================== Pilotes (Avec liste blanche) ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [22096 2013-12-13] ()
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2016-01-05] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [282000 2016-01-05] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2016-01-05] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [155912 2015-12-09] (BitDefender LLC)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2014-11-24] (Paragon Software Group)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-19] (DotC United Inc)
R3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [214832 2015-12-08] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-11-24] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-11-24] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700680 2014-11-24] ()
U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [57000 2012-07-17] (Advanced Micro Devices)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-04-19 15:32 - 2016-04-19 15:34 - 00012017 _____ C:\Users\Jean-Marie\Desktop\FRST.txt
2016-04-19 15:32 - 2016-04-19 15:32 - 00000000 ____D C:\FRST
2016-04-19 15:31 - 2016-04-19 15:32 - 02375680 _____ (Farbar) C:\Users\Jean-Marie\Desktop\FRST64.exe
2016-04-19 15:00 - 2016-04-19 15:02 - 00000000 ____D C:\ProgramData\ProductData
2016-04-19 14:51 - 2016-04-19 14:52 - 02243584 ____N C:\Users\Jean-Marie\Desktop\ZHPCleaner.exe
2016-04-19 14:41 - 2016-04-19 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-04-19 13:38 - 2016-04-19 13:38 - 00000182 _____ C:\Users\Jean-Marie\Documents\Ad-Aware_Report_Custom_Manual_2016-04-19T10-11-42.417302.xml
2016-04-19 13:37 - 2016-04-19 13:37 - 00000182 _____ C:\Users\Jean-Marie\Documents\Ad-Aware_Report_Custom_Manual_2016-04-19T08-50-01.391489.xml
2016-04-19 13:37 - 2016-04-19 13:37 - 00000181 _____ C:\Users\Jean-Marie\Documents\Ad-Aware_Report_Quick_Manual_2016-04-19T10-10-34.522079.xml
2016-04-19 13:28 - 2016-04-19 13:28 - 00000000 ____D C:\Users\Jean-Marie\Documents\Aiseesoft Studio
2016-04-19 13:28 - 2016-04-19 13:28 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Aiseesoft Studio
2016-04-19 13:09 - 2016-04-19 13:09 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultracopier
2016-04-19 13:06 - 2016-04-19 13:06 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercopier
2016-04-19 13:04 - 2016-04-19 13:04 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Google
2016-04-19 13:01 - 2016-04-19 13:01 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\ProductData
2016-04-19 12:50 - 2016-04-19 13:10 - 00018432 ___SH C:\Users\Jean-Marie\Desktop\Thumbs.db
2016-04-19 12:50 - 2016-04-19 12:50 - 00002191 _____ C:\Users\Jean-Marie\Desktop\Wondershare Free YouTube Downloader.lnk
2016-04-19 12:41 - 2016-04-19 14:33 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Mozilla
2016-04-19 12:40 - 2016-04-19 14:45 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-19 12:40 - 2016-04-19 14:42 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-19 12:40 - 2016-04-19 12:40 - 00004154 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-19 12:40 - 2016-04-19 12:40 - 00003922 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-19 12:40 - 2016-04-19 12:40 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-19 12:40 - 2016-04-19 12:40 - 00002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-19 12:39 - 2016-04-19 12:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-19 12:38 - 2016-04-19 12:38 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-19 12:38 - 2016-04-19 12:38 - 00001178 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-19 12:38 - 2016-04-19 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-19 12:38 - 2016-04-19 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-19 12:35 - 2016-04-19 12:35 - 01622528 _____ C:\Users\Jean-Marie\Desktop\ResetBrowser.exe
2016-04-19 12:31 - 2016-04-19 12:53 - 00002856 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-04-19 12:31 - 2016-04-19 12:53 - 00002856 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-04-19 12:31 - 2016-04-19 12:31 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-04-19 12:31 - 2016-04-19 12:31 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-04-19 11:55 - 2016-04-19 15:20 - 00003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-04-19 11:24 - 2016-04-19 13:02 - 00988160 _____ (SosVirus) C:\Users\Jean-Marie\Desktop\processclose_1.0.0.3.exe
2016-04-19 10:08 - 2016-04-19 14:49 - 00000000 _____ C:\WINDOWS\system32\SBRC.dat
2016-04-19 09:11 - 2016-04-19 09:09 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-04-19 09:10 - 2016-04-19 09:10 - 00000000 ____D C:\Program Files (x86)\2C238515-1461049810-7984-51F0-370493363EDB
2016-04-19 09:09 - 2016-04-19 12:47 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-04-19 07:19 - 2014-11-24 00:16 - 00034056 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hotcore3.sys
2016-04-19 07:17 - 2016-04-19 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 15 Premium
2016-04-19 06:51 - 2016-04-19 06:51 - 00000000 ____D C:\ProgramData\Auslogics
2016-04-19 06:29 - 2016-04-19 06:29 - 00000000 ____D C:\Users\Public\Anvisoft
2016-04-19 06:23 - 2016-04-19 06:23 - 00000000 ____D C:\ProgramData\TweakBit
2016-04-19 06:07 - 2016-04-19 06:07 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Epson
2016-04-19 06:04 - 2016-04-19 06:06 - 03440656 _____ (SosVirus) C:\Users\Jean-Marie\Desktop\pre-scan_6_15.04.2016.1.exe
2016-04-19 06:01 - 2016-04-19 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2016-04-19 06:01 - 2016-04-19 08:30 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-19 05:51 - 2015-09-17 03:52 - 00051608 _____ (Anvisoft) C:\WINDOWS\system32\Drivers\asd2fsm.sys
2016-04-19 05:50 - 2016-04-19 11:05 - 00000000 ____D C:\ProgramData\Anvisoft
2016-04-18 16:40 - 2016-04-18 16:40 - 00000000 ____D C:\ProgramData\LightScribe
2016-04-18 16:35 - 2016-04-18 16:35 - 00000227 _____ C:\Users\Jean-Marie\Desktop\ad-aware code d'activation.txt
2016-04-18 16:28 - 2016-04-18 16:28 - 00000076 _____ C:\Users\Jean-Marie\Desktop\activation essai 40 jours ashampoo snap 9.txt
2016-04-18 16:17 - 2016-04-18 16:17 - 00000000 ____D C:\Users\Jean-Marie\Documents\Nero
2016-04-18 15:46 - 2016-04-18 15:46 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\ElevatedDiagnostics
2016-04-18 15:41 - 2016-04-19 11:14 - 00000000 ____D C:\ProgramData\Nero
2016-04-18 15:00 - 2016-04-18 16:51 - 00002072 _____ C:\Users\Public\Desktop\LightScribe.lnk
2016-04-18 14:59 - 2016-04-18 16:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2016-04-18 14:48 - 2016-04-18 14:48 - 00000000 ____D C:\Users\Jean-Marie\Documents\Ashampoo Burning Studio 2016
2016-04-18 14:43 - 2016-04-18 14:43 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Ashampoo
2016-04-18 14:42 - 2016-04-18 14:43 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\ashampoo
2016-04-18 14:42 - 2016-04-18 14:42 - 00001471 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2016.lnk
2016-04-18 14:41 - 2016-04-18 14:41 - 00001334 _____ C:\Users\Public\Desktop\Ashampoo Music Studio 2016.lnk
2016-04-18 14:33 - 2016-04-18 14:33 - 00001215 _____ C:\Users\Public\Desktop\Ashampoo Snap 9.lnk
2016-04-18 14:31 - 2016-04-18 14:31 - 59298992 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Jean-Marie\Desktop\ashampoo_snap_9_e9.0.0_sm.exe
2016-04-18 12:36 - 2016-04-18 12:36 - 00017018 _____ C:\Users\Jean-Marie\Desktop\mbam rapport.txt
2016-04-18 11:18 - 2016-04-18 11:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-18 09:33 - 2016-04-19 15:13 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\ZHP
2016-04-18 09:33 - 2016-04-18 09:33 - 02243584 _____ C:\Users\Jean-Marie\ZHPCleaner.exe
2016-04-18 08:24 - 2016-04-18 08:24 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Windows Live
2016-04-18 07:50 - 2016-04-18 07:50 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\PPC-software
2016-04-18 07:41 - 2016-04-18 07:41 - 00001293 _____ C:\Users\Public\Desktop\Ashampoo Music Studio 6.lnk
2016-04-18 07:40 - 2016-04-19 10:54 - 00000000 ____D C:\ProgramData\Ashampoo
2016-04-18 06:49 - 2016-04-18 06:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-04-17 19:07 - 2016-04-17 19:08 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-04-17 18:47 - 2016-04-19 14:49 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-710 Series Invitation {29F7A9B9-C5C7-4D76-8DDC-4A9BEDE4DF59}.job
2016-04-17 18:47 - 2016-04-19 14:47 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-710 Series Update {29F7A9B9-C5C7-4D76-8DDC-4A9BEDE4DF59}.job
2016-04-17 18:47 - 2016-04-17 18:47 - 00004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Update {29F7A9B9-C5C7-4D76-8DDC-4A9BEDE4DF59}
2016-04-17 18:47 - 2016-04-17 18:47 - 00003958 _____ C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Invitation {29F7A9B9-C5C7-4D76-8DDC-4A9BEDE4DF59}
2016-04-17 18:44 - 2016-04-19 07:07 - 00000000 ____D C:\ProgramData\EPSON
2016-04-17 18:43 - 2015-01-16 04:16 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2016-04-17 18:42 - 2015-01-16 04:16 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLPE.DLL
2016-04-17 18:42 - 2015-01-16 04:16 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLPE.DLL
2016-04-17 18:28 - 2016-04-17 19:54 - 00026894 _____ C:\WINDOWS\system32\bddel.dat
2016-04-17 15:43 - 2016-04-17 15:43 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-17 09:38 - 2016-04-18 08:17 - 00000000 ____D C:\Users\Jean-Marie\Documents\CyberLink
2016-04-17 09:38 - 2016-04-17 09:38 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2016-04-17 09:38 - 2016-04-17 09:38 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\CyberLink
2016-04-17 09:38 - 2016-04-17 09:38 - 00000000 ____D C:\ProgramData\Documents\CyberLink
2016-04-17 09:37 - 2016-04-17 09:37 - 00000000 ____D C:\Users\Public\CyberLink
2016-04-17 09:35 - 2016-04-18 08:22 - 00000000 ____D C:\WINDOWS\CryptoGuard
2016-04-17 09:35 - 2016-04-18 08:19 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2016-04-17 09:35 - 2016-04-17 09:40 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-17 08:50 - 2016-04-18 08:16 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\CyberLink
2016-04-17 08:49 - 2016-04-17 08:50 - 00000000 ____D C:\ProgramData\PDVD
2016-04-17 08:47 - 2016-04-17 11:35 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-04-17 08:00 - 2016-04-17 08:00 - 00002259 _____ C:\Users\Jean-Marie\Desktop\Ad-Aware Antivirus.lnk
2016-04-17 07:39 - 2016-04-18 08:17 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-04-17 07:30 - 2016-04-17 07:32 - 164277560 _____ C:\Users\Jean-Marie\Documents\PowerDVD_15.0.1510.58_DVD150306-02.exe
2016-04-17 07:18 - 2016-04-19 07:36 - 00002680 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2016-04-17 07:18 - 2016-04-17 07:18 - 00001191 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2016-04-17 07:18 - 2016-04-17 07:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-04-17 07:18 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2016-04-17 07:18 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2016-04-16 22:57 - 2016-04-16 22:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-04-16 10:18 - 2016-04-19 14:21 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-16 07:37 - 2016-04-16 07:37 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\WinRAR
2016-04-16 07:33 - 2016-04-16 07:33 - 00000000 ____D C:\OneDriveTemp
2016-04-16 07:28 - 2016-04-16 07:28 - 00001190 _____ C:\WINDOWS\SysWOW64\ServiceConfig.xml
2016-04-16 07:23 - 2016-04-16 07:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-16 07:23 - 2016-04-16 07:23 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-16 07:16 - 2016-04-19 15:28 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\CrashDumps
2016-04-15 15:54 - 2015-08-27 07:31 - 00040584 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2016-04-15 15:23 - 2016-04-15 15:23 - 00000000 ____D C:\WINDOWS\ERUNT
2016-04-15 15:22 - 2016-04-19 15:20 - 00002091 _____ C:\DelFix.txt
2016-04-15 15:01 - 2016-04-17 15:52 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-15 13:43 - 2016-04-15 13:43 - 00000000 ____D C:\ProgramData\BitDefender
2016-04-15 13:15 - 2016-04-19 12:47 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Lavasoft
2016-04-15 13:13 - 2016-04-19 14:21 - 00000000 ____D C:\Program Files (x86)\Ultracopier
2016-04-15 13:11 - 2016-04-15 13:11 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\LavasoftStatistics
2016-04-15 13:11 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2016-04-15 13:11 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2016-04-15 13:11 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2016-04-15 13:11 - 2015-01-06 12:47 - 00156936 _____ C:\WINDOWS\system32\bdfwcore.dll
2016-04-15 13:11 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2016-04-15 13:11 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2016-04-15 13:11 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2016-04-15 13:10 - 2016-04-19 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-04-15 13:05 - 2016-04-15 13:05 - 00000000 ____D C:\Program Files\Lavasoft
2016-04-15 12:57 - 2016-04-15 12:57 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-04-15 12:55 - 2016-04-19 15:01 - 00000000 ____D C:\ProgramData\Lavasoft
2016-04-15 12:29 - 2016-04-15 12:29 - 00000000 ____D C:\Users\Jean-Marie\AppData\LocalLow\IObit
2016-04-15 12:28 - 2016-04-19 15:00 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\IObit
2016-04-15 12:11 - 2016-04-19 12:04 - 00000000 ____D C:\Users\Public\Documents\Ashampoo
2016-04-15 12:11 - 2016-04-19 12:04 - 00000000 ____D C:\ProgramData\Documents\Ashampoo
2016-04-15 11:54 - 2016-04-19 12:05 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-04-15 11:53 - 2016-04-19 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-04-15 11:23 - 2016-04-19 11:57 - 00004174 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{360821F9-A7CF-4DAA-818D-6B993C9966B6}
2016-04-15 11:21 - 2016-04-15 11:21 - 00000000 _RSHD C:\_Backup.RC
2016-04-15 10:54 - 2013-12-13 11:31 - 00022096 ____N C:\WINDOWS\system32\Drivers\AQFileRestore.sys
2016-04-15 10:54 - 2012-11-06 11:20 - 00047496 ____N (GFI Software) C:\WINDOWS\system32\sbbd.exe
2016-04-15 10:54 - 2012-02-09 12:58 - 00035000 _____ C:\WINDOWS\system32\mxntdfg.exe
2016-04-15 10:53 - 2016-04-15 10:53 - 00002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fix-It Utilities Professional.lnk
2016-04-15 10:53 - 2016-04-15 10:53 - 00000000 ____D C:\Users\Public\Documents\Avanquest Software
2016-04-15 10:53 - 2016-04-15 10:53 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Avanquest
2016-04-15 10:53 - 2016-04-15 10:53 - 00000000 ____D C:\ProgramData\Documents\Avanquest Software
2016-04-15 10:51 - 2016-04-15 11:21 - 00000000 ____D C:\ProgramData\Avanquest
2016-04-15 10:51 - 2016-04-15 10:51 - 00000000 ____D C:\Program Files (x86)\Avanquest
2016-04-15 10:01 - 2016-04-14 01:45 - 00453280 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-15 09:39 - 2016-04-15 09:47 - 00000889 _____ C:\UnZacMe_15_04_2016_09.47.49.txt
2016-04-15 09:39 - 2016-04-15 09:47 - 00000000 ____D C:\UnZacMe
2016-04-15 08:53 - 2016-04-15 08:53 - 00000000 ____D C:\ProgramData\Evonsoft
2016-04-15 08:12 - 2016-04-19 13:55 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Mozilla
2016-04-15 08:09 - 2016-04-15 08:10 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Wondershare Free YouTube Downloader
2016-04-15 08:07 - 2016-04-19 12:51 - 00000000 ____D C:\ProgramData\Wondershare Free YouTube Downloader
2016-04-15 08:06 - 2016-04-15 08:06 - 00000000 ____D C:\ProgramData\Wondershare Application Common Data
2016-04-15 08:01 - 2016-04-15 08:01 - 00002721 _____ C:\Users\Public\Desktop\e-Carte Bleue LCL.lnk
2016-04-15 08:01 - 2016-04-15 08:01 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Downloaded Installations
2016-04-15 08:01 - 2016-04-15 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Carte Bleue LCL
2016-04-15 08:01 - 2016-04-15 08:01 - 00000000 ____D C:\Program Files (x86)\e-Carte Bleue
2016-04-15 08:00 - 2016-04-15 08:02 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\MicrosoftEdge
2016-04-15 07:19 - 2016-04-15 07:19 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\AMD
2016-04-15 07:19 - 2016-04-15 07:19 - 00000000 ____D C:\ProgramData\ATI
2016-04-15 07:12 - 2016-04-15 14:52 - 00000000 ____D C:\Users\Jean-Marie\ultracopier
2016-04-15 07:05 - 2016-04-15 07:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-04-15 07:05 - 2016-04-15 07:05 - 00000000 ____D C:\ProgramData\AMD
2016-04-15 07:05 - 2016-04-15 07:05 - 00000000 ____D C:\Program Files\ATI Technologies
2016-04-15 07:04 - 2016-04-19 06:08 - 00000000 ___RD C:\Users\Jean-Marie\OneDrive
2016-04-15 07:04 - 2016-04-17 08:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-15 07:04 - 2016-04-15 07:04 - 00002436 _____ C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-15 07:02 - 2016-04-15 07:02 - 00000000 ____D C:\Program Files\AMD
2016-04-15 07:02 - 2016-04-15 07:02 - 00000000 ____D C:\AMD
2016-04-15 06:58 - 2016-04-15 06:58 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Publishers
2016-04-15 06:55 - 2016-04-15 06:55 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\ActiveSync
2016-04-15 06:54 - 2016-04-15 06:54 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Comms
2016-04-15 06:53 - 2016-04-15 06:53 - 00000020 ___SH C:\Users\Jean-Marie\ntuser.ini
2016-04-15 06:53 - 2016-04-15 06:53 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\TileDataLayer
2016-04-14 21:56 - 2016-04-19 07:45 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-14 21:50 - 2016-04-14 21:50 - 00000000 ____D C:\Windows.old
2016-04-14 21:49 - 2016-04-14 21:49 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-04-14 21:47 - 2016-04-14 21:47 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-04-14 21:47 - 2016-04-14 21:47 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-14 21:47 - 2016-04-14 21:47 - 00000000 ____D C:\Program Files\MSBuild
2016-04-14 21:47 - 2016-04-14 21:47 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-14 21:47 - 2016-04-14 21:47 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-14 21:47 - 2016-04-14 21:47 - 00000000 ____D C:\inetpub
2016-04-14 21:45 - 2015-10-23 18:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-04-14 21:45 - 2015-10-23 18:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-04-14 21:45 - 2015-10-23 18:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-04-14 21:45 - 2015-10-23 18:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-04-14 21:45 - 2015-10-23 18:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-04-14 21:45 - 2015-10-23 18:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\Voisinage réseau
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\Voisinage d'impression
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\Modèles
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\Mes documents
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\Menu Démarrer
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\Documents\Mes vidéos
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\Documents\Mes images
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\Documents\Ma musique
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historique
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default User\Documents\Mes vidéos
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default User\Documents\Mes images
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default User\Documents\Ma musique
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2016-04-14 21:18 - 2016-04-14 21:18 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historique
2016-04-14 21:16 - 2016-04-14 21:16 - 00023108 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-04-14 21:09 - 2016-04-14 21:09 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-14 21:09 - 2016-04-14 21:09 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-04-14 21:09 - 2016-04-14 21:09 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-04-14 21:09 - 2016-04-14 21:09 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-04-14 21:09 - 2016-04-14 21:09 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-04-14 21:03 - 2016-04-14 21:03 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-04-14 21:02 - 2016-04-19 14:39 - 00000000 ____D C:\Users\Jean-Marie
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\Voisinage réseau
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\Voisinage d'impression
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\Modèles
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\Mes documents
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\Menu Démarrer
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\Documents\Mes vidéos
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\Documents\Mes images
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\Documents\Ma musique
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2016-04-14 21:02 - 2016-04-14 21:02 - 00000000 _SHDL C:\Users\Jean-Marie\AppData\Local\Historique
2016-04-14 21:01 - 2016-04-19 14:50 - 02049398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-14 21:01 - 2016-04-14 21:01 - 01956472 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-04-14 20:58 - 2016-04-14 20:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-04-14 20:58 - 2016-04-14 20:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2016-04-14 20:58 - 2016-04-14 20:58 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-04-14 20:58 - 2016-04-14 20:58 - 00000000 ____D C:\Program Files\Realtek
2016-04-14 20:32 - 2016-04-14 20:32 - 00000000 ____D C:\sources
2016-04-14 19:13 - 2016-04-19 07:45 - 00000000 ____D C:\$WINDOWS.~BT
2016-04-14 19:13 - 2016-04-14 21:17 - 00010449 _____ C:\WINDOWS\diagerr.xml
2016-04-14 19:13 - 2016-04-14 21:17 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-04-14 19:01 - 2016-04-14 19:01 - 00000000 ____D C:\ESD
2016-04-14 17:00 - 2016-04-14 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Bureau
2016-04-14 16:45 - 2016-04-14 18:01 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\ClassicShell
2016-04-14 16:32 - 2016-04-18 08:19 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-14 16:32 - 2016-04-15 12:29 - 00000000 ____D C:\ProgramData\IObit
2016-04-14 16:32 - 2016-04-14 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2016-04-14 16:31 - 2016-04-17 06:47 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\TeraCopy
2016-04-14 16:30 - 2016-04-19 14:21 - 00000000 ____D C:\Program Files\Supercopier
2016-04-14 16:29 - 2016-04-19 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2016-04-14 16:29 - 2016-04-19 13:08 - 00000000 ____D C:\Program Files\TeraCopy
2016-04-14 16:27 - 2016-04-14 16:27 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Macromedia
2016-04-14 16:24 - 2016-04-15 15:18 - 00002402 _____ C:\Users\Jean-Marie\Documents\starburn.txt
2016-04-14 16:24 - 2016-04-15 13:13 - 00000000 ____D C:\ProgramData\Wondershare
2016-04-14 16:23 - 2016-04-15 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-04-14 16:23 - 2016-04-14 16:23 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Wondershare
2016-04-14 16:21 - 2016-04-15 15:29 - 00000000 ____D C:\Users\Jean-Marie\Documents\Wondershare Filmora
2016-04-14 16:21 - 2016-04-15 13:13 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-04-14 16:21 - 2016-04-14 16:21 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2016-04-14 16:20 - 2016-04-14 16:20 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Hewlett-Packard
2016-04-14 16:10 - 2016-04-15 08:06 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-04-14 16:10 - 2016-04-15 08:06 - 00000000 ____D C:\ProgramData\Documents\Wondershare
2016-04-14 16:09 - 2016-04-19 13:10 - 00000000 ____D C:\Users\Jean-Marie\Desktop\data copy tools for cyberlink power2go 11 ESSENTials
2016-04-14 16:09 - 2016-04-14 16:31 - 00000000 ____D C:\Users\Jean-Marie\Desktop\video editor pour efm du musée de l'homme
2016-04-14 16:01 - 2016-04-19 14:50 - 00000000 ____D C:\_Backup
2016-04-14 15:32 - 2016-04-14 15:32 - 00000000 ____D C:\Users\Jean-Marie\Desktop\cyberlink power2go 11 essentials
2016-04-14 15:18 - 2016-04-14 15:20 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\UsbFix
2016-04-14 15:17 - 2016-04-14 21:16 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3113239180-1891651084-317732970-1001
2016-04-14 15:12 - 2016-04-15 12:20 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Hewlett-Packard
2016-04-14 15:12 - 2016-04-14 15:12 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\ATI
2016-04-14 15:12 - 2016-04-14 15:12 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\ATI
2016-04-14 15:10 - 2016-04-14 15:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-04-14 15:10 - 2016-04-14 15:10 - 00000000 ____D C:\Users\Jean-Marie\AppData\Roaming\Adobe
2016-04-14 15:10 - 2016-04-14 15:10 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Power2Go8
2016-04-14 15:09 - 2016-04-14 21:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2016-04-14 15:09 - 2016-04-14 15:09 - 00000000 __RSH C:\WINDOWS\SysWOW64\Drivers\103C_HP_cPC_CQ2904EF_Y53316J_0U_Q4CH3100VPJ_E12WE3RR8607_4A_I2AE3_SHP_V1.02_B8.17_T130125_W8101-0_L40C_M3660_J1000_7AMD_8BFF_91.40_#130304_N19692062_Z_G10029809_Ohp DVD A DH16ACSHR_DACRAD46.MRK
2016-04-14 15:09 - 2016-04-14 15:09 - 00000000 __RSH C:\WINDOWS\system32\Drivers\103C_HP_cPC_CQ2904EF_Y53316J_0U_Q4CH3100VPJ_E12WE3RR8607_4A_I2AE3_SHP_V1.02_B8.17_T130125_W8101-0_L40C_M3660_J1000_7AMD_8BFF_91.40_#130304_N19692062_Z_G10029809_Ohp DVD A DH16ACSHR_DACRAD46.MRK
2016-04-14 15:08 - 2016-04-15 12:44 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\Packages
2016-04-14 15:08 - 2016-04-14 15:08 - 00000000 ____D C:\Users\Jean-Marie\AppData\Local\VirtualStore
2016-04-14 15:07 - 2013-03-05 01:34 - 00000000 ___HD C:\Users\Jean-Marie\Documents\hp.applications.package.appdata
2016-04-14 15:07 - 2013-03-05 01:14 - 00000000 ___HD C:\Users\Jean-Marie\Documents\hp.system.package.metadata
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Public\Documents\Mes vidéos
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Public\Documents\Mes images
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Public\Documents\Ma musique
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\Voisinage réseau
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\Voisinage d'impression
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\Modèles
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\Mes documents
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\Menu Démarrer
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Mes vidéos
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Mes images
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Ma musique
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Historique
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\ProgramData\Modèles
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\ProgramData\Menu Démarrer
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\ProgramData\Documents\Mes vidéos
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\ProgramData\Documents\Mes images
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\ProgramData\Documents\Ma musique
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\ProgramData\Bureau
2016-04-14 15:04 - 2016-04-14 15:04 - 00000000 _SHDL C:\Program Files\Fichiers communs
2016-04-14 15:00 - 2016-04-19 14:21 - 00138800 ____N C:\WINDOWS\Minidump\041916-32984-01.dmp

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-04-19 15:27 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-19 15:02 - 2013-03-05 01:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-19 15:02 - 2013-03-05 01:14 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-04-19 14:50 - 2016-02-13 14:49 - 00898128 _____ C:\WINDOWS\system32\perfh00C.dat
2016-04-19 14:50 - 2016-02-13 14:49 - 00188056 _____ C:\WINDOWS\system32\perfc00C.dat
2016-04-19 14:50 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-19 14:40 - 2016-02-13 15:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-19 14:40 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-19 13:58 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Web
2016-04-19 12:08 - 2013-03-05 01:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-18 23:01 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-18 23:01 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-18 19:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-04-18 09:12 - 2016-02-13 06:10 - 00201408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-18 08:23 - 2012-07-26 11:43 - 00000000 ____D C:\WINDOWS\en-GB
2016-04-18 08:17 - 2013-03-05 01:28 - 00000000 ____D C:\ProgramData\CyberLink
2016-04-18 08:17 - 2013-03-05 01:25 - 00000000 ____D C:\ProgramData\Temp
2016-04-18 08:08 - 2013-03-05 01:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-04-17 11:17 - 2013-03-05 01:28 - 00000000 ____D C:\ProgramData\install_clap
2016-04-16 04:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-04-15 12:40 - 2013-03-05 01:17 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-04-15 12:39 - 2013-03-05 01:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-04-15 12:20 - 2013-03-05 01:30 - 00000000 ____D C:\ProgramData\WildTangent
2016-04-15 06:53 - 2016-02-13 15:18 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-14 21:56 - 2015-10-30 09:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-04-14 21:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-04-14 21:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-04-14 21:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-04-14 21:47 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-04-14 21:47 - 2015-10-30 09:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-04-14 21:47 - 2015-10-30 09:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-04-14 21:47 - 2015-10-30 09:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-04-14 21:47 - 2015-10-30 09:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-04-14 21:47 - 2015-10-30 09:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-04-14 21:47 - 2015-10-30 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-04-14 21:47 - 2015-10-30 09:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-04-14 21:47 - 2015-10-30 09:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-04-14 21:47 - 2015-10-30 09:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-04-14 21:47 - 2015-10-30 09:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-04-14 21:47 - 2015-10-30 09:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-04-14 21:47 - 2015-10-30 09:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-04-14 21:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-14 21:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-04-14 21:18 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows NT
2016-04-14 21:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Registration
2016-04-14 21:13 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-14 21:10 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-14 21:10 - 2013-03-05 01:19 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-04-14 21:09 - 2012-07-26 07:37 - 00000000 ____D C:\Users\Default.migrated
2016-04-14 21:06 - 2016-02-13 14:49 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-04-14 21:06 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-04-14 21:06 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-04-14 21:06 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 21:05 - 2016-02-13 14:49 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-04-14 21:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-04-14 21:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-04-14 21:04 - 2013-03-05 01:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-04-14 21:04 - 2012-08-01 19:06 - 00000000 ____D C:\ProgramData\PRICache
2016-04-14 21:03 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-14 21:03 - 2013-03-05 01:09 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-04-14 21:00 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-14 16:06 - 2013-03-05 01:48 - 00000000 ____D C:\ProgramData\Norton
2016-04-14 15:10 - 2012-08-02 05:15 - 00000000 ____D C:\SWSETUP
2016-04-14 15:09 - 2013-03-05 01:43 - 00000000 ___RD C:\Program Files\Online Services
2016-04-14 15:09 - 2013-03-05 01:30 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-04-14 15:09 - 2013-01-07 13:49 - 00000000 ____D C:\hp
2016-04-14 15:09 - 2012-08-01 11:57 - 00000000 ____D C:\SYSTEM.SAV
2016-04-06 20:32 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Fichiers à déplacer ou supprimer:
====================
C:\Users\Jean-Marie\ZHPCleaner.exe


==================== Bamital & volsnap =================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement
C:\WINDOWS\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


LastRegBack: 2016-04-14 20:56

==================== Fin de FRST.txt ============================

 

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version:18-04-2016
Exécuté par Jean-Marie (2016-04-19 15:36:50)
Exécuté depuis C:\Users\Jean-Marie\Desktop
Windows 10 Home Version 1511 (X64) (2016-04-15 04:50:44)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-3113239180-1891651084-317732970-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3113239180-1891651084-317732970-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3113239180-1891651084-317732970-1005 - Limited - Enabled)
Invité (S-1-5-21-3113239180-1891651084-317732970-501 - Limited - Disabled)
Jean-Marie (S-1-5-21-3113239180-1891651084-317732970-1001 - Administrator - Enabled) => C:\Users\Jean-Marie

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: Avanquest Fix-It (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avanquest Fix-It (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Ad-Aware Firewall (Enabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.4244.0 - Lavasoft) Hidden
Ashampoo Burning Studio 2016 (HKLM-x32\...\{91B33C97-B4A4-B41A-6B97-C62C82CEB6A9}_is1) (Version: 16.0.2 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 2016 (HKLM-x32\...\{91B33C97-9727-16DE-2E8E-2E770FCBCA9B}_is1) (Version: 6.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 6 (HKLM-x32\...\{91B33C97-F75E-DAE1-22C9-0E38FC779FCB}_is1) (Version: 6.0.2 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 9 (HKLM-x32\...\{0A11EA01-D628-EEFD-B5E8-864238AE9105}_is1) (Version: 9.0.0 - Ashampoo GmbH & Co. KG)
AvcEngine (Version: 3.11.12293.0 - Lavasoft) Hidden
Bing Bureau (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.4.167.0 - Microsoft Corporation)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Fix-It (HKLM-x32\...\{12FA6720-D4CF-4FFE-968D-133653AC1B1B}) (Version: 15.0.32.28 - Avanquest)
Fix-It (x32 Version: 15.0.32.28 - Avanquest) Hidden
Google Chrome (HKLM-x32\...\{13BE5FED-4B98-3DE1-9510-47EA0693FDE8}) (Version: 50.0.2661.75 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
LCL (HKLM-x32\...\{CB94CFB5-AE04-4A66-9445-D2798D2F42EE}) (Version: 5.6.0.0 - e-Carte Bleue LCL)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 fr)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
OnlineThreatsEngine (Version: 3.0.1.23 - Lavasoft) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.0.2 - IObit)
Supercopier 1.2.1.0 (HKLM-x32\...\Supercopier) (Version: 1.2.1.0 - Supercopier)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Ultracopier 1.2.1.0 (HKLM-x32\...\Ultracopier) (Version: 1.2.1.0 - Ultracopier)
Wondershare Filmora(Build 7.1.0) (HKLM-x32\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Free YouTube Downloader(Build 4.9.0.1) (HKLM-x32\...\Wondershare Free YouTube Downloader_is1) (Version: 4.9.0.1 - Wondershare Software)

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {3A05AE99-A47F-4D02-9A59-24CA128A16FD} - System32\Tasks\EPSON XP-710 Series Invitation {29F7A9B9-C5C7-4D76-8DDC-4A9BEDE4DF59} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [2015-01-16] (SEIKO EPSON CORPORATION)
Task: {4814C62B-316E-43C0-8660-DF22424C792B} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE
Task: {4AAFBF08-0009-488B-851A-3FE45250ED77} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {75924F13-9A58-4435-B6E6-BE18A3FE29DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-19] (Google Inc.)
Task: {8CAC26A6-BAF6-405D-A2F2-604C6409D3C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {BCE0C72E-E1BF-45A5-A822-3ABFF43D5DE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-19] (Google Inc.)
Task: {C558782E-9B53-4042-9A09-0B8D8341CEA1} - System32\Tasks\EPSON XP-710 Series Update {29F7A9B9-C5C7-4D76-8DDC-4A9BEDE4DF59} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [2015-01-16] (SEIKO EPSON CORPORATION)
Task: {DB5A7512-0968-40AD-AF7B-D46A17BFF0F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {E9E0C90C-409F-425A-8093-F2AF26F07E88} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-03-23] (IObit)
Task: {EB90C4EF-D4EF-4265-8453-06DA9C18E9E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
Task: {FB84165F-7872-4269-9986-8CF8963AA4E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\WINDOWS\Tasks\EPSON XP-710 Series Invitation {29F7A9B9-C5C7-4D76-8DDC-4A9BEDE4DF59}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-710 Series Update {29F7A9B9-C5C7-4D76-8DDC-4A9BEDE4DF59}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE:/EXE:{29F7A9B9-C5C7-4D76-8DDC-4A9BEDE4DF59} /F:UpdateWORKGROUP\LFS_ULTRA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Raccourcis =============================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

==================== Modules chargés (Avec liste blanche) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-13 14:52 - 2016-02-13 14:52 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-13 14:52 - 2016-02-13 14:52 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareShellExtension.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll
2016-04-14 16:29 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2016-04-15 10:52 - 2013-08-27 16:06 - 00585728 ____N () C:\Program Files (x86)\Avanquest\Fix-It\sqlite3x64.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 09581280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll
2016-01-28 16:44 - 2016-01-28 16:44 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 11674360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00973040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00561920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01594624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02547448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01489640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01437424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03107576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01878784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01024744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00457448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01310952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01027304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01563888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00519920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll
2016-04-15 13:11 - 2015-01-06 12:47 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2016-04-15 13:43 - 2016-04-15 13:43 - 01119064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpbr.mdl
2016-04-15 13:43 - 2016-04-15 13:43 - 00794832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpdsp.mdl
2016-04-15 13:43 - 2016-04-15 13:43 - 03038112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttpph.mdl
2016-04-15 13:43 - 2016-04-15 13:43 - 01648408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\3.0.1.23\definitions\loc2\ashttprbl.mdl

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)

AlternateDataStreams: C:\Users\Jean-Marie\Desktop\ashampoo_snap_9_e9.0.0_sm.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Desktop\pre-scan_6_15.04.2016.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Jean-Marie\Desktop\processclose_1.0.0.3.exe:BDU [0]

==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3113239180-1891651084-317732970-1001\...\100sexlinks.com -> 100sexlinks.com

Il y a 4791 plus de sites.


==================== Hosts contenu: ==========================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2012-07-26 07:26 - 2016-04-19 09:01 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-3113239180-1891651084-317732970-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jean-Marie\AppData\Local\Microsoft\BingDesktop\themes\2016-04-18.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu est activé.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==

(Actuellement, il n'y a pas de correction automatique pour cette section.)


==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{618138FE-8DB2-4E09-8215-2C87E6D8169A}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5FCA5AF1-8CB5-40DC-9489-93BACEE128DB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C5B62B61-5218-4C9B-9939-8B1B7619E45B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{30A328EA-A9F1-4991-A8A7-ECFAC2870676}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{A80137C5-6CBA-412B-A1EC-D75758F79773}C:\Users\Jean-Marie\Desktop\pre-scan_6_15.04.2016.1.exe] => (Allow) C:\Users\Jean-Marie\Desktop\pre-scan_6_15.04.2016.1.exe
FirewallRules: [UDP Query User{8086F52E-78FA-489A-B2C4-2651DAE624EB}C:\Users\Jean-Marie\Desktop\pre-scan_6_15.04.2016.1.exe] => (Allow) C:\Users\Jean-Marie\Desktop\pre-scan_6_15.04.2016.1.exe
FirewallRules: [TCP Query User{F8900EFA-9A3F-404D-865F-58455463BF88}C:\program files (x86)\easeus\easeus todo pctrans\bin\pctrans.exe] => (Allow) C:\program files (x86)\easeus\easeus todo pctrans\bin\pctrans.exe
FirewallRules: [UDP Query User{6983F0CE-81D1-488C-AB11-18886DDE39F1}C:\program files (x86)\easeus\easeus todo pctrans\bin\pctrans.exe] => (Allow) C:\program files (x86)\easeus\easeus todo pctrans\bin\pctrans.exe
FirewallRules: [TCP Query User{1A65A2F4-8EA5-41C8-92E9-90F309726345}C:\program files (x86)\wondershare\freeyoutubedownloader\freeyoutubedownloader.exe] => (Allow) C:\program files (x86)\wondershare\freeyoutubedownloader\freeyoutubedownloader.exe
FirewallRules: [UDP Query User{66DD758A-37D3-4AAB-89D2-90BF86E7B302}C:\program files (x86)\wondershare\freeyoutubedownloader\freeyoutubedownloader.exe] => (Allow) C:\program files (x86)\wondershare\freeyoutubedownloader\freeyoutubedownloader.exe
FirewallRules: [{BC6B12A5-B591-41A3-A233-96051BF5BF79}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{6160818A-D22F-480D-B65B-AED0B3A9478A}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{67399B20-1C50-4BCD-A0B6-4AE53605BE38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA197BFA-5E23-4023-B7D9-95B7218CE2DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{53790408-2E61-4482-AFD4-1C84E302A784}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Users\Jean-Marie\Desktop\adsfix_3_17.04.2016.2.exe] => (Allow) C:\Users\Jean-Marie\Desktop\adsfix_3_17.04.2016.2.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Users\Jean-Marie\Desktop\adsfix_3_17.04.2016.2.exe] => (Allow) C:\Users\Jean-Marie\Desktop\adsfix_3_17.04.2016.2.exe

==================== Points de restauration =========================

19-04-2016 15:17:35 Fin de désinfection

==================== Éléments en erreur du Gestionnaire de périphériques =============

Name: Block device mounter
Description: Block device mounter
Class Guid: {54f3637b-4777-4f96-970c-6bfa5477b542}
Manufacturer: Paragon Software Group
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Block device mounter
Description: Block device mounter
Class Guid: {54f3637b-4777-4f96-970c-6bfa5477b542}
Manufacturer: Paragon Software Group
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (04/19/2016 03:32:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LFS_ULTRA)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (04/19/2016 03:28:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LFS_ULTRA)
Description: Échec de l’activation de l’application Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (04/19/2016 03:28:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.10586.35, horodatage : 0x566505bc
Nom du module défaillant : ShellExperienceHost.exe, version : 10.0.10586.35, horodatage : 0x566505bc
Code d’exception : 0xc000027b
Décalage d’erreur : 0x0000000000085831
ID du processus défaillant : 0x1670
Heure de début de l’application défaillante : 0xShellExperienceHost.exe0
Chemin d’accès de l’application défaillante : ShellExperienceHost.exe1
Chemin d’accès du module défaillant: ShellExperienceHost.exe2
ID de rapport : ShellExperienceHost.exe3
Nom complet du package défaillant : ShellExperienceHost.exe4
ID de l’application relative au package défaillant : ShellExperienceHost.exe5

Error: (04/19/2016 03:26:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LFS_ULTRA)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (04/19/2016 03:26:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LFS_ULTRA)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (04/19/2016 03:26:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LFS_ULTRA)
Description: Échec de l’activation de l’application Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (04/19/2016 03:26:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante SearchUI.exe, version : 10.0.10586.63, horodatage : 0x568b1fdc
Nom du module défaillant : SearchUI.exe, version : 10.0.10586.63, horodatage : 0x568b1fdc
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000001b04d7
ID du processus défaillant : 0x140c
Heure de début de l’application défaillante : 0xSearchUI.exe0
Chemin d’accès de l’application défaillante : SearchUI.exe1
Chemin d’accès du module défaillant: SearchUI.exe2
ID de rapport : SearchUI.exe3
Nom complet du package défaillant : SearchUI.exe4
ID de l’application relative au package défaillant : SearchUI.exe5

Error: (04/19/2016 03:25:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LFS_ULTRA)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error: (04/19/2016 03:25:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.10586.35, horodatage : 0x566505bc
Nom du module défaillant : ShellExperienceHost.exe, version : 10.0.10586.35, horodatage : 0x566505bc
Code d’exception : 0xc000027b
Décalage d’erreur : 0x0000000000085831
ID du processus défaillant : 0xef8
Heure de début de l’application défaillante : 0xShellExperienceHost.exe0
Chemin d’accès de l’application défaillante : ShellExperienceHost.exe1
Chemin d’accès du module défaillant: ShellExperienceHost.exe2
ID de rapport : ShellExperienceHost.exe3
Nom complet du package défaillant : ShellExperienceHost.exe4
ID de l’application relative au package défaillant : ShellExperienceHost.exe5

Error: (04/19/2016 03:25:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante SearchUI.exe, version : 10.0.10586.63, horodatage : 0x568b1fdc
Nom du module défaillant : SearchUI.exe, version : 10.0.10586.63, horodatage : 0x568b1fdc
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000001b04d7
ID du processus défaillant : 0x1b60
Heure de début de l’application défaillante : 0xSearchUI.exe0
Chemin d’accès de l’application défaillante : SearchUI.exe1
Chemin d’accès du module défaillant: SearchUI.exe2
ID de rapport : SearchUI.exe3
Nom complet du package défaillant : SearchUI.exe4
ID de l’application relative au package défaillant : SearchUI.exe5


Erreurs système:
=============
Error: (04/19/2016 03:32:36 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (04/19/2016 03:28:41 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: App

Error: (04/19/2016 03:26:52 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (04/19/2016 03:26:05 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: CortanaUI

Error: (04/19/2016 03:26:01 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: App

Error: (04/19/2016 03:25:59 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: CortanaUI

Error: (04/19/2016 03:25:55 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: CortanaUI

Error: (04/19/2016 03:25:50 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: CortanaUI

Error: (04/19/2016 03:25:46 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: CortanaUI

Error: (04/19/2016 03:25:43 PM) (Source: DCOM) (EventID: 10010) (User: LFS_ULTRA)
Description: App


CodeIntegrity:
===================================
  Date: 2016-04-19 14:41:13.748
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-19 14:22:39.568
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-19 08:30:20.442
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-18 15:48:18.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-18 09:29:21.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-18 09:13:00.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-17 04:50:48.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-16 12:38:12.311
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-16 10:19:23.709
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-04-16 07:36:30.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Infos Mémoire ===========================

Processeur: AMD E1-1200 APU with Radeon™ HD Graphics
Pourcentage de mémoire utilisée: 38%
Mémoire physique - RAM - totale: 3659.73 MB
Mémoire physique - RAM - disponible: 2256.9 MB
Mémoire virtuelle totale: 4059.73 MB
Mémoire virtuelle disponible: 2722.59 MB

==================== Lecteurs ================================

Drive c: (OS) (Fixed) (Total:916.54 GB) (Free:861.43 GB) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecteur)]
Drive d: (Recovery Image) (Fixed) (Total:13.06 GB) (Free:1.56 GB) NTFS ==>[système avec composants d'amorçage (obtenu depuis lecteur)]
Drive j: (SDXC 500 Gb) (Removable) (Total:476.7 GB) (Free:172.44 GB) exFAT
Drive k: (my disk) (Fixed) (Total:931.48 GB) (Free:101.77 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 594A647A)

Partition: GPT.

========================================================
Disk: 2 (Size: 476.7 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 56A53A02)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Fin de Addition.txt ============================

 

i wait the helpers to disinfect & troubleshoots me...



#3 datwin-bordo

datwin-bordo
  • Topic Starter

  • Banned
  • 60 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 19 April 2016 - 10:14 AM

and i tried to launches combofix in compatibility mode and, then,

a error message says "ComboFix is not meant to run in 'Compatibility Mode'. The program shall now exit



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,401 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 20 April 2016 - 01:54 PM

Greetings Jonathan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • [First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like you to run a FRST scan again, making sure Addition.txt is checked. However, this time right click on FRST64.exe, rename it to EnglishFRST64.exe and hit Scan. Please post both logs.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,401 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 20 April 2016 - 04:13 PM

Since you have started a topic here as well as other sites I am permanently closing this Topic.

Edited by Oh My!, 20 April 2016 - 04:19 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,401 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:33 AM

Posted 20 April 2016 - 04:13 PM

It appears that this issue is resolved, therefore I am closing the topic.


Edited by Oh My!, 20 April 2016 - 04:13 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users