Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-05-16.14 - Lorenzo 20/06/2017 16:57:27.2.4 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8120.6283 [GMT 2:00]
Lancé depuis: c:\users\Lorenzo\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lorenzo\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\BullseyeCoverage-2-x64.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-05-20 au 2017-06-20 ))))))))))))))))))))))))))))))))))))
.
.
2017-06-20 15:00 . 2017-06-20 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-06-19 23:34 . 2017-06-19 23:34 -------- d-----w- c:\users\Lorenzo\AppData\Local\CrashRpt
2017-06-17 22:57 . 2017-05-03 15:34 94952 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-06-17 22:57 . 2017-05-03 15:29 1206272 ----a-w- c:\windows\system32\aeinv.dll
2017-06-17 22:57 . 2017-05-03 13:05 325632 ----a-w- c:\windows\system32\invagent.dll
2017-06-17 22:57 . 2017-05-03 13:05 620544 ----a-w- c:\windows\system32\generaltel.dll
2017-06-17 22:57 . 2017-05-03 13:05 535552 ----a-w- c:\windows\system32\devinv.dll
2017-06-17 22:57 . 2017-05-03 13:05 311296 ----a-w- c:\windows\system32\centel.dll
2017-06-17 22:57 . 2017-05-03 13:05 217088 ----a-w- c:\windows\system32\aepic.dll
2017-06-17 22:57 . 2017-05-03 13:05 1555968 ----a-w- c:\windows\system32\appraiser.dll
2017-06-17 22:57 . 2017-05-03 13:05 127488 ----a-w- c:\windows\system32\acmigration.dll
2017-06-17 22:57 . 2017-03-23 02:06 1691136 ----a-w- c:\windows\system32\aitstatic.exe
2017-06-12 16:27 . 2017-06-12 16:51 -------- d-----w- C:\MPF Games
2017-06-10 10:52 . 2017-06-10 10:52 -------- d-----w- c:\windows\system32\DAX3
2017-06-04 18:11 . 2017-06-04 18:11 -------- d-----w- c:\program files (x86)\Revora
2017-06-04 13:18 . 2017-06-04 13:18 -------- d-----w- C:\Crash
2017-06-03 20:23 . 2017-06-20 15:01 -------- d-----w- c:\users\Lorenzo\AppData\Local\LogMeIn Hamachi
2017-06-03 20:22 . 2017-06-03 20:22 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2017-06-01 03:54 . 2017-06-01 03:55 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\skyz
2017-05-28 13:37 . 2017-05-28 13:37 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\Petroglyph
2017-05-27 13:11 . 2017-06-04 18:22 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2017-05-24 15:34 . 2017-05-28 12:04 -------- d-----w- c:\program files (x86)\McAfee
2017-05-24 15:34 . 2017-05-28 12:04 -------- d-----w- c:\program files\Common Files\McAfee
2017-05-24 15:22 . 2017-05-24 15:36 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-20 15:01 . 2017-04-17 22:33 251832 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-06-20 15:00 . 2016-11-19 18:04 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-06-19 23:34 . 2016-09-13 02:13 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2017-06-19 23:34 . 2016-02-18 07:07 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2017-06-18 13:49 . 2016-01-11 15:42 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2017-06-17 11:13 . 2016-01-11 12:17 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-06-17 11:13 . 2016-01-11 12:17 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-06-15 20:31 . 2016-04-26 01:00 133627792 -c--a-w- c:\windows\system32\MRT.exe
2017-06-10 10:53 . 2017-04-01 20:27 14413536 ----a-w- c:\windows\system32\atiumd6a.dll
2017-06-10 10:53 . 2016-01-10 17:10 207760 ----a-w- c:\windows\system32\atiuxp64.dll
2017-06-10 10:53 . 2017-04-01 20:27 9446336 ----a-w- c:\windows\system32\atiumd64.dll
2017-06-10 10:53 . 2017-04-01 20:27 185088 ----a-w- c:\windows\system32\atiu9p64.dll
2017-06-10 10:53 . 2016-01-10 17:10 1649736 ----a-w- c:\windows\system32\aticfx64.dll
2017-06-10 10:53 . 2016-01-10 17:10 12139760 ----a-w- c:\windows\system32\atidxx64.dll
2017-06-10 10:53 . 2016-01-10 16:59 768392 ----a-w- c:\windows\system32\atieclxx.exe
2017-06-10 10:53 . 2016-01-10 16:59 543112 ----a-w- c:\windows\system32\atiesrxx.exe
2017-05-12 20:35 . 2016-01-29 21:27 158880 ----a-w- c:\windows\system32\drivers\aswstm.sys
2017-05-12 18:03 . 2017-06-15 18:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-05-10 09:36 . 2017-05-10 09:36 400456 ----a-w- c:\windows\system32\aswBoot.exe
2017-05-10 09:36 . 2016-01-29 21:27 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-05-10 09:36 . 2016-01-29 21:27 569192 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-05-10 09:36 . 2016-01-29 21:27 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-05-10 09:36 . 2016-01-29 21:27 339696 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-05-10 09:36 . 2016-01-29 21:27 128648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-05-10 09:36 . 2016-01-29 21:27 101152 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-05-10 09:36 . 2016-06-15 01:28 32600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-05-10 09:36 . 2016-01-29 21:27 1007160 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-05-10 09:36 . 2017-03-18 12:36 49016 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-05-10 09:36 . 2017-03-18 12:36 334576 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-05-10 09:36 . 2017-03-18 12:36 311808 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-05-10 09:36 . 2017-03-18 12:36 190256 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-05-01 10:08 . 2017-04-17 22:34 186304 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-01 10:08 . 2017-04-17 22:34 82720 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-05-01 10:08 . 2017-04-17 22:34 111544 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-05-01 10:08 . 2017-04-17 22:34 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-04-21 15:34 . 2017-05-10 10:43 1133568 ----a-w- c:\windows\system32\cdosys.dll
2017-04-21 15:15 . 2017-05-10 10:43 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2017-04-21 12:53 . 2017-04-21 12:53 29376 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-04-21 12:53 . 2017-04-21 12:53 18600 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-04-21 12:53 . 2017-04-21 12:53 18600 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-04-21 12:53 . 2017-04-21 12:53 18600 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-04-21 12:50 . 2017-04-21 12:50 30912 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-04-21 12:50 . 2017-04-21 12:50 18592 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-04-21 12:50 . 2017-04-21 12:50 18592 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-04-21 12:50 . 2017-04-21 12:50 18592 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09 993632 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09 987840 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09 690008 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09 485576 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2017-04-19 10:53 . 2016-03-25 18:36 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-04-17 15:37 . 2017-05-10 10:43 512000 ----a-w- c:\windows\system32\rpcss.dll
2017-04-17 15:37 . 2017-05-10 10:43 876544 ----a-w- c:\windows\system32\oleaut32.dll
2017-04-17 15:37 . 2017-05-10 10:43 2065408 ----a-w- c:\windows\system32\ole32.dll
2017-04-17 15:37 . 2017-05-10 10:43 26112 ----a-w- c:\windows\system32\oleres.dll
2017-04-17 15:37 . 2017-05-10 10:43 8704 ----a-w- c:\windows\system32\comcat.dll
2017-04-17 15:12 . 2017-05-10 10:43 581632 ----a-w- c:\windows\SysWow64\oleaut32.dll
2017-04-17 15:12 . 2017-05-10 10:43 1417728 ----a-w- c:\windows\SysWow64\ole32.dll
2017-04-17 15:12 . 2017-05-10 10:43 26112 ----a-w- c:\windows\SysWow64\oleres.dll
2017-04-17 14:54 . 2017-05-10 10:43 7168 ----a-w- c:\windows\SysWow64\comcat.dll
2017-04-16 21:04 . 2016-11-21 20:23 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-04-12 15:32 . 2017-05-10 10:43 229376 ----a-w- c:\windows\system32\wintrust.dll
2017-04-12 15:32 . 2017-05-10 10:43 1483776 ----a-w- c:\windows\system32\crypt32.dll
2017-04-12 15:32 . 2017-05-10 10:43 190976 ----a-w- c:\windows\system32\cryptsvc.dll
2017-04-12 15:32 . 2017-05-10 10:43 141824 ----a-w- c:\windows\system32\cryptnet.dll
2017-04-12 15:26 . 2017-05-10 10:43 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2017-04-12 15:25 . 2017-05-10 10:43 1176064 ----a-w- c:\windows\SysWow64\crypt32.dll
2017-04-12 15:25 . 2017-05-10 10:43 145920 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2017-04-12 15:25 . 2017-05-10 10:43 106496 ----a-w- c:\windows\SysWow64\cryptnet.dll
2017-04-07 15:34 . 2017-05-10 10:43 986856 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2017-04-07 15:34 . 2017-05-10 10:43 265448 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2017-04-07 15:30 . 2017-05-10 10:43 144384 ----a-w- c:\windows\system32\cdd.dll
2017-04-05 14:55 . 2017-05-10 10:43 460800 ----a-w- c:\windows\system32\drivers\srv.sys
2017-04-05 14:55 . 2017-05-10 10:43 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2017-04-05 14:55 . 2017-05-10 10:43 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2017-04-04 15:34 . 2017-05-10 10:43 1895656 ----a-w- c:\windows\system32\drivers\tcpip.sys
2017-04-04 15:34 . 2017-05-10 10:43 377576 ----a-w- c:\windows\system32\drivers\netio.sys
2017-04-04 15:34 . 2017-05-10 10:43 287976 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2017-04-04 14:53 . 2017-05-10 10:43 496128 ----a-w- c:\windows\system32\drivers\afd.sys
2017-04-01 20:27 . 2017-04-01 20:27 915336 ----a-w- c:\windows\system32\coinst_16.60.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-03-01 4290240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-06-07 27742168]
"CyberGhost"="c:\program files\CyberGhost 6\CyberGhost.exe" [2017-03-22 1229360]
"Discord"="c:\users\Lorenzo\AppData\Local\Discord\app-0.0.297\Discord.exe" [2017-01-04 64290304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2016-01-07 888344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288]
"LogMeIn Hamachi Ui"="f:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2017-05-22 6153128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 CG6Service;CyberGhost 6 Service;c:\program files\CyberGhost 6\CyberGhost.Service.exe;c:\program files\CyberGhost 6\CyberGhost.Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 HnGSteamService;Heroes & Generals Steam Service;f:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe;f:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Ke2200;NDIS Miniport Driver for Killer e2201/e2202 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cgnetfilter1521;cgnetfilter1521;c:\windows\system32\drivers\cgnetfilter1521.sys;c:\windows\SYSNATIVE\drivers\cgnetfilter1521.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys;c:\windows\SYSNATIVE\DRIVERS\XQHDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KillerEth;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e2xw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e2xw7x64.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service;c:\windows\system32\DRIVERS\XtuAcpiDriver.sys;c:\windows\SYSNATIVE\DRIVERS\XtuAcpiDriver.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-05-10 09:36 1505952 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-05-10 09:36 1505952 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-05-10 213824]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2017-06-10 9197568]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\users\Lorenzo\AppData\Roaming\Mozilla\Firefox\Profiles\sq6quese.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-BattlEye for A2 - f:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Dune 2000: Gruntmods Edition - f:\program files (x86)\Gruntmods Studios\Dune 2000 Gruntmods Edition Uninstaller.exe
AddRemove-Encoder_4.0.1651.0 - f:\program files (x86)\Microsoft Expression\Encoder 4\XSetup.exe
AddRemove-Grand Theft Auto V - Patch FR 1.3 - f:\program files (x86)\Program Files (x86)\Grand Theft Auto V\Uninstall.exe
AddRemove-ImageConverter Plus_is1 - f:\program files (x86)\ImageConverter Plus\unins000.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Ubisoft\FarCry 3\bin\pbsvc_fc3.exe
AddRemove-{8670953D-FB1B-4365-B71A-A9560F37E1ED}_is1 - c:\program files (x86)\Totally Accurate Battle Simulator\unins000.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-4083203447-1993287391-2016419916-1000\Software\Microsoft\Internet Explorer\DOMStorage\cdn.bubbledock.com]
@DACL=(02 0000)
@=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_131_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_131_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,e8,e6,37,9d,
ef,c4,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,e0,21,42,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,2d,35,04,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:17,d3,bd,88,4b,e1,ea,d4,b4,b3,2c,c4,6d,07,07,e4,68,68,8a,3f,cd,e1,
83,55,73,bf,3a,39,2d,0b,f6,5a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,38,a1,40,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,8d,96,06,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:ce,f4,fd,5d,a0,44,59,b6,0c,16,3c,d7,1d,53,80,78,a6,01,ef,7e,e0,58,
32,ce,cd,2d,d7,9d,52,13,af,22
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,80,29,4e,12,96,
38,c6,01,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,38,a1,40,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,8d,96,06,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:4d,3c,72,ee,9b,73,1b,fc,fc,70,22,53,1b,28,70,de,f2,8f,f1,3f,f8,e0,
f0,89,00,3e,02,aa,0f,40,c0,5d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Task Manager\\Interactive"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,85,c0,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,ee,f7,08,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:89,de,49,d1,46,b9,da,8a,3f,68,6f,98,cc,96,57,67,af,cd,97,16,b0,8a,
2f,c6,51,05,dc,7b,0d,dd,c5,19
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2470470F-2634-478E-B181-571E98A789BB}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Multimedia\\SystemSoundsService"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,2b,2a,f1,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:fd,7b,51,b9,fb,6d,dd,39,37,4c,58,66,90,f9,e9,34,ee,65,eb,22,fd,61,
53,1b,54,08,b2,05,91,03,1c,e2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28011108-68DF-4C73-B91B-57427D501BBA}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,f8,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,8b,8b,f3,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:62,05,0c,0d,7c,47,49,98,41,4f,a2,c4,7e,4d,34,6e,ce,62,8d,7d,97,4f,
37,7e,e3,b8,ae,2e,60,98,2e,e3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\WindowsBackup\\ConfigNotification"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,ed,7e,01,00,00,00,00,00,50,d5,04,e3,
8e,cb,01,00,ed,7e,01,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,48,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,4e,59,0b,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:5c,2d,4d,fb,0f,1a,10,46,14,69,14,ae,e9,c3,f3,7c,27,0e,3c,a4,4a,a0,
3a,12,8c,e1,4c,71,07,d8,d9,e0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,9c,9e,e0,73,
a6,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,70,21,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,ae,ba,0d,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:ae,18,62,ba,40,99,24,24,8d,c1,73,6d,23,e3,27,b7,15,40,18,fc,40,a4,
da,69,5b,c7,77,d1,13,5a,52,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,05,82,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,ac,af,fa,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:6d,5d,71,fc,d9,af,69,de,33,a5,e4,7e,6d,e8,94,ca,d1,5a,01,09,44,b2,
ef,58,c0,72,c7,f6,1e,db,87,e8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,85,c0,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,0c,11,fd,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:f7,cc,b3,90,21,e7,e2,45,ca,dc,d7,5e,42,61,02,52,20,87,dd,3a,c9,1a,
f7,d4,38,7d,8d,70,ed,6d,da,b4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A40E926-9E86-4B89-9CFD-B12311724371}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\UPnP\\UPnPHostConfig"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,10,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,6f,7d,12,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:6a,0c,38,92,08,12,da,be,f6,1f,ed,20,83,d1,4e,9e,08,5c,db,d0,f5,45,
9b,31,59,f0,f4,50,4c,c8,b4,b0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Shell\\WindowsParentalControls"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,85,80,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,0c,11,fd,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:88,65,11,e7,de,e4,f4,47,b2,f7,04,a0,40,46,bb,94,2b,d9,bd,a7,61,52,
a1,2b,b0,ae,3d,9b,56,c6,aa,f5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Defrag\\ScheduledDefrag"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,e8,e6,37,9d,
ef,c4,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,21,42,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,2f,40,17,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:83,6a,0f,9a,79,43,22,0e,6e,69,d4,60,79,28,f3,8f,05,27,87,b2,76,05,
a9,c5,cd,19,df,80,80,48,90,ce
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5A18EB-DC73-4E45-A11C-B59043598412}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c0,05,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,c8,bd,db,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:5f,17,41,f0,e3,67,3a,ee,6b,7d,98,3c,db,71,8c,34,64,0a,8c,20,b8,d2,
f6,27,b7,aa,49,1c,12,f1,63,58
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613612BA-897D-44CE-8DC1-8FC283F9FD51}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c8,85,00,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,6d,72,ff,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:5f,ea,8c,5d,59,0e,39,1f,05,dc,6b,f1,82,ee,76,fa,80,be,1e,c0,3c,9f,
02,43,9f,1a,61,9a,1d,37,1c,bb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,40,6a,60,06,
e9,c7,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c2,21,02,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,b9,72,83,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:22,73,52,40,f6,34,af,52,eb,49,6c,ac,7f,58,e8,5d,9e,d7,af,87,6a,d3,
1d,5a,e4,c1,f5,7c,23,4e,57,28
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DB7465-BC54-491B-A92A-4637A28C9BBF}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,11,02,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,29,1f,de,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:a8,55,9f,6c,cc,a2,df,09,f1,22,5f,5d,cf,f6,7d,8c,6f,f1,24,fc,5f,85,
dc,df,7f,19,1d,c7,cf,13,ea,de
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,7a,35,88,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:72,a5,68,3a,40,fa,a2,91,aa,33,cc,4d,d7,1a,02,e9,e6,91,d7,c5,a7,ba,
21,3b,81,7c,75,9f,7d,4e,24,be
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\CertificateServicesClient\\UserTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c0,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,6d,72,ff,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:db,89,fe,61,b3,8c,f5,41,d5,84,c3,46,12,b8,56,a8,25,ef,9a,28,77,79,
f0,cc,bf,aa,95,a0,18,3e,87,81
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,85,40,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,1c,df,98,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:9e,15,41,71,40,8f,80,e0,d5,ce,b4,d8,f7,75,75,8b,34,5b,3f,d7,05,ad,
0b,30,58,b1,73,28,70,be,80,7f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\WDI\\ResolutionHost"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,85,c0,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,7c,40,9b,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:76,78,f2,83,cd,52,82,77,95,1d,59,55,d0,03,19,dc,3e,40,4f,5d,6a,d8,
e0,80,6b,80,dc,78,1e,71,81,ca
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{994C86AD-A929-4B2C-88A0-4E25A107A029}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\SystemRestore\\SR"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,52,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,e9,e1,e2,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:a2,28,1a,82,81,4b,04,bf,0a,e2,44,19,91,c4,82,c4,85,9e,a3,bf,f1,9e,
69,5d,72,cd,f0,b8,e2,5a,48,1c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9979CB83-103A-4105-9E5D-C74B0AF6D198}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,90,85,00,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,dc,a1,9d,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:f2,ce,6a,b8,c2,2d,cf,17,80,14,18,67,45,5a,46,fa,6d,08,f0,8c,5b,5d,
48,20,02,37,2e,5f,de,05,9b,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,91,00,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,cd,d3,01,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:1c,5e,72,cb,82,1b,89,10,81,91,ac,5b,7f,d3,15,7b,5c,ce,04,74,ed,d4,
4c,9d,1c,ec,81,97,87,f2,88,ab
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48CABBF-24C8-4B87-B00F-9261807C3B43}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\AppID\\PolicyConverter"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,40,11,02,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,d6,01,7b,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:c6,45,bb,8f,8d,8c,5d,e3,ea,7a,89,3d,78,5b,d9,5f,c0,6f,a4,d7,81,07,
45,fe,4e,78,e3,92,00,9f,ff,b8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Location\\Notifications"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,d6,01,7b,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:e2,ee,c5,dc,63,8b,16,a8,dc,f4,e8,3a,35,14,f2,8d,c7,ff,b5,ca,04,85,
41,76,d2,52,d9,09,5c,29,b3,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Application Experience\\AitAgent"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,04,c5,1f,53,
09,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,57,87,84,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:9a,13,ff,7f,b5,4c,92,12,aa,c3,66,3a,ee,28,89,a6,af,b0,ba,68,98,ab,
c3,f9,a8,11,e6,21,69,87,b8,33
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC668097-4D6B-4093-AC14-014C09DBF820}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Ras\\MobilityManager"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,05,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,98,cf,92,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:47,2f,2f,6e,40,d8,84,58,d9,2b,94,6c,81,ba,92,25,d6,3c,0b,d0,45,fb,
ab,63,ca,ef,19,04,bc,35,ba,73
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,10,21,82,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,f9,30,95,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:8a,4b,c3,fb,22,e9,43,ed,e5,a9,84,56,cc,af,34,53,d4,dd,d6,13,d1,a3,
26,50,17,96,7a,bc,8c,77,9e,7d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE669C13-8165-4536-96D0-6D6C39292AAE}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Diagnosis\\Scheduled"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,68,b6,94,02,
d0,c3,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,72,89,c0,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,41,9a,dc,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:82,eb,d6,01,08,50,0f,cd,35,7b,f2,8c,ce,59,52,ef,b6,ff,94,3b,38,e8,
25,0a,3a,f3,45,07,c6,16,2f,ae
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C016366B-7126-46CA-B36B-592A3D95A60B}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,c0,5b,5d,c3,
d0,c3,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,02,5d,e1,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:55,5c,d3,77,ba,0a,05,32,a5,63,0e,be,96,ae,9d,b1,84,3e,64,2b,2a,15,
ba,07,c4,0c,8b,67,be,00,e8,7f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Registry\\RegIdleBackup"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,c0,76,40,09,
4c,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,4e,20,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,a8,1c,18,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:ae,0d,b2,f3,1a,30,b2,08,e0,c5,0e,f6,4c,29,94,8a,82,86,12,ac,60,5c,
a8,f6,b3,e4,2f,51,ea,6c,09,e1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,28,11,c2,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,08,7e,1a,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:40,f4,a1,b4,cb,f3,46,72,0b,7a,18,6a,ae,91,2f,ce,a1,fb,e0,dd,82,f4,
8f,51,fc,b9,ad,1a,76,bf,25,25
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,a0,c0,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,68,df,1c,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:39,d0,b0,4f,35,6d,f6,65,0e,07,60,76,25,5c,e2,6c,e2,75,91,42,87,40,
c7,59,24,1d,2b,1a,ee,37,f6,12
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0250F3F-6480-484F-B719-42F659AC64D5}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,2d,35,04,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:6e,b7,d5,0a,0f,0e,81,3e,f3,90,52,14,6b,2a,b5,86,92,ed,68,d8,2e,0e,
8e,73,30,43,ec,c9,33,4d,16,d1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Autochk\\Proxy"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,42,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,4a,43,e5,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:02,e6,03,f0,f0,b9,82,21,f0,70,dd,81,a8,8b,3d,b6,7c,e5,da,31,5b,c5,
68,42,37,32,f9,ee,d1,5f,3f,79
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Maintenance\\WinSAT"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,77,c2,01,00,00,00,00,00,28,3b,a2,11,
4c,c8,01,00,77,c2,01,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,3a,a1,40,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,c9,40,1f,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:9b,40,05,4f,df,c9,71,dd,00,55,1e,a1,f0,55,1c,c9,b9,9c,1e,38,23,ca,
4b,ac,18,0d,f0,aa,81,ad,3e,b1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,00,f2,32,fa,
cf,c3,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,21,82,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,29,a2,21,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:fd,59,aa,8f,a7,e6,d6,c6,81,94,51,35,c9,9b,ce,ac,82,f3,db,23,b0,37,
25,3c,8d,ad,16,17,f5,c5,e4,25
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,10,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,29,a2,21,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:cd,35,89,98,7e,9b,5e,1e,6b,4e,ec,84,9a,5a,db,be,ec,ea,05,cb,35,bb,
86,b0,7a,c6,6c,40,29,eb,0d,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3163C33-301D-4730-A266-5518C5ED3967}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,10,05,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,89,03,24,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:90,a6,90,3c,07,9d,e7,96,e0,b7,2c,7c,3b,74,0e,a1,ad,65,58,83,df,0a,
c5,46,8e,3e,b7,03,11,b7,e7,f7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\RAC\\RacTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,21,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,89,03,24,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:e5,98,79,e1,ff,87,cb,7d,11,14,26,64,c9,19,e0,ad,f6,1f,5a,96,87,d6,
97,c3,f1,c2,04,fa,4c,56,e3,03
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\MUI\\LPRemove"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,12,21,42,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,4a,43,e5,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:47,d4,5b,03,1c,19,94,b3,9c,49,ef,36,d6,fe,80,fb,ec,11,1f,7d,6e,f3,
e2,82,47,6e,f5,d7,7e,09,7d,ab
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,a0,c0,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,e9,64,26,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:cb,b1,2f,1e,d1,29,86,18,18,01,a3,65,a6,f7,50,01,d3,1d,2b,b3,cf,74,
41,ba,85,41,89,42,67,d4,cc,42
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3C354D-297A-4EB2-9B58-090F6361906B}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,30,11,8b,3b,
4c,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,42,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,aa,27,2b,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:94,23,b2,65,cb,ab,42,6f,81,67,2f,08,4e,7d,98,66,f6,85,d9,83,b6,22,
24,71,2f,f0,db,c4,ff,ef,e3,74
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,2c,71,03,e3,
0b,c9,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,52,21,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,aa,27,2b,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:ae,b0,3f,1b,c1,69,23,6f,2c,3b,f0,19,f9,d9,ed,3c,21,3d,1e,4a,56,8f,
8c,67,f1,fc,3f,2e,c0,86,49,a6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}]
@DACL=(02 0000)
"Class"="SMUpdd"
"NoDisplayClass"="1"
"NoUseClass"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
.
**************************************************************************
.
Heure de fin: 2017-06-20 17:02:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-06-20 15:02
ComboFix2.txt 2017-06-19 17:13
.
Avant-CF: 100 224 327 680 octets libres
Après-CF: 99 900 690 432 octets libres
.
- - End Of File - - 309856C4FA3BDC4D23940CC9D91C0BAF
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8120.6283 [GMT 2:00]
Lancé depuis: c:\users\Lorenzo\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lorenzo\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\BullseyeCoverage-2-x64.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-05-20 au 2017-06-20 ))))))))))))))))))))))))))))))))))))
.
.
2017-06-20 15:00 . 2017-06-20 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-06-19 23:34 . 2017-06-19 23:34 -------- d-----w- c:\users\Lorenzo\AppData\Local\CrashRpt
2017-06-17 22:57 . 2017-05-03 15:34 94952 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-06-17 22:57 . 2017-05-03 15:29 1206272 ----a-w- c:\windows\system32\aeinv.dll
2017-06-17 22:57 . 2017-05-03 13:05 325632 ----a-w- c:\windows\system32\invagent.dll
2017-06-17 22:57 . 2017-05-03 13:05 620544 ----a-w- c:\windows\system32\generaltel.dll
2017-06-17 22:57 . 2017-05-03 13:05 535552 ----a-w- c:\windows\system32\devinv.dll
2017-06-17 22:57 . 2017-05-03 13:05 311296 ----a-w- c:\windows\system32\centel.dll
2017-06-17 22:57 . 2017-05-03 13:05 217088 ----a-w- c:\windows\system32\aepic.dll
2017-06-17 22:57 . 2017-05-03 13:05 1555968 ----a-w- c:\windows\system32\appraiser.dll
2017-06-17 22:57 . 2017-05-03 13:05 127488 ----a-w- c:\windows\system32\acmigration.dll
2017-06-17 22:57 . 2017-03-23 02:06 1691136 ----a-w- c:\windows\system32\aitstatic.exe
2017-06-12 16:27 . 2017-06-12 16:51 -------- d-----w- C:\MPF Games
2017-06-10 10:52 . 2017-06-10 10:52 -------- d-----w- c:\windows\system32\DAX3
2017-06-04 18:11 . 2017-06-04 18:11 -------- d-----w- c:\program files (x86)\Revora
2017-06-04 13:18 . 2017-06-04 13:18 -------- d-----w- C:\Crash
2017-06-03 20:23 . 2017-06-20 15:01 -------- d-----w- c:\users\Lorenzo\AppData\Local\LogMeIn Hamachi
2017-06-03 20:22 . 2017-06-03 20:22 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2017-06-01 03:54 . 2017-06-01 03:55 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\skyz
2017-05-28 13:37 . 2017-05-28 13:37 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\Petroglyph
2017-05-27 13:11 . 2017-06-04 18:22 -------- d-----w- c:\users\Lorenzo\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2017-05-24 15:34 . 2017-05-28 12:04 -------- d-----w- c:\program files (x86)\McAfee
2017-05-24 15:34 . 2017-05-28 12:04 -------- d-----w- c:\program files\Common Files\McAfee
2017-05-24 15:22 . 2017-05-24 15:36 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-20 15:01 . 2017-04-17 22:33 251832 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-06-20 15:00 . 2016-11-19 18:04 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-06-19 23:34 . 2016-09-13 02:13 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2017-06-19 23:34 . 2016-02-18 07:07 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2017-06-18 13:49 . 2016-01-11 15:42 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2017-06-17 11:13 . 2016-01-11 12:17 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-06-17 11:13 . 2016-01-11 12:17 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-06-15 20:31 . 2016-04-26 01:00 133627792 -c--a-w- c:\windows\system32\MRT.exe
2017-06-10 10:53 . 2017-04-01 20:27 14413536 ----a-w- c:\windows\system32\atiumd6a.dll
2017-06-10 10:53 . 2016-01-10 17:10 207760 ----a-w- c:\windows\system32\atiuxp64.dll
2017-06-10 10:53 . 2017-04-01 20:27 9446336 ----a-w- c:\windows\system32\atiumd64.dll
2017-06-10 10:53 . 2017-04-01 20:27 185088 ----a-w- c:\windows\system32\atiu9p64.dll
2017-06-10 10:53 . 2016-01-10 17:10 1649736 ----a-w- c:\windows\system32\aticfx64.dll
2017-06-10 10:53 . 2016-01-10 17:10 12139760 ----a-w- c:\windows\system32\atidxx64.dll
2017-06-10 10:53 . 2016-01-10 16:59 768392 ----a-w- c:\windows\system32\atieclxx.exe
2017-06-10 10:53 . 2016-01-10 16:59 543112 ----a-w- c:\windows\system32\atiesrxx.exe
2017-05-12 20:35 . 2016-01-29 21:27 158880 ----a-w- c:\windows\system32\drivers\aswstm.sys
2017-05-12 18:03 . 2017-06-15 18:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-05-10 09:36 . 2017-05-10 09:36 400456 ----a-w- c:\windows\system32\aswBoot.exe
2017-05-10 09:36 . 2016-01-29 21:27 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-05-10 09:36 . 2016-01-29 21:27 569192 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-05-10 09:36 . 2016-01-29 21:27 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-05-10 09:36 . 2016-01-29 21:27 339696 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-05-10 09:36 . 2016-01-29 21:27 128648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-05-10 09:36 . 2016-01-29 21:27 101152 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-05-10 09:36 . 2016-06-15 01:28 32600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-05-10 09:36 . 2016-01-29 21:27 1007160 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-05-10 09:36 . 2017-03-18 12:36 49016 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-05-10 09:36 . 2017-03-18 12:36 334576 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-05-10 09:36 . 2017-03-18 12:36 311808 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-05-10 09:36 . 2017-03-18 12:36 190256 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-05-01 10:08 . 2017-04-17 22:34 186304 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-01 10:08 . 2017-04-17 22:34 82720 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-05-01 10:08 . 2017-04-17 22:34 111544 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-05-01 10:08 . 2017-04-17 22:34 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-04-21 15:34 . 2017-05-10 10:43 1133568 ----a-w- c:\windows\system32\cdosys.dll
2017-04-21 15:15 . 2017-05-10 10:43 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2017-04-21 12:53 . 2017-04-21 12:53 29376 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-04-21 12:53 . 2017-04-21 12:53 18600 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-04-21 12:53 . 2017-04-21 12:53 18600 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-04-21 12:53 . 2017-04-21 12:53 18600 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-04-21 12:50 . 2017-04-21 12:50 30912 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-04-21 12:50 . 2017-04-21 12:50 18592 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-04-21 12:50 . 2017-04-21 12:50 18592 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-04-21 12:50 . 2017-04-21 12:50 18592 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09 993632 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09 987840 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09 690008 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09 485576 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2017-04-19 10:53 . 2016-03-25 18:36 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-04-17 15:37 . 2017-05-10 10:43 512000 ----a-w- c:\windows\system32\rpcss.dll
2017-04-17 15:37 . 2017-05-10 10:43 876544 ----a-w- c:\windows\system32\oleaut32.dll
2017-04-17 15:37 . 2017-05-10 10:43 2065408 ----a-w- c:\windows\system32\ole32.dll
2017-04-17 15:37 . 2017-05-10 10:43 26112 ----a-w- c:\windows\system32\oleres.dll
2017-04-17 15:37 . 2017-05-10 10:43 8704 ----a-w- c:\windows\system32\comcat.dll
2017-04-17 15:12 . 2017-05-10 10:43 581632 ----a-w- c:\windows\SysWow64\oleaut32.dll
2017-04-17 15:12 . 2017-05-10 10:43 1417728 ----a-w- c:\windows\SysWow64\ole32.dll
2017-04-17 15:12 . 2017-05-10 10:43 26112 ----a-w- c:\windows\SysWow64\oleres.dll
2017-04-17 14:54 . 2017-05-10 10:43 7168 ----a-w- c:\windows\SysWow64\comcat.dll
2017-04-16 21:04 . 2016-11-21 20:23 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-04-12 15:32 . 2017-05-10 10:43 229376 ----a-w- c:\windows\system32\wintrust.dll
2017-04-12 15:32 . 2017-05-10 10:43 1483776 ----a-w- c:\windows\system32\crypt32.dll
2017-04-12 15:32 . 2017-05-10 10:43 190976 ----a-w- c:\windows\system32\cryptsvc.dll
2017-04-12 15:32 . 2017-05-10 10:43 141824 ----a-w- c:\windows\system32\cryptnet.dll
2017-04-12 15:26 . 2017-05-10 10:43 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2017-04-12 15:25 . 2017-05-10 10:43 1176064 ----a-w- c:\windows\SysWow64\crypt32.dll
2017-04-12 15:25 . 2017-05-10 10:43 145920 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2017-04-12 15:25 . 2017-05-10 10:43 106496 ----a-w- c:\windows\SysWow64\cryptnet.dll
2017-04-07 15:34 . 2017-05-10 10:43 986856 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2017-04-07 15:34 . 2017-05-10 10:43 265448 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2017-04-07 15:30 . 2017-05-10 10:43 144384 ----a-w- c:\windows\system32\cdd.dll
2017-04-05 14:55 . 2017-05-10 10:43 460800 ----a-w- c:\windows\system32\drivers\srv.sys
2017-04-05 14:55 . 2017-05-10 10:43 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2017-04-05 14:55 . 2017-05-10 10:43 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2017-04-04 15:34 . 2017-05-10 10:43 1895656 ----a-w- c:\windows\system32\drivers\tcpip.sys
2017-04-04 15:34 . 2017-05-10 10:43 377576 ----a-w- c:\windows\system32\drivers\netio.sys
2017-04-04 15:34 . 2017-05-10 10:43 287976 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2017-04-04 14:53 . 2017-05-10 10:43 496128 ----a-w- c:\windows\system32\drivers\afd.sys
2017-04-01 20:27 . 2017-04-01 20:27 915336 ----a-w- c:\windows\system32\coinst_16.60.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-03-01 4290240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-06-07 27742168]
"CyberGhost"="c:\program files\CyberGhost 6\CyberGhost.exe" [2017-03-22 1229360]
"Discord"="c:\users\Lorenzo\AppData\Local\Discord\app-0.0.297\Discord.exe" [2017-01-04 64290304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2016-01-07 888344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288]
"LogMeIn Hamachi Ui"="f:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2017-05-22 6153128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 CG6Service;CyberGhost 6 Service;c:\program files\CyberGhost 6\CyberGhost.Service.exe;c:\program files\CyberGhost 6\CyberGhost.Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 HnGSteamService;Heroes & Generals Steam Service;f:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe;f:\program files (x86)\Steam\steamapps\common\Heroes & Generals\hngservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Ke2200;NDIS Miniport Driver for Killer e2201/e2202 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cgnetfilter1521;cgnetfilter1521;c:\windows\system32\drivers\cgnetfilter1521.sys;c:\windows\SYSNATIVE\drivers\cgnetfilter1521.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys;c:\windows\SYSNATIVE\DRIVERS\XQHDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KillerEth;NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e2xw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e2xw7x64.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Device Service;c:\windows\system32\DRIVERS\XtuAcpiDriver.sys;c:\windows\SYSNATIVE\DRIVERS\XtuAcpiDriver.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-05-10 09:36 1505952 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-05-10 09:36 1505952 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-05-10 213824]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-20 2780112]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2017-06-10 9197568]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\users\Lorenzo\AppData\Roaming\Mozilla\Firefox\Profiles\sq6quese.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-BattlEye for A2 - f:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Dune 2000: Gruntmods Edition - f:\program files (x86)\Gruntmods Studios\Dune 2000 Gruntmods Edition Uninstaller.exe
AddRemove-Encoder_4.0.1651.0 - f:\program files (x86)\Microsoft Expression\Encoder 4\XSetup.exe
AddRemove-Grand Theft Auto V - Patch FR 1.3 - f:\program files (x86)\Program Files (x86)\Grand Theft Auto V\Uninstall.exe
AddRemove-ImageConverter Plus_is1 - f:\program files (x86)\ImageConverter Plus\unins000.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Ubisoft\FarCry 3\bin\pbsvc_fc3.exe
AddRemove-{8670953D-FB1B-4365-B71A-A9560F37E1ED}_is1 - c:\program files (x86)\Totally Accurate Battle Simulator\unins000.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-4083203447-1993287391-2016419916-1000\Software\Microsoft\Internet Explorer\DOMStorage\cdn.bubbledock.com]
@DACL=(02 0000)
@=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_131_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_131_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,e8,e6,37,9d,
ef,c4,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,e0,21,42,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,2d,35,04,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:17,d3,bd,88,4b,e1,ea,d4,b4,b3,2c,c4,6d,07,07,e4,68,68,8a,3f,cd,e1,
83,55,73,bf,3a,39,2d,0b,f6,5a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,38,a1,40,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,8d,96,06,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:ce,f4,fd,5d,a0,44,59,b6,0c,16,3c,d7,1d,53,80,78,a6,01,ef,7e,e0,58,
32,ce,cd,2d,d7,9d,52,13,af,22
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,80,29,4e,12,96,
38,c6,01,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,38,a1,40,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,8d,96,06,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:4d,3c,72,ee,9b,73,1b,fc,fc,70,22,53,1b,28,70,de,f2,8f,f1,3f,f8,e0,
f0,89,00,3e,02,aa,0f,40,c0,5d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Task Manager\\Interactive"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,85,c0,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,ee,f7,08,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:89,de,49,d1,46,b9,da,8a,3f,68,6f,98,cc,96,57,67,af,cd,97,16,b0,8a,
2f,c6,51,05,dc,7b,0d,dd,c5,19
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2470470F-2634-478E-B181-571E98A789BB}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Multimedia\\SystemSoundsService"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,2b,2a,f1,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:fd,7b,51,b9,fb,6d,dd,39,37,4c,58,66,90,f9,e9,34,ee,65,eb,22,fd,61,
53,1b,54,08,b2,05,91,03,1c,e2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28011108-68DF-4C73-B91B-57427D501BBA}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,f8,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,8b,8b,f3,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:62,05,0c,0d,7c,47,49,98,41,4f,a2,c4,7e,4d,34,6e,ce,62,8d,7d,97,4f,
37,7e,e3,b8,ae,2e,60,98,2e,e3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\WindowsBackup\\ConfigNotification"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,ed,7e,01,00,00,00,00,00,50,d5,04,e3,
8e,cb,01,00,ed,7e,01,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,48,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,4e,59,0b,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:5c,2d,4d,fb,0f,1a,10,46,14,69,14,ae,e9,c3,f3,7c,27,0e,3c,a4,4a,a0,
3a,12,8c,e1,4c,71,07,d8,d9,e0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,9c,9e,e0,73,
a6,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,70,21,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,ae,ba,0d,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:ae,18,62,ba,40,99,24,24,8d,c1,73,6d,23,e3,27,b7,15,40,18,fc,40,a4,
da,69,5b,c7,77,d1,13,5a,52,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,05,82,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,ac,af,fa,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:6d,5d,71,fc,d9,af,69,de,33,a5,e4,7e,6d,e8,94,ca,d1,5a,01,09,44,b2,
ef,58,c0,72,c7,f6,1e,db,87,e8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,85,c0,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,0c,11,fd,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:f7,cc,b3,90,21,e7,e2,45,ca,dc,d7,5e,42,61,02,52,20,87,dd,3a,c9,1a,
f7,d4,38,7d,8d,70,ed,6d,da,b4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A40E926-9E86-4B89-9CFD-B12311724371}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\UPnP\\UPnPHostConfig"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,10,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,6f,7d,12,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:6a,0c,38,92,08,12,da,be,f6,1f,ed,20,83,d1,4e,9e,08,5c,db,d0,f5,45,
9b,31,59,f0,f4,50,4c,c8,b4,b0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Shell\\WindowsParentalControls"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,85,80,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,0c,11,fd,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:88,65,11,e7,de,e4,f4,47,b2,f7,04,a0,40,46,bb,94,2b,d9,bd,a7,61,52,
a1,2b,b0,ae,3d,9b,56,c6,aa,f5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Defrag\\ScheduledDefrag"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,e8,e6,37,9d,
ef,c4,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,21,42,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,2f,40,17,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:83,6a,0f,9a,79,43,22,0e,6e,69,d4,60,79,28,f3,8f,05,27,87,b2,76,05,
a9,c5,cd,19,df,80,80,48,90,ce
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5A18EB-DC73-4E45-A11C-B59043598412}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c0,05,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,c8,bd,db,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:5f,17,41,f0,e3,67,3a,ee,6b,7d,98,3c,db,71,8c,34,64,0a,8c,20,b8,d2,
f6,27,b7,aa,49,1c,12,f1,63,58
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613612BA-897D-44CE-8DC1-8FC283F9FD51}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c8,85,00,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,6d,72,ff,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:5f,ea,8c,5d,59,0e,39,1f,05,dc,6b,f1,82,ee,76,fa,80,be,1e,c0,3c,9f,
02,43,9f,1a,61,9a,1d,37,1c,bb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,40,6a,60,06,
e9,c7,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c2,21,02,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,b9,72,83,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:22,73,52,40,f6,34,af,52,eb,49,6c,ac,7f,58,e8,5d,9e,d7,af,87,6a,d3,
1d,5a,e4,c1,f5,7c,23,4e,57,28
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DB7465-BC54-491B-A92A-4637A28C9BBF}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,11,02,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,29,1f,de,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:a8,55,9f,6c,cc,a2,df,09,f1,22,5f,5d,cf,f6,7d,8c,6f,f1,24,fc,5f,85,
dc,df,7f,19,1d,c7,cf,13,ea,de
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,7a,35,88,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:72,a5,68,3a,40,fa,a2,91,aa,33,cc,4d,d7,1a,02,e9,e6,91,d7,c5,a7,ba,
21,3b,81,7c,75,9f,7d,4e,24,be
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\CertificateServicesClient\\UserTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c0,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,6d,72,ff,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:db,89,fe,61,b3,8c,f5,41,d5,84,c3,46,12,b8,56,a8,25,ef,9a,28,77,79,
f0,cc,bf,aa,95,a0,18,3e,87,81
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,85,40,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,1c,df,98,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:9e,15,41,71,40,8f,80,e0,d5,ce,b4,d8,f7,75,75,8b,34,5b,3f,d7,05,ad,
0b,30,58,b1,73,28,70,be,80,7f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\WDI\\ResolutionHost"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,85,c0,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,7c,40,9b,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:76,78,f2,83,cd,52,82,77,95,1d,59,55,d0,03,19,dc,3e,40,4f,5d,6a,d8,
e0,80,6b,80,dc,78,1e,71,81,ca
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{994C86AD-A929-4B2C-88A0-4E25A107A029}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\SystemRestore\\SR"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,52,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,e9,e1,e2,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:a2,28,1a,82,81,4b,04,bf,0a,e2,44,19,91,c4,82,c4,85,9e,a3,bf,f1,9e,
69,5d,72,cd,f0,b8,e2,5a,48,1c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9979CB83-103A-4105-9E5D-C74B0AF6D198}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,90,85,00,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,dc,a1,9d,2e,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:f2,ce,6a,b8,c2,2d,cf,17,80,14,18,67,45,5a,46,fa,6d,08,f0,8c,5b,5d,
48,20,02,37,2e,5f,de,05,9b,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,91,00,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,cd,d3,01,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:1c,5e,72,cb,82,1b,89,10,81,91,ac,5b,7f,d3,15,7b,5c,ce,04,74,ed,d4,
4c,9d,1c,ec,81,97,87,f2,88,ab
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48CABBF-24C8-4B87-B00F-9261807C3B43}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\AppID\\PolicyConverter"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,40,11,02,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,d6,01,7b,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:c6,45,bb,8f,8d,8c,5d,e3,ea,7a,89,3d,78,5b,d9,5f,c0,6f,a4,d7,81,07,
45,fe,4e,78,e3,92,00,9f,ff,b8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Location\\Notifications"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,d6,01,7b,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:e2,ee,c5,dc,63,8b,16,a8,dc,f4,e8,3a,35,14,f2,8d,c7,ff,b5,ca,04,85,
41,76,d2,52,d9,09,5c,29,b3,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Application Experience\\AitAgent"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,04,c5,1f,53,
09,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,57,87,84,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:9a,13,ff,7f,b5,4c,92,12,aa,c3,66,3a,ee,28,89,a6,af,b0,ba,68,98,ab,
c3,f9,a8,11,e6,21,69,87,b8,33
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC668097-4D6B-4093-AC14-014C09DBF820}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Ras\\MobilityManager"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,05,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,98,cf,92,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:47,2f,2f,6e,40,d8,84,58,d9,2b,94,6c,81,ba,92,25,d6,3c,0b,d0,45,fb,
ab,63,ca,ef,19,04,bc,35,ba,73
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,10,21,82,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,f9,30,95,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:8a,4b,c3,fb,22,e9,43,ed,e5,a9,84,56,cc,af,34,53,d4,dd,d6,13,d1,a3,
26,50,17,96,7a,bc,8c,77,9e,7d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE669C13-8165-4536-96D0-6D6C39292AAE}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Diagnosis\\Scheduled"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,68,b6,94,02,
d0,c3,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,72,89,c0,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,41,9a,dc,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:82,eb,d6,01,08,50,0f,cd,35,7b,f2,8c,ce,59,52,ef,b6,ff,94,3b,38,e8,
25,0a,3a,f3,45,07,c6,16,2f,ae
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C016366B-7126-46CA-B36B-592A3D95A60B}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,c0,5b,5d,c3,
d0,c3,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,02,5d,e1,2f,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:55,5c,d3,77,ba,0a,05,32,a5,63,0e,be,96,ae,9d,b1,84,3e,64,2b,2a,15,
ba,07,c4,0c,8b,67,be,00,e8,7f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Registry\\RegIdleBackup"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,c0,76,40,09,
4c,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,4e,20,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,a8,1c,18,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:ae,0d,b2,f3,1a,30,b2,08,e0,c5,0e,f6,4c,29,94,8a,82,86,12,ac,60,5c,
a8,f6,b3,e4,2f,51,ea,6c,09,e1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,28,11,c2,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,08,7e,1a,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:40,f4,a1,b4,cb,f3,46,72,0b,7a,18,6a,ae,91,2f,ce,a1,fb,e0,dd,82,f4,
8f,51,fc,b9,ad,1a,76,bf,25,25
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,a0,c0,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,68,df,1c,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:39,d0,b0,4f,35,6d,f6,65,0e,07,60,76,25,5c,e2,6c,e2,75,91,42,87,40,
c7,59,24,1d,2b,1a,ee,37,f6,12
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0250F3F-6480-484F-B719-42F659AC64D5}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,85,40,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,2d,35,04,2d,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:6e,b7,d5,0a,0f,0e,81,3e,f3,90,52,14,6b,2a,b5,86,92,ed,68,d8,2e,0e,
8e,73,30,43,ec,c9,33,4d,16,d1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Autochk\\Proxy"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,42,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,4a,43,e5,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:02,e6,03,f0,f0,b9,82,21,f0,70,dd,81,a8,8b,3d,b6,7c,e5,da,31,5b,c5,
68,42,37,32,f9,ee,d1,5f,3f,79
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Maintenance\\WinSAT"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,77,c2,01,00,00,00,00,00,28,3b,a2,11,
4c,c8,01,00,77,c2,01,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,3a,a1,40,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,c9,40,1f,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:9b,40,05,4f,df,c9,71,dd,00,55,1e,a1,f0,55,1c,c9,b9,9c,1e,38,23,ca,
4b,ac,18,0d,f0,aa,81,ad,3e,b1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,00,f2,32,fa,
cf,c3,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,21,82,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,29,a2,21,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:fd,59,aa,8f,a7,e6,d6,c6,81,94,51,35,c9,9b,ce,ac,82,f3,db,23,b0,37,
25,3c,8d,ad,16,17,f5,c5,e4,25
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,10,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,29,a2,21,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:cd,35,89,98,7e,9b,5e,1e,6b,4e,ec,84,9a,5a,db,be,ec,ea,05,cb,35,bb,
86,b0,7a,c6,6c,40,29,eb,0d,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3163C33-301D-4730-A266-5518C5ED3967}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,10,05,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,89,03,24,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:90,a6,90,3c,07,9d,e7,96,e0,b7,2c,7c,3b,74,0e,a1,ad,65,58,83,df,0a,
c5,46,8e,3e,b7,03,11,b7,e7,f7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\RAC\\RacTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,21,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,89,03,24,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:e5,98,79,e1,ff,87,cb,7d,11,14,26,64,c9,19,e0,ad,f6,1f,5a,96,87,d6,
97,c3,f1,c2,04,fa,4c,56,e3,03
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\MUI\\LPRemove"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,12,21,42,03,48,48,\
"DynamicInfo"=hex:03,00,00,00,4a,43,e5,2c,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:47,d4,5b,03,1c,19,94,b3,9c,49,ef,36,d6,fe,80,fb,ec,11,1f,7d,6e,f3,
e2,82,47,6e,f5,d7,7e,09,7d,ab
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector"
"Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00,
00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,a0,c0,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,e9,64,26,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:cb,b1,2f,1e,d1,29,86,18,18,01,a3,65,a6,f7,50,01,d3,1d,2b,b3,cf,74,
41,ba,85,41,89,42,67,d4,cc,42
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3C354D-297A-4EB2-9B58-090F6361906B}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,30,11,8b,3b,
4c,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,42,21,42,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,aa,27,2b,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:94,23,b2,65,cb,ab,42,6f,81,67,2f,08,4e,7d,98,66,f6,85,d9,83,b6,22,
24,71,2f,f0,db,c4,ff,ef,e3,74
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}]
@DACL=(02 0000)
"Path"="\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask"
"Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,2c,71,03,e3,
0b,c9,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,52,21,c2,02,48,48,\
"DynamicInfo"=hex:03,00,00,00,aa,27,2b,30,41,04,ca,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00
"Hash"=hex:ae,b0,3f,1b,c1,69,23,6f,2c,3b,f0,19,f9,d9,ed,3c,21,3d,1e,4a,56,8f,
8c,67,f1,fc,3f,2e,c0,86,49,a6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}]
@DACL=(02 0000)
"Class"="SMUpdd"
"NoDisplayClass"="1"
"NoUseClass"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
.
**************************************************************************
.
Heure de fin: 2017-06-20 17:02:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-06-20 15:02
ComboFix2.txt 2017-06-19 17:13
.
Avant-CF: 100 224 327 680 octets libres
Après-CF: 99 900 690 432 octets libres
.
- - End Of File - - 309856C4FA3BDC4D23940CC9D91C0BAF
A36C5E4F47E84449FF07ED3517B43A31