--------------- QuickDiag | g3n-h@ckm@n | V3_28.04.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 02/05/2017 09:42:27 Updated 28/04/2017 | 08.50 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [CLUB OUSTAOU (Administrator)] - [CLUBOUSTAOU-PC] (S-1-5-21-1559902248-2445429790-4024575060-1000) System: Microsoft Windows 10 Famille - - (10.0.10586) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition2 Boot : Normal boot PC: System Product Name - System manufacturer - IdNumber: System Serial Number - UUID: F02DDBE0-86BD-11DF-9058-20CF308CA00D Processor : X64 - 2930 Mhz - Pentium(R) Dual-Core CPU E6500 @ 2.93GHz BIOS Date: 12/08/09 14:55:37 Ver: 08.00.12 - en|US|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 0307 - A_M_I_ - 12000908 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice VIA HD Audio - Status: OK - Manufacturer: VIA Technologies, Inc. - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_104383B7&REV_1000\4&50EEDE4&0&0001 ---------- | Video Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM 1.0) - Resolution: 1680x1050 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_29C2&SUBSYS_82B01043&REV_10\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456 Inegrated Video Chipset DeviceName: Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM 1.0) - DriverVersion: 8.14.10.2697 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13824 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 73216 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29440 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 30504 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36720 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 49664 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 33280 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86528 - Manufacturer: Radius Inc. - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:5 % Total Overall CPU Usage value:2 % ---------- | Network Atheros AR8121_AR8113_AR8114 PCI-E Ethernet Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros AR5BWB222 Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{66795875-586B-4444-8D09-EB500C3D8F7B} : SENT:0 bytes/sec / RECVD:0 bytes/sec Connexion au réseau local* 3 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:2 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Qualcomm Atheros AR5BWB222 Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0034&SUBSYS_662111AD&REV_01\4&2B0ED4DD&0&00E0 Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller - Ethernet 802.3 - Atheros - Status: - PnPID : PCI\VEN_1969&DEV_1026&SUBSYS_831C1043&REV_B0\4&3AA6353D&0&00E1 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&373731E0&1&12 Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0 Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE ---------- | Memory RAM = Total (MB) : 2087 | Free (MB) : 763 Pagefile = Total (MB) : 4184 | Free (MB) : 2772 Virtual = Total (MB) : 2097 | Free (MB) : 1849 Physical Memory 0 : Capacity: 2147483648 - DIMM A1 - Posit.: 0 - Manufacturer: Manufacturer0 - PartNumber: PartNum0 - S/N: SerNum0 ---------- | SID Users Administrateur : [S-1-5-21-1559902248-2445429790-4024575060-500] CLUB OUSTAOU : [S-1-5-21-1559902248-2445429790-4024575060-1000] DefaultAccount : [S-1-5-21-1559902248-2445429790-4024575060-503] Invité : [S-1-5-21-1559902248-2445429790-4024575060-501] scan : [S-1-5-21-1559902248-2445429790-4024575060-1001] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 232.35 Go | Free : 190.24 Go -> NTFS [ATA] E:\ -> [Removable] | [] | Total : 3.74 Go | Free : 1.91 Go -> FAT32 [USB] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [C:] : Read:4,567,013 bytes/sec, Written:0 bytes/sec Max Read:4,567,013 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:4,567,013 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_MICRO&REV_8.01\174113115C42055F&0 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKWDC_WD2500AAJB-00J3A0___________________01.03E01\5&20F2915F&0&0.0.0 ---------- | Windows updates Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.10586.672 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" %1 ---------- | FlashPlayer FlashPlayer ActiveX : 23.0.0.207 ---------- | Security AV : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 324 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.10586.0) = C:\Windows\System32\smss.exe [30/10/2015 07:44:57] CPU Usage:0 % 436 | [Owner : Système | Parent : 428() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.10586.0) = C:\Windows\System32\csrss.exe [30/10/2015 07:44:57] CPU Usage:0 % 532 | [Owner : Système | Parent : 428() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.10586.306) = C:\Windows\System32\wininit.exe [24/05/2016 10:11:25] CPU Usage:0 % 644 | [Owner : Système | Parent : 532(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.10586.71) = C:\Windows\System32\services.exe [13/02/2016 13:58:24] CPU Usage:0 % 652 | [Owner : Système | Parent : 532(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.10586.589) = C:\Windows\System32\lsass.exe [20/09/2016 11:38:03] CPU Usage:0 % 732 | [Owner : Système | Parent : 644(services.exe) | 12.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 788 | [Owner : SERVICE RÉSEAU | Parent : 644(services.exe) | 6.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 944 | [Owner : Système | Parent : 644(services.exe) | 88.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 952 | [Owner : Système | Parent : 644(services.exe) | 56.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 1012 | [Owner : SERVICE LOCAL | Parent : 644(services.exe) | 6.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 1020 | [Owner : SERVICE LOCAL | Parent : 644(services.exe) | 19.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 1116 | [Owner : SERVICE LOCAL | Parent : 644(services.exe) | 16.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 1320 | [Owner : SERVICE LOCAL | Parent : 644(services.exe) | 16.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 1484 | [Owner : SERVICE RÉSEAU | Parent : 644(services.exe) | 11.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 1628 | [Owner : Système | Parent : 644(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (17.3.3442.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [30/03/2017 09:53:58] CPU Usage:0 % 1812 | [Owner : Système | Parent : 644(services.exe) | 6.2 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.589) = C:\Windows\System32\spoolsv.exe [20/09/2016 11:35:34] CPU Usage:0 % 1944 | [Owner : Système | Parent : 644(services.exe) | 0.87 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.20.2044) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [16/09/2016 11:24:06] CPU Usage:0 % 1952 | [Owner : Système | Parent : 644(services.exe) | 1.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 1960 | [Owner : Système | Parent : 644(services.exe) | 14.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 8 | [Owner : SERVICE RÉSEAU | Parent : 644(services.exe) | 2.28 Mo] - (.Microsoft Corporation - Message Queuing Service.) - (10.0.10586.0) = C:\Windows\System32\mqsvc.exe [30/10/2015 07:45:11] CPU Usage:0 % 516 | [Owner : Système | Parent : 644(services.exe) | 2.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 868 | [Owner : Système | Parent : 644(services.exe) | 11.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 1300 | [Owner : Système | Parent : 644(services.exe) | 0.89 Mo] - (.VIA Technologies, Inc. - Service binary.) - (0.1.0.0) = C:\Windows\System32\ViakaraokeSrv.exe [22/06/2015 02:49:50] CPU Usage:0 % 2248 | [Owner : Système | Parent : 644(services.exe) | 19.12 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.388) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [07/03/2017 11:33:35] CPU Usage:0 % 2504 | [Owner : SERVICE LOCAL | Parent : 644(services.exe) | 1.98 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.6.1038.0) = C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [30/10/2015 07:45:51] CPU Usage:0 % 2872 | [Owner : SERVICE RÉSEAU | Parent : 644(services.exe) | 1.67 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.6.1038.0) = C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [30/10/2015 07:45:51] CPU Usage:0 % 2992 | [Owner : SERVICE LOCAL | Parent : 952(svchost.exe) | 9.34 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe [30/10/2015 07:44:45] CPU Usage:0 % 4980 | [Owner : Système | Parent : 644(services.exe) | 22.54 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.672) = C:\Windows\System32\SearchIndexer.exe [09/11/2016 11:48:11] CPU Usage:0 % 5780 | [Owner : Système | Parent : 644(services.exe) | 1.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 9912 | [Owner : Système | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 6172 | [Owner : Système | Parent : 8804() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.10586.0) = C:\Windows\System32\csrss.exe [30/10/2015 07:44:57] CPU Usage:0 % 8080 | [Owner : Système | Parent : 8804() | 6.74 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.10586.306) = C:\Windows\System32\winlogon.exe [24/05/2016 10:11:42] CPU Usage:0 % 9748 | [Owner : DWM-17 | Parent : 8080(winlogon.exe) | 33 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.10586.0) = C:\Windows\System32\dwm.exe [30/10/2015 07:44:53] CPU Usage:0 % 632 | [Owner : Système | Parent : 644(services.exe) | 5.64 Mo] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (10.0.10586.0) = C:\Windows\servicing\TrustedInstaller.exe [30/10/2015 07:13:32] CPU Usage:0 % 8168 | [Owner : Système | Parent : 732(svchost.exe) | 7.19 Mo] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.10586.0) = C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_1a2715186e0e7a1d\TiWorker.exe [30/10/2015 07:15:19] CPU Usage:0 % 8788 | [Owner : CLUB OUSTAOU | Parent : 944(svchost.exe) | 14.3 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe [30/10/2015 07:44:55] CPU Usage:0 % 3536 | [Owner : CLUB OUSTAOU | Parent : 944(svchost.exe) | 14.5 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe [30/10/2015 07:44:40] CPU Usage:0 % 8384 | [Owner : CLUB OUSTAOU | Parent : 4296() | 90.41 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.672) = C:\Windows\explorer.exe [09/11/2016 11:46:04] CPU Usage:0 % 6096 | [Owner : CLUB OUSTAOU | Parent : 732(svchost.exe) | 30.14 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe [30/10/2015 07:44:46] CPU Usage:0 % 7892 | [Owner : CLUB OUSTAOU | Parent : 732(svchost.exe) | 35.04 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.494) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [21/07/2016 10:41:50] CPU Usage:0 % 6176 | [Owner : CLUB OUSTAOU | Parent : 732(svchost.exe) | 71.06 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.672) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [09/11/2016 11:47:32] CPU Usage:0 % 4704 | [Owner : CLUB OUSTAOU | Parent : 8384(explorer.exe) | 26.77 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.849) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [07/03/2017 11:33:33] CPU Usage:0 % 4756 | [Owner : CLUB OUSTAOU | Parent : 1464() | 30.98 Mo] - (.AVAST Software - Avast Antivirus.) - (17.3.3442.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [30/03/2017 09:54:11] CPU Usage:0 % 7232 | [Owner : CLUB OUSTAOU | Parent : 944(svchost.exe) | 1.19 Mo] - (.Piriform Ltd - CCleaner.) - (5.28.0.6005) = C:\Program Files\CCleaner\CCleaner.exe [03/03/2017 20:10:26] CPU Usage:0 % 876 | [Owner : SERVICE LOCAL | Parent : 1020(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.10586.218) = C:\Windows\System32\audiodg.exe [17/05/2016 11:44:08] CPU Usage:0 % 6856 | [Owner : CLUB OUSTAOU | Parent : 732(svchost.exe) | 2.32 Mo] - (.-.) - (10.1.2123.36) = C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe [17/05/2016 15:10:08] CPU Usage:0 % 8020 | [Owner : Système | Parent : 944(svchost.exe) | 6.62 Mo] - (.Microsoft Corporation - WMI Reverse Performance Adapter Maintenance Utility.) - (10.0.10586.0) = C:\Windows\System32\wbem\WMIADAP.exe [30/10/2015 07:44:39] CPU Usage:0 % 9052 | [Owner : Système | Parent : 732(svchost.exe) | 10.63 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.10586.589) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/09/2016 11:37:33] CPU Usage:0 % 6244 | [Owner : Système | Parent : 8080(winlogon.exe) | 2.92 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10586.679) = C:\Windows\System32\fontdrvhost.exe [09/11/2016 11:46:06] CPU Usage:0 % 892 | [Owner : CLUB OUSTAOU | Parent : 644(services.exe) | 10.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 07:44:45] CPU Usage:0 % 3172 | [Owner : CLUB OUSTAOU | Parent : 732(svchost.exe) | 10.62 Mo] - (.Microsoft Corporation - InstallAgent.) - (10.0.10586.420) = C:\Windows\System32\InstallAgent.exe [23/06/2016 10:24:48] CPU Usage:0 % 5140 | [Owner : Système | Parent : 944(svchost.exe) | 1.2 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.14913.1002) = C:\Windows\System32\CompatTelRunner.exe [18/10/2016 11:14:07] CPU Usage:0 % 3384 | [Owner : CLUB OUSTAOU | Parent : 944(svchost.exe) | 7.38 Mo] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.824.20.2044) = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [16/09/2016 11:24:06] CPU Usage:0 % 3092 | [Owner : Système | Parent : 5140(CompatTelRunner.exe) | 1.56 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.10586.0) = C:\Windows\System32\conhost.exe [30/10/2015 07:44:53] CPU Usage:0 % 7020 | [Owner : Système | Parent : 5140(CompatTelRunner.exe) | 14.3 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.14913.1002) = C:\Windows\System32\CompatTelRunner.exe [18/10/2016 11:14:07] CPU Usage:8 % 9044 | [Owner : LogonSessionId_0_79944182 | Parent : 732(svchost.exe) | 12.76 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.10586.589) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/09/2016 11:37:33] CPU Usage:0 % 6596 | [Owner : SERVICE LOCAL | Parent : 952(svchost.exe) | 6.71 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.10586.0) = C:\Windows\System32\WUDFHost.exe [30/10/2015 07:45:01] CPU Usage:0 % 6796 | [Owner : Système | Parent : 4980(SearchIndexer.exe) | 7.62 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.10586.589) = C:\Windows\System32\SearchProtocolHost.exe [20/09/2016 11:36:49] CPU Usage:0 % 3520 | [Owner : CLUB OUSTAOU | Parent : 8384(explorer.exe) | 34.55 Mo] - (.SosVirus - QuickDiag.) - (28.4.17.1) = C:\Users\CLUB OUSTAOU\Desktop\QuickDiag.exe [02/05/2017 09:41:17] CPU Usage:0 % 8784 | [Owner : Système | Parent : 4980(SearchIndexer.exe) | 5.02 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10586.0) = C:\Windows\System32\SearchFilterHost.exe [30/10/2015 07:44:55] CPU Usage:0 % 6592 | [Owner : CLUB OUSTAOU | Parent : 4756(AvastUI.exe) | 5.16 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.10586.0) = C:\Windows\System32\ctfmon.exe [30/10/2015 07:45:09] CPU Usage:0 % ---------- | MD5 [MD5.9093B6600C625A903CBC481E8A9D49B2] - [09/11/2016 11:46:04] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3978.67 Ko] - (10.0.10586.672) : C:\WINDOWS\Explorer.exe [MD5.7DB6A5CEEAC1CB15CF78552794B3DB31] - [30/10/2015 07:44:41] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [197.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\cmd.exe [MD5.185139ECFA7170D089CB56C56C0B7B95] - [30/10/2015 07:44:57] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [15.68 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\csrss.exe [MD5.B27E38AD86C7456D60D8F09E4B20C39E] - [30/10/2015 07:44:46] - (.© Microsoft Corporation. - COM Surrogate.) - [17.34 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\dllhost.exe [MD5.91A23E0B008981CE7799620E4EE1794A] - [20/09/2016 11:36:52] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [613.71 Ko] - (10.0.10586.589) : C:\WINDOWS\System32\Kernel32.dll [MD5.04D54F94F613DE3E0B70339A3FA130C7] - [20/09/2016 11:38:03] - (.© Microsoft Corporation. - Local Security Authority Process.) - [41.91 Ko] - (10.0.10586.589) : C:\WINDOWS\System32\lsass.exe [MD5.B2D683725659C6BD9998DEC4AA6BEDB6] - [20/09/2016 11:37:56] - (.© Microsoft Corporation. - Distributed COM Services.) - [736.5 Ko] - (10.0.10586.589) : C:\WINDOWS\System32\rpcss.dll [MD5.2DBCA4E4BB09FF7F8F171CC364DFAF67] - [30/10/2015 07:45:06] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [52.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\rundll32.exe [MD5.0B202554398DBFDEE5777CDC2E6C8254] - [13/02/2016 13:58:24] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [355.63 Ko] - (10.0.10586.71) : C:\WINDOWS\System32\services.exe [MD5.6A1212077C0559029CDFB9C39580C835] - [30/10/2015 07:44:45] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [36.38 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\svchost.exe [MD5.588454298D5160155B522C58EFD81DC4] - [24/05/2016 10:11:37] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1243.87 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\user32.dll [MD5.A878CF325C93723B5017642E6FDB80E8] - [30/10/2015 07:44:48] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [25.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\userinit.exe [MD5.C3063049D15E3C93194463E0A7F213A5] - [24/05/2016 10:11:25] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [188.19 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\Wininit.exe [MD5.4A618D1B1D6D46B2FE635A85A3B10F3E] - [24/05/2016 10:11:42] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [483 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\Winlogon.exe [MD5.0E423A5854E1265F3B6D27332601355F] - [13/02/2016 13:58:26] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [460.34 Ko] - (10.0.10586.3) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.845E9A40B9B3CAD20B5EE45A2A58EE11] - [30/10/2015 07:44:28] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [22.84 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.AFA52C71B2CDD9A6870039EAC6979E7A] - [30/10/2015 07:44:28] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [156.34 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.40FF3DCC427730779DDF301A0F9FC0E1] - [30/10/2015 07:45:01] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [73 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.568DF0072AD005D29D6E987698C8225A] - [30/10/2015 07:44:28] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [127.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.28ECC81557FDAA48B66F25CD543D9852] - [18/10/2016 11:14:00] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [111.5 Ko] - (10.0.10586.633) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.04586E770BC7949827AFE2249AB909E9] - [09/11/2016 11:47:57] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [66.5 Ko] - (10.0.10586.672) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.14DDBB0CBE11A736C089A4F2813A5EDF] - [30/10/2015 07:44:28] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [88.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.F97C1D68DE39952F880F98CFCE0DAF1A] - [30/10/2015 07:44:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [121.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.2BB107316C62E12D5B2E849C08FFCFA4] - [20/09/2016 11:37:34] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [372.84 Ko] - (10.0.10586.589) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.37256414284A0A85A3DDD3FB2A39874B] - [17/05/2016 11:43:56] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [900.84 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.17AB1FA87669F4B800578A54C03A96D6] - [23/06/2016 10:25:02] - (.© Microsoft Corporation. - MBT Transport driver.) - [206.5 Ko] - (10.0.10586.420) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.C195E7756F795F10338ECE0AD20B72D2] - [17/05/2016 11:43:56] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1777.84 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.B69B323395ABC1303EB9F69E9B8460F8] - [30/10/2015 07:44:28] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [79.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.D49CBC052916F95D184713CA6FC37C5C] - [17/05/2016 11:43:51] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [79 Ko] - (10.0.10586.122) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.288DA2E52BFE6A90937FF9A994FA56ED] - [30/10/2015 07:45:54] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [129.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.4469E64F0077CEA3A2BFE15602FDE471] - [20/09/2016 11:36:47] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1818.34 Ko] - (10.0.10586.589) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.1683BCB69B9950CD8C97865F3EC6781E] - [13/02/2016 13:58:26] - (.© Microsoft Corporation. - TDI Translation Driver.) - [92.84 Ko] - (10.0.10586.3) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.2E5522E831E616B37F06908B7B56C3B3] - [30/10/2015 07:44:28] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [341.34 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.AVAST Software s.r.o..-.Hook Library.) - (17.3.2.64257) -- C:\Program Files\AVAST Software\Avast\aswhookx.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\CoreUIComponents.dll (.AVAST Software.-.Avast Shell Extension.) - (17.3.3442.0) -- C:\Program Files\AVAST Software\Avast\ashShell.dll (.AVAST Software.-.Avast AAVM Remote Procedure Call Library.) - (17.3.3442.0) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll (.AVAST Software.-.Avast Logging Library.) - (17.3.3442.0) -- C:\Program Files\AVAST Software\Avast\log.dll (.Intel Corporation.-.LDDM User Mode Driver for Intel(R) Graphics Technology.) - (8.14.10.2697) -- C:\WINDOWS\SYSTEM32\igdumd32.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.VIA Technologies, Inc..-.VIA LFX/GFX DSP Component.) - (1.0.0.0) -- C:\WINDOWS\system32\VIASysFx.dll (.AVAST Software s.r.o..-.Hook Library.) - (17.3.2.64257) -- C:\Program Files\AVAST Software\Avast\aswhookx.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\System32\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\System32\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneNote 2007 - Capture d'écran et lancement - (OneNote 2007 - Capture d'écran et lancement.lnk [Startup]) - User: CLUBOUSTAOU-PC\CLUB OUSTAOU CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\...\Run]) - User: CLUBOUSTAOU-PC\CLUB OUSTAOU Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_2"=C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_2" [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 "DebugOptions"=2048 "Documents"= "DosPrint"=no "Load"= "NetMessage"=no "NullPort"=None "Programs"=com exe bat pif cmd "Device"=RICOH Aficio SP C242SF PCL 6,winspool,Ne00: [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [07/03/2017 11:33:33] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=1 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D16655D615B374 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Config.sys : FILES=40 ---------- | Tasks List Adobe Acrobat Update Task Adobe Flash Player Updater Avast Emergency Update CCleanerSkipUAC CreateChoiceProcessTask OneDrive Standalone Update Task v2 SafeZone scheduled Autoupdate 1490860804 User_Feed_Synchronization-{45E2904F-B521-4609-90B0-E0459DE87133} ---------- | Startings up registry ¦ Folder [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] : "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] : "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] : "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDVD8LanguageShortcut] : "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl8] : "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] : "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut] : "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePSTShortCut] : "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=SessionEnv CertPropSvc "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=62c4eeb2-ea77-4d67-8fca-780502d "GlassSessionId"=17 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "PendingFileRenameOperations"=\??\C:\Program Files\AVAST Software\Avast\setup\New_110308f3\aswOfferTool.exe \??\C:\Program Files\AVAST Software\Avast\setup\New_110308f3\avBugReport.exe \??\C:\Program Files\AVAST Software\Avast\setup\New_110308f3\AvDump32.exe \??\C:\Program Files\AVAST Software\Avast\setup\New_110308f3\AvDump64.exe \??\C:\Program Files\AVAST Software\Avast\setup\New_110308f3\HTMLayout.dll \??\C:\Program Files\AVAST Software\Avast\setup\New_110308f3\Instup.dll \??\C:\Program Files\AVAST Software\Avast\setup\New_110308f3\instup.exe \??\C:\Program Files\AVAST Software\Avast\setup\New_110308f3\ \??\C:\WINDOWS\system32\drivers\asw8E01.tmp \??\C:\WINDOWS\system32\drivers\asw8E40.tmp \??\C:\WINDOWS\system32\drivers\asw8E61.tmp \??\C:\WINDOWS\system32\drivers\asw8E71.tmp \??\C:\WINDOWS\system32\drivers\asw8E91.tmp \??\C:\WINDOWS\system32\drivers\asw8EA2.tmp \??\C:\WINDOWS\system32\drivers\asw8ED2.tmp \??\C:\WINDOWS\system32\drivers\asw8ED3.tmp \??\C:\WINDOWS\system32\drivers\asw8ED4.tmp \??\C:\WINDOWS\system32\drivers\asw8EE5.tmp \??\C:\WINDOWS\system32\drivers\asw8EE6.tmp \??\C:\WINDOWS\system32\drivers\asw8EE7.tmp \??\C:\WINDOWS\system32\drivers\asw8EF7.tmp \??\c:\program files\avast software\avast\aavm4h.dll.sum.149189733456202 !\??\c:\program files\avast software\avast\aavm4h.dll.sum \??\C:\Program Files\AVAST Software\SZBrowser\launcher.exe.1491897384.old \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Users\CLUBOU~1\AppData\Local\Temp\nsj5081.tmp\p\syschk.dll \??\C:\Users\CLUBOU~1\AppData\Local\Temp\nsj5081.tmp\p\ \??\C:\Users\CLUBOU~1\AppData\Local\Temp\nsj5081.tmp\ui\pfUI.dll \??\C:\Users\CLUBOU~1\AppData\Local\Temp\nsj5081.tmp\ui\res\lang-1036.dll \??\C:\Users\CLUBOU~1\AppData\Local\Temp\nsj5081.tmp\ui\res\Montserrat-Regular.otf \??\C:\Users\CLUBOU~1\AppData\Local\Temp\nsj5081.tmp\ui\res\ \??\C:\Users\CLUBOU~1\AppData\Local\Temp\nsj5081.tmp\ui\ \??\C:\Users\CLUBOU~1\AppData\Local\Temp\nsj5081.tmp\ \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\560c62f4-b9a7-4ca8-98d3-93a45bf3c8fc.cab \??\C:\Program Files\AVAST Software\Avast\560c62f4-b9a7-4ca8-98d3-93a45bf3c8fc \??\C:\Program Files\AVAST Software\Avast\560c62f4-b9a7-4ca8-98d3-93a45bf3c8fc\backup.exe \??\C:\Program Files\AVAST Software\Avast\560c62f4-b9a7-4ca8-98d3-93a45bf3c8fc\upgrade.exe \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\Mozilla Thunderbird\tobedeleted\moz9094.tmp \??\C:\Program Files\Mozilla Thunderbird\tobedeleted \??\C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Users\CLUBOU~1\AppData\Local\Temp\~nsu.tmp\Au_.exe \??\C:\Users\CLUBOU~1\AppData\Local\Temp\~nsu.tmp \??\C:\Users\CLUBOU~1\AppData\Local\Temp\~nsu.tmp\Au_.exe \??\C:\Users\CLUBOU~1\AppData\Local\Temp\~nsu.tmp \??\C:\Program Files\Mozilla Maintenance Service\ \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 \??\C:\Program Files\AVAST Software\Avast\setup\Reboot.txt \??\C:\Program Files\AVAST Software\Avast\setup \??\C:\Program Files\AVAST Software\Avast \??\C:\Program Files\AVAST Software \??\C:\Program Files \??\C:\WINDOWS\system32 [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=3 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Authentication Packages"=msv1_0 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 "enabledcom"=y "LsaPid"=652 "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "Wallpaper"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp [21/10/2010 09:22:58] "Win8DpiScaling"=0 "DpiScalingVer"=4096 "MaxVirtualDesktopDimension"=1680 "MaxMonitorDimension"=1680 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301003670200000040000B4020000B2610CCC4047CE0143003A005C00550073006500720073005C0043004C005500420020004F0055005300540041004F0055005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C0049006E007400650072006E006500740020004500780070006C006F007200650072005C0049006E007400650072006E006500740020004500780070006C006F007200650072002000570061006C006C00700061007000650072002E0062006D007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "PreferredUILanguages"=fr-FR "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoChangingWallpaper"=0 [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{871C5380-42A0-1069-A2EA-08002B30309D}"=0 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "EnableAutoTray"=0 "ShellState"=0x240000003828000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "TelemetrySalt"=4 "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309DA01C00007E54979F0946C542AE0C81C61FFAEBC39D3400006078A409B011A54DAFA526D86198A7809D1A0000403BF2FBF0E31B10848800AA003E56F85E8A00000114020000000000C000000000000046FD650000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "LastClockSize"=0x270000000F000000460000000F000000410000000F000000 "GlobalAssocChangedCounter"=248 "AppReadinessLogonComplete"=1 "FirstRunTelemetryComplete"=1 "link"=0x1E000000 "Browse For Folder Width"=347 "Browse For Folder Height"=336 [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=11 "DisablePreviewDesktop"=1 "TaskbarSizeMove"=0 ""=0 "ShowSuperHidden"=0 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "ReindexedProfile"=1 "ShowTaskViewButton"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "DisableRegistryTools"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"=0 "NoDrives"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=18 "SmartScreenEnabled"=RequireAdmin [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=10586 "FirstLogon"=0 "PUUActive"=0x1C24327E080002005800B000121A0400312B04005AF4B100D00000000F001700DEDA77BE837FB60096BC0700171D0200AFD60100C4500000000000008B750600F316000044030000DB2F1B3563BFD201 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "ShutdownStartTime"=131377771964869890 "UserSessionShutdownStopTime"=131357685755030611 "ShutdownFlags"=2147483687 "ShutdownWithoutLogon"=0 "DisableCad"=1 "Shell"=Explorer.exe "EnableFirstLogonAnimation"=1 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\System32\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""= [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"= [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [09/11/2016 11:47:44] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser ---------- | AppcompatFlags [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "SIGN.MEDIA=174BA2C AutoRun\AutoRun.exe"=1 "SIGN.MEDIA=6C8CE WORKS9\MSWorks\Install.exe"=1 "SIGN.MEDIA=230DE88 setup\Jeu de Belote 7.exe"=1 [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files\OpenOffice.org 3\program\swriter.exe"=0x534143500100000000000000070000002800000000A8040010DF040001000000000000000000010671220000A47A1198672ED201000000000000000002000000280000000000000000000000000000000000000000000000000000008C96B30000000000D8000000D8000000 "C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe"=0x534143500100000000000000070000002800000028050500D381050001000000000000000000000671020000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000A2840000000000000400000004000000 "C:\Program Files\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C0200DEDE020001000000010000000000000A71220000A47A1198672ED2010000000000000000 "C:\Program Files\Windows Mail\wab.exe"=0x534143500100000000000000070000002800000000DC0700B6C0080001000000010000000000000A71220000B6155014D612D1010000000000000000 "C:\Program Files\PhotoFiltre\PhotoFiltre.exe"=0x5341435001000000000000000700000028000000004E2B000000000001000000000000000000010661200000B6155014D612D10100000000000000000200000028000000000000000000000000000000000000000000000000000000052E0000000000000100000001000000 "C:\Program Files\OpenOffice.org 3\program\soffice.exe"=0x534143500100000000000000070000002800000000B6AC00B365AD0001000000000000000000010671220000A47A1198672ED20100000000000000000200000028000000000000000000001000000000000000000000000000000000ADAA1600000000000D0000000D000000 "C:\Program Files\Micro Application\Tarot et Belote Deluxe 2\Jeu de Belote\Belote.exe"=0x534143500100000000000000070000002800000000A83700CB4E380001000000000000000000010671220000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000CBDC3D00000000001100000011000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x534143500100000000000000070000002800000000EE0100504D020001000000000000000000020671020000A47A1198672ED20100000000000000000200000028000000000000000000001000000000000000000000000000000000BA030300000000000300000003000000 "C:\Program Files\OpenOffice.org 3\program\smath.exe"=0x534143500100000000000000070000002800000000A804002B25050001000000000000000000010671220000B6155014D612D1010000000000000000020000002800000000000000000000000000000000000000000000000000000063210000000000000200000002000000 "C:\Program Files\OpenOffice.org 3\program\simpress.exe"=0x534143500100000000000000070000002800000000A8040069F3040001000000000000000000010671220000A47A1198672ED201000000000000000002000000280000000000000000000000000000000000000000000000000000000C981000000000000500000005000000 "C:\Program Files\OpenOffice.org 3\program\scalc.exe"=0x534143500100000000000000070000002800000000A804001409050001000000000000000000010671220000B6155014D612D1010000000000000000020000002800000000000000000000000000000000000000000000000000000063850F00000000000200000002000000 "C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000E868170029A3170001000000000000000000010600010000B6155014D612D1010000000100000000 "C:\ProgramData\Adobe\ARM\S\1434\AdobeARMHelper.exe"=0x5341435001000000000000000700000028000000E86406004C55070001000000000000000000000A71220000B6155014D612D10100000000000000000200000028000000000000000000004000000000000000000000000000000000C1480000000000000100000001000000 "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D8A611006633120001000000000000000000000A71220000A47A1198672ED2010000000000000000020000002800000000000000000000000000000000000000000000000000000035CD4800000000000B0000000B000000 "C:\Program Files\Microsoft Office\Office12\EXCEL.EXE"=0x5341435001000000000000000700000028000000E0661801AEF1180101000000000000000000000A71220000A47A1198672ED2010000000100000000 "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE"=0x5341435001000000000000000700000028000000D8640600667B060001000000000000000000000A71220000A47A1198672ED2010000000100000000 "SIGN.IE=0EABF0 Itineraire-Info.exe"=0x5341435001000000000000000700000028000000F0AB0E0019150F0001000000000000000000030600010000B6155014D612D101000000000000000002000000280000000000000000000000000000000000000000000000000000003C9A0000000000000100000001000000 "C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C0723C01E3C13C0101000000000000000000000A00210000B6155014D612D1010000000100000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0840C001F250D0001000000010000000000000A00210000A47A1198672ED2010000000000000000 "C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D84A3801F9DF380101000000000000000000000A00210000A47A1198672ED2010000000100000000 "C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A00210000A47A1198672ED2010000000100000000 "C:\Users\CLUB OUSTAOU\Pictures\Disque local\3dd35423d6c7d3cea911404ba14e\MRT.exe"=0x5341435001000000000000000700000028000000C8573B028F383C0201000000000000000000010600210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000871B0000000000000100000001000000 "SIGN.MEDIA=18AD130 _____INFORMATIQUE\______Prog W XP, 7 et 8\Ccleaner 525\ccsetup526.exe"=0x5341435001000000000000000700000028000000B07B8600BFAE860001000000000000000000010600010000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000F3C02000000000000100000001000000 "SIGN.MEDIA=318FFB8 _____INFORMATIQUE\______Prog W XP, 7 et 8\MBAM 3 0\malwarebytes_3.0.exe"=0x5341435001000000000000000700000028000000B8FF1803D6E9190301000000000000000000000A00210000A47A1198672ED2010000000000000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D0937C00CB2C7D0001000000000000000000000A71220000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000C2641100000000000400000004000000 "SIGN.IE=08D5230 ccsetup527.exe"=0x534143500100000000000000070000002800000030528D00A9B48D0001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000233E1700000000000200000002000000 "SIGN.IE=08D84F0 ccsetup528.exe"=0x5341435001000000000000000700000028000000F0848D0037BB8D0001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000CC270D00000000000200000002000000 "SIGN.MEDIA=B8635E _____INFORMATIQUE\______Prog W XP, 7 et 8\sumatra 3 0\SumatraPDF-3.0-install.exe"=0x5341435001000000000000000700000028000000607445002EC7450001000000000000000000030600010000A47A1198672ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000057790000000000000100000001000000 "C:\Program Files\SumatraPDF\SumatraPDF.exe"=0x5341435001000000000000000700000028000000609A1600378D170001000000000000000000030600010000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000B7900000000000000300000003000000 "SIGN.MEDIA=16F1320 _____INFORMATIQUE\______Prog W XP, 7 et 8\Mozilla\thunberbird 45 7 1\Thunderbird Setup 45.7.1.exe"=0x5341435001000000000000000700000028000000B0F119022E0E1A0201000000000000000000010600010000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000AD0C0100000000000100000001000000 "SIGN.MEDIA=D0B4E8 _____INFORMATIQUE\______Prog W XP, 7 et 8\Photos\picasa\picasa39-setup.exe"=0x5341435001000000000000000700000028000000E8B4D0001318D10001000000000000000000030600010000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000D8950000000000000100000001000000 "C:\Program Files\Google\Picasa3\Picasa3.exe"=0x534143500100000000000000070000002800000048099B00A3279B0001000000000000000000000A71220000A47A1198672ED2010000000000000000020000002800000000000000000000000400000000000000000000000000000031330E00000000000B0000000B000000 "C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe"=0x534143500100000000000000070000002800000048594900FB354A0001000000000000000000000A71220000A47A1198672ED2010000000000000000020000002800000000000000000000000000000000000000000000000000000084190000000000000100000001000000 "SIGN.MEDIA=470470 _____INFORMATIQUE\______Prog W XP, 7 et 8\ADW Cleaner 6 043\adwcleaner_6.044.exe"=0x5341435001000000000000000700000028000000D0833D00422A3E0001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000C9B70300000000000100000001000000 "SIGN.MEDIA=27DC7828 _____INFORMATIQUE\prog W10\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000382000C221210001000000000000000000030600010000A47A1198672ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000052600300000000000100000001000000 "SIGN.MEDIA=27DC7828 _____INFORMATIQUE\prog W10\ZHPCleaner.exe"=0x534143500100000000000000070000002800000000461F00A10F200001000000000000000000030600010000A47A1198672ED201000000000000000002000000280000000000000000000040000000000000000000000000000000004F580700000000000100000001000000 "C:\Program Files\CCleaner\CCleaner.exe"=0x5341435001000000000000000700000028000000D82070005C5D700001000000000000000000000A00210000A47A1198672ED2010000000000000000020000002800000000000000000000000000000000000000000000000000000022020000000000000900000009000000 "SIGN.MEDIA=5F6C48 _____INFORMATIQUE\______Prog W XP, 7 et 8\Avast\avast_free_antivirus_setup_online.exe"=0x5341435001000000000000000700000028000000486C5F00A22B600001000000000000000000000A00210000A47A1198672ED201000000000000000002000000280000000000000000000040000000000000000000000000000000003DC90300000000000100000001000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000A8D28B0040148C0001000000000000000000000A00210000A47A1198672ED2010000000000000000 "SIGN.MEDIA=18E6B8 _____INFORMATIQUE\______Prog W XP, 7 et 8\JRT antimalware\JRT.exe"=0x5341435001000000000000000700000028000000B8E6180017AD190001000000000000000000010671020000A47A1198672ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000092780200000000000100000001000000 "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"=0x5341435001000000000000000700000028000000C87F07008E8B070001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000B7010300000000000400000004000000 "C:\Users\CLUB OUSTAOU\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A8692A0000932A0001000000000000000000000A00210000A47A1198672ED2010000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"=32 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] ""=@SYS:Software\Swearware\dump [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=130998394226283631 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0xF51BA8EF23B0D101 "DisableAntiSpyware"=1 "DisableAntiVirus"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.201.238] avec 32 octets de donn?es?: R?ponse de 216.58.201.238?: octets=32 temps=56 ms TTL=51 R?ponse de 216.58.201.238?: octets=32 temps=58 ms TTL=51 R?ponse de 216.58.201.238?: octets=32 temps=56 ms TTL=51 R?ponse de 216.58.201.238?: octets=32 temps=55 ms TTL=51 Statistiques Ping pour 216.58.201.238: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 55ms, Maximum = 58ms, Moyenne = 56ms ---------- | @ [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Cache_Update_Frequency"=Once_Per_Session "Local Page"=C:\Windows\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "NoUpdateCheck"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=https://www.google.fr/?gws_rd=ssl#cns=0&gws_rd=ssl "Start Page Redirect Cache AcceptLangs"=fr "NotifyDownloadComplete"=yes "FormSuggest PW Ask"=yes "IconCache"=8nfa6ib "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80010000E200000000040000C2020000 "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "StatusBarWeb"=1 "SearchControlWidth"=300 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "DisableRequiresActiveXPrompt"= "GotoIntranetSiteForSingleWordEntry"=0 "AutoSearch"=1 "SuppressScriptDebuggerDialog"=0 "PredictedViewExpansion"=100 "PredictedViewChangeThreshold"=10 "PredictedViewChangeThresholdPaint"=5 "ContentLayerCacheExpansion"=300 "RenderingLoopMaxTime"=250 "NscSingleExpand"=0 "Error Dlg Displayed On Every Error"=no "EnableSearchPane"=0 "AllowWindowReuse"=1 "Friendly http errors"=yes "CSS_Compat"=doctype "Expand Alt Text"=no "Display Inline Videos"=1 "Print_Background"=no "Use Stylesheets"=1 "SmoothScroll"=1 "Show image placeholders"=0 "Disable Diagnostics Mode"=no "Move System Caret"=no "Enable AutoImageResize"=yes "UseThemes"=1 "UseHR"=0 "Q300829"=0 "Cleanup HTCs"=0 "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "JScriptProfileCacheEventDelay"=5000 "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "IE10RunOnceLastShown"=1 "IE10RunOncePerInstallCompleted"=1 "IE10TourNoShow"=0 "IE10TourShown"=1 "IE10RecommendedSettingsNo"=0 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "HangRecovery"=1 "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "FrameShutdownDelay"=0 "Search Bar"=Preserve "MinIEEnabled"=1 "RefcountTracker"=0 "TabDragOnSingleProc"=0 "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF9D01000067000000790600003F030000 "IE10RunOnceCompletionTime"=0x75502F6F2D51D201 "IE10TourShownTime"=0xF5BA19A45FEBCE01 "DefSpellLang"=fr-FR "ImageStoreRandomFolder"=p09r9ne "IE10RunOnceLastShown_TIMESTAMP"=0x123B728B3127CF01 "DoNotTrack"=1 "DisableFirstRunCustomize"=3 "EdgeSwitchingOSBuildNumber"=10586.th2_release_sec.161024-1825 "Start Page_TIMESTAMP"=0x75408B9D2D30D201 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=0 "SecureProtocols"=2688 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ProxyHttp1.1"=1 "SyncMode5"=4 "WarnOnHTTPSToHTTPRedirect"=1 "WarnOnPostRedirect"=0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=IEUser@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "ZonesSecurityUpgrade"=0xD7EC3F7C8B02D201 "WarnonZoneCrossing"=0 "WarnonBadCertRecving"=1 "EnableAutodial"=0 "NoNetAutodial"=0 "BackgroundConnections"=1 "EnablePunycode"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE "Local Page"=C:\Windows\system32\blank.htm "Check_Associations"=yes "StatusBarWeb"=1 "SearchControlWidth"=300 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "GotoIntranetSiteForSingleWordEntry"=0 "AutoSearch"=1 "DEPOff"=0 "MaxRenderLine"=4000 "Use_DlgBox_Colors"=yes "Anchor Underline"=yes "Display Inline Images"=yes "Display Inline Videos"=1 "Play_Background_Sounds"=yes "Play_Animations"=yes "Print_Background"=0 "SmoothScroll"=1 "XMLHTTP"=1 "Show image placeholders"=0 "Disable Script Debugger"=yes "Disable Diagnostics Mode"=no "Enable AutoImageResize"=yes "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "IE10RunOnceLastShown"=0 "IE10RunOncePerInstallCompleted"=0 "IE10TourNoShow"=0 "IE10TourShown"=0 "IE10RecommendedSettingsNo"=0 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "HangRecovery"=1 "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "FrameShutdownDelay"=0 "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "DisableCachingOfSSLPages"=0 "UrlEncoding"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files "WarnOnPost"=0x01000000 "WarnonBadCertRecving"=1 "WarnOnPostRedirect"=0 "WarnOnZoneCrossing"=1 "WarnOnHTTPSToHTTPRedirect"=1 "SecureProtocols"=160 "EnableHttp1_1"=1 "ProxyHttp1.1"=1 "BackgroundConnections"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "SyncMode5"=4 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShell.dll [30/03/2017 09:54:03] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [30/10/2015 07:45:46] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= ---------- | Toolbar [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=21 [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={95B7759C-8C7F-4BF1-B163-73684A933233} "DownloadUpdates"=1 "Version"=5 "UpgradeTime"=0x75502F6F2D51D201 "KnownProvidersUpgradeTime"=0x75502F6F2D51D201 "ShowSearchSuggestionsInAddressGlobal"=1 "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () - [] ---------- | SearchScopes [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] - (AVG Secure Search) - https://mysearch.avg.com/search?cid={B21DFB82-FAC3-4BDC-9AE1-0DE38EA61873}&mid=e171a6cc121047cc86f9f186766849fe-ff5df86a9a3aecf12c42425fa59c8af4061a1559&lang=fr&ds=AVG&coid=avgtbavg&cmpid=0616avt&pr=fr&d=2016-06-09 10:48:51&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms} : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files\Java\jre6\bin\jp2ssv.dll [15/09/2010 06:20:48] ---------- | Chrome C:\Users\CLUB OUSTAOU\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\CLUB OUSTAOU\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\CLUB OUSTAOU\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\CLUB OUSTAOU\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\CLUB OUSTAOU\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\CLUB OUSTAOU\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\CLUB OUSTAOU\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\CLUB OUSTAOU\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\CLUB OUSTAOU\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] - (Picasa3 plugin) : C:\Program Files\Google\Picasa3\npPicasa3.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{66795875-586b-4444-8d09-eb500c3d8f7b}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{ea7ef748-c2e8-47bf-b1ea-cd4edb11b86b}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{66795875-586b-4444-8d09-eb500c3d8f7b}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ea7ef748-c2e8-47bf-b1ea-cd4edb11b86b}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~1\MICROS~2\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe] : "C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\SumatraPDF.exe] : "C:\Program Files\SumatraPDF\SumatraPDF.exe" "%1" %* [HKLM\SOFTWARE\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power BrokerInfrastructure LSM PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "iissvcs"=w3svc was ---------- | SvcHost - Netsvcs (Whitelist) wlidsvc - %SystemRoot%\system32\wlidsvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs NcaSvc - %SystemRoot%\System32\ncasvc.dll : %SystemRoot%\System32\svchost.exe -k NetSvcs DcpSvc - %SystemRoot%\system32\dcpsvc.dll : %SystemRoot%\System32\svchost.exe -k netsvcs dosvc - : %systemroot%\system32\svchost.exe -k netsvcs dmwappush - : XblGameSave - %SystemRoot%\System32\XblGameSave.dll : %SystemRoot%\system32\svchost.exe -k netsvcs DsmSvc - %SystemRoot%\System32\DeviceSetupManager.dll : %SystemRoot%\system32\svchost.exe -k netsvcs XblAuthManager - %SystemRoot%\System32\XblAuthManager.dll : %SystemRoot%\system32\svchost.exe -k netsvcs XboxNetApiSvc - %SystemRoot%\system32\XboxNetApiSvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs DmEnrollmentSvc - %systemroot%\system32\Windows.Internal.Management.dll : %systemroot%\system32\svchost.exe -k netsvcs RetailDemo - %SystemRoot%\system32\RDXService.dll : %SystemRoot%\System32\svchost.exe -k netsvcs UsoSvc - %systemroot%\system32\usocore.dll : %systemroot%\system32\svchost.exe -k netsvcs lfsvc - %SystemRoot%\System32\lfsvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs ---------- | Software [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Adobe] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\AppDataLow] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\AVAST Software] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Avg] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Avg Secure Update] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\CanonBJ] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Clients] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Cyberlink] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Google] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\HTS] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\INTEL] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\JavaSoft] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Lake] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Macromedia] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Malwarebytes] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Mozilla] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\MozillaPlugins] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Netscape] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\ODBC] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\OpenOffice.org] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\PhotoFiltre] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Piriform] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Policies] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\RegisteredApplications] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Sysinternals] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Thunderbird] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Adobe] [HKLM\Software\ASUS] [HKLM\Software\ATI Technologies] [HKLM\Software\AVAST Software] [HKLM\Software\Avg] [HKLM\Software\Avg Secure Update] [HKLM\Software\BrowserChoice] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\DivXNetworks] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\HTS] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Lake] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OpenOffice.org] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Sonic] [HKLM\Software\Sun Microsystems] [HKLM\Software\Swearware] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\Volatile] [HKLM\Software\wtu] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wswpnservice] ---------- | Drives E: [29/04/2017 22:06:48] - |A| - (.Copyright (C) 2013-2017 SosVirus Software - QuickDiag.) - [2779560] - (28.4.17.1) - E:\QuickDiag.exe ---------- | C: [26/01/2011 14:20:26] - |SHD| - [258] - C:\$RECYCLE.BIN [16/07/2016 19:44:46] - |HD| - [5001389383] - C:\$WINDOWS.~BT [18/10/2011 16:46:06] - |D| - [48324552] - C:\003c41b1aa8cab1ed9 [14/04/2015 14:39:20] - |D| - [48324552] - C:\003c41b1aa8cab1ed9 - Copie [10/03/2011 18:03:38] - |D| - [37943240] - C:\00898fd736c925daac [14/04/2011 12:01:10] - |D| - [39828936] - C:\014775bbd9e0c7c56552 [11/07/2013 17:05:54] - |D| - [75699896] - C:\0e82156449ebea9d0eec7dacf5f3d4 [14/04/2015 14:39:09] - |D| - [75699896] - C:\0e82156449ebea9d0eec7dacf5f3d4 - Copie [09/05/2012 15:37:13] - |D| - [55656824] - C:\221bea56be9efb8923c092 [11/01/2012 12:57:53] - |D| - [52128560] - C:\273252f9eb5188ef56cebd7c52f6143d [10/07/2014 16:55:42] - |D| - [93585272] - C:\2b90fad274b74340dfd4b6cb [14/04/2015 14:39:05] - |D| - [93585272] - C:\2b90fad274b74340dfd4b6cb - Copie [14/04/2015 14:39:14] - |D| - [93585272] - C:\2b90fad274b74340dfd4b6cb - Copie (2) [16/06/2011 16:45:46] - |D| - [47716296] - C:\365e018b0c103b45a3e30b088b1fda [11/06/2015 16:09:41] - |D| - [136900096] - C:\36c1c049c5cdf67f0eeb350bb79c3a [15/01/2014 12:48:10] - |D| - [83425928] - C:\375439bdc1d81eb9457d18f13e31e3ed [14/03/2013 17:36:34] - |D| - [69796088] - C:\3a07c40677c0263acd65c7 [14/04/2015 14:39:08] - |D| - [69796088] - C:\3a07c40677c0263acd65c7 - Copie [10/02/2011 12:41:14] - |D| - [37443528] - C:\3dd35423d6c7d3cea911404ba14e [13/09/2012 11:58:19] - |D| - [62164608] - C:\43079e38a0d867ad162c0fcb [16/10/2014 16:58:17] - |D| - [100290944] - C:\43a53055a79405511e788911 [11/10/2012 11:55:44] - |D| - [62968832] - C:\481adbb74e6ffbc364 [11/02/2015 14:39:42] - |D| - [113756392] - C:\4922ff9cff26b781fde5 [23/08/2011 11:18:58] - |D| - [52390856] - C:\552bef7e9061c82f5b97c9781ef7 [13/05/2015 16:08:39] - |D| - [137310008] - C:\55e539bd95c6fa8bcfdf5d4a8292 [12/11/2010 12:36:51] - |D| - [35758536] - C:\57e63d82fd9a4df272ce41faf6c811eb [19/02/2013 18:45:05] - |D| - [67823584] - C:\61cb8a91a8f2b3be9b42 [16/04/2015 12:00:27] - |D| - [125832184] - C:\66d402bd430535bc0178b513d79c6b [12/04/2012 16:55:55] - |D| - [55154568] - C:\6b5912598a2db5189504382b [17/07/2012 16:46:03] - |D| - [57442464] - C:\6c5102ace80bbaf57740e87d21 [10/01/2013 18:26:55] - |D| - [65273848] - C:\6d157f5074cbe2d3af2b21058f74 [20/09/2011 16:53:12] - |D| - [46249416] - C:\6e858a8e99fe229820640540ae551a [15/05/2014 17:02:05] - |D| - [90547776] - C:\7010249b83115c7a74 [12/06/2014 16:50:10] - |D| - [92708840] - C:\70b31d5485be2d69c9 [14/11/2013 18:02:39] - |D| - [80340640] - C:\7370fb12a95d24b534d99125 [19/08/2014 16:59:11] - |D| - [96303304] - C:\82c459d58b7dbe96eb85e7 [10/10/2013 17:03:37] - |D| - [78106760] - C:\83dda656f85dd9894f26097f [14/01/2015 13:40:17] - |D| - [110348472] - C:\86c6894c9f85ffd2dc89937cccea95 [13/11/2014 13:10:35] - |D| - [100445232] - C:\94e330aeff602fa0bf8fbd7bf0 [13/02/2014 18:00:16] - |D| - [85946576] - C:\98137c281024367175 [10/04/2013 16:28:35] - |D| - [70490256] - C:\995b2042f423384e3777 [15/04/2014 17:00:37] - |D| - [88028728] - C:\a76cc33e610b5c094b4dd1b016e0f9fa [12/09/2013 16:56:26] - |D| - [76725432] - C:\abf40d8da12b89155e5773d2 [30/03/2017 09:18:40] - |D| - [207224385] - C:\AdwCleaner [MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [14/07/2009 04:04:04] - |A| - (.-.) - [24] - (0.0.0.0) - C:\autoexec.bat [16/12/2014 18:03:20] - |D| - [109818608] - C:\b5ca18f9db70535469c9028b8e0e [11/12/2013 17:52:40] - |D| - [88123800] - C:\b7b4793aad3b30a232c3f098aeaea11f [19/07/2011 11:28:43] - |D| - [49089992] - C:\b88dcf8623a97036d6 [21/08/2012 16:00:08] - |D| - [59884088] - C:\bf0ac6528f2fce54f2871238318b0572 [18/03/2014 17:48:34] - |D| - [87350280] - C:\bf887d9b95506e1223ee9ac0262eb0a1 [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 08:22:14] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [27/08/2013 16:28:56] - |D| - [75778376] - C:\c8dfce353f9c441412 [17/05/2011 16:49:43] - |D| - [42829768] - C:\c94f8a135332e1430d0a [16/12/2011 12:12:48] - |D| - [52988224] - C:\c9f366d1c60d4c3bad40 [15/03/2012 12:05:53] - |D| - [54215544] - C:\cd25dc2d262f1944ee2428080562 [13/06/2013 11:55:18] - |D| - [73381792] - C:\ce1f70806d31d19f1a3d9bdce86b91 [11/09/2014 17:14:38] - |D| - [98758480] - C:\cfb852aa4d0bb94a5df8eb4cf4207acb [MD5.E5F58C88F13BD8267AEF2A48A68D9B3A] - [26/01/2011 14:20:54] - |A| - (.-.) - [5746] - (0.0.0.0) - C:\ComboFix.txt [17/05/2016 10:01:28] - |SHD| - [5963160] - C:\Config.Msi [MD5.ED4FC5980BD8B1AD869FF725C7776338] - [14/07/2009 04:04:04] - |A| - (.-.) - [10] - (0.0.0.0) - C:\config.sys [10/11/2011 12:19:13] - |D| - [50295240] - C:\d8ded6b55fb7320287 [MD5.6371604D5FF692BC91587A12B04B6229] - [01/04/2014 15:28:09] - |A| - (.-.) - [382] - (0.0.0.0) - C:\Disque amovible (E) - Raccourci (2).lnk [MD5.6371604D5FF692BC91587A12B04B6229] - [01/04/2014 15:28:11] - |A| - (.-.) - [382] - (0.0.0.0) - C:\Disque amovible (E) - Raccourci (3).lnk [MD5.6371604D5FF692BC91587A12B04B6229] - [02/10/2014 14:10:56] - |A| - (.-.) - [382] - (0.0.0.0) - C:\Disque amovible (E) - Raccourci (4).lnk [MD5.6371604D5FF692BC91587A12B04B6229] - [02/10/2014 14:10:59] - |A| - (.-.) - [382] - (0.0.0.0) - C:\Disque amovible (E) - Raccourci (5).lnk [MD5.3C5A70176D9ECF07DE4080626FFA1B0C] - [10/12/2013 16:28:10] - |A| - (.-.) - [382] - (0.0.0.0) - C:\Disque amovible (E) - Raccourci.lnk [14/07/2009 06:53:55] - |SHD| - [0] - C:\Documents and Settings [16/05/2013 16:58:34] - |D| - [72607752] - C:\e1b58450c2eda64f9632 [MD5.664F4EA9AF608E3DEE1012D7C8CBB7FE] - [16/01/2008 12:48:06] - |A| - (.-.) - [12246] - (0.0.0.0) - C:\eula.1036.txt [28/09/2011 15:36:10] - |D| - [47369160] - C:\f4924e5454cc8bb87ce92d0fac [13/01/2011 17:58:09] - |D| - [37403080] - C:\f98cdc174ade11c47243 [12/03/2015 13:10:00] - |D| - [119837696] - C:\fc05592e35e94e25b2b9c596f9 [21/02/2012 12:15:20] - |D| - [52550552] - C:\fc46f8add308c7cc49a0df2f46 [16/12/2010 18:49:19] - |D| - [37366216] - C:\fe745291117565e34316e4d4bcbdee [14/06/2012 11:09:13] - |D| - [56731752] - C:\fe7ec8b5cd6bf95a1b3b68c4d7923b [MD5.0A6B586FABD072BD7382B5E24194EAC7] - [16/01/2008 12:48:06] - |A| - (.-.) - [1110] - (0.0.0.0) - C:\globdata.ini [MD5.D41D8CD98F00B204E9800998ECF8427E] - [20/10/2010 09:15:46] - |ASH| - (.-.) - [1602883584] - (0.0.0.0) - C:\hiberfil.sys [17/05/2016 11:38:03] - |D| - [315605] - C:\inetpub [MD5.520A6D1CBCC9CF642C625FE814C93C58] - [16/01/2008 12:48:06] - |A| - (.© Microsoft Corporation. - External Installer.) - [562688] - (9.0.21022.8) - C:\install.exe [MD5.0DA9AB4977F3E7BA8C65734DF42FDAB6] - [16/01/2008 12:48:14] - |A| - (.-.) - [843] - (0.0.0.0) - C:\install.ini [MD5.C67D13C8542F3620505C7E1CBECF7343] - [16/01/2008 12:52:54] - |A| - (.© Microsoft Corporation. Tous droits réservés. - UI Wrapper Resource DLL.) - [97296] - (9.0.21022.8) - C:\install.res.1036.dll [13/02/2016 14:18:33] - |D| - [16285696] - C:\Logs [20/10/2010 11:13:53] - |RD| - [363262492] - C:\MSOCache [MD5.D41D8CD98F00B204E9800998ECF8427E] - [20/10/2010 09:15:46] - |ASH| - (.-.) - [2147483648] - (0.0.0.0) - C:\pagefile.sys [30/10/2015 07:48:44] - |D| - [0] - C:\PerfLogs [30/10/2015 07:13:31] - |RD| - [4893772974] - C:\Program Files [30/10/2015 07:48:44] - |HD| - [1680563828] - C:\ProgramData [26/01/2011 14:12:48] - |D| - [1878452] - C:\Qoobox [02/05/2017 09:41:25] - |D| - [262186] - C:\QuickDiag [MD5.D1FC8BBFEB56F0A32D0C26FBD7DE67BE] - [02/05/2017 09:42:27] - |A| - (.-.) - [125251] - (0.0.0.0) - C:\QuickDiag.txt [17/05/2016 11:11:54] - |SHD| - [0] - C:\Recovery [24/09/2013 11:28:11] - |D| - [0] - C:\scanner [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/05/2016 10:49:45] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [20/10/2010 09:15:45] - |SHD| - [9512020] - C:\System Volume Information [30/10/2015 07:13:31] - |RD| - [3507699467] - C:\Users [MD5.06FBA95313F26E300917C6CEA4480890] - [16/01/2008 12:48:06] - |A| - (.-.) - [5686] - (0.0.0.0) - C:\vcredist.bmp [MD5.BFDE87FD4E98C603DE98A39D60A777A6] - [16/01/2008 12:58:54] - |A| - (.-.) - [1442522] - (0.0.0.0) - C:\VC_RED.cab [MD5.0640E3CBC3135286F81870976A42B99F] - [16/01/2008 13:00:56] - |A| - (.-.) - [233984] - (0.0.0.0) - C:\VC_RED.MSI [30/10/2015 07:13:31] - |D| - [15193751610] - C:\Windows [28/02/2017 11:57:34] - |D| - [81408] - C:\y_Les_Amis_de_la_Hume [24/09/2013 11:25:40] - |D| - [1526247] - C:\z58850fr [28/02/2017 11:30:29] - |D| - [187395221] - C:\_ACTIVITES_REGULIERES [28/02/2017 12:13:07] - |D| - [50852824] - C:\_ADMINISTRATION [28/02/2017 11:35:44] - |D| - [1122748506] - C:\_SORTIES_VOYAGES [28/02/2017 11:36:28] - |D| - [8400794917] - C:\_z_ARCHIVES [02/03/2017 12:07:31] - |D| - [2321199120] - C:\_z_Robert ---------- | C:\WINDOWS [30/10/2015 07:48:44] - |D| - [802] - C:\WINDOWS\addins [30/10/2015 07:48:44] - |D| - [21308411] - C:\WINDOWS\AppCompat [30/10/2015 07:48:44] - |D| - [11071358] - C:\WINDOWS\apppatch [30/10/2015 07:48:44] - |D| - [0] - C:\WINDOWS\AppReadiness [30/10/2015 07:48:44] - |RD| - [691856246] - C:\WINDOWS\assembly [30/10/2015 07:48:44] - |D| - [241412] - C:\WINDOWS\bcastdvr [MD5.D2299ABD1F2E56A845EB8DD796B17B16] - [30/10/2015 07:44:44] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [54272] - (10.0.10586.0) - C:\WINDOWS\bfsvc.exe [30/10/2015 07:48:44] - |D| - [32229358] - C:\WINDOWS\Boot [MD5.37ED9C82DCCDE9D568DF81A1548180A1] - [13/02/2016 14:12:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [30/10/2015 07:48:45] - |D| - [2378296] - C:\WINDOWS\Branding [30/10/2015 07:39:41] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.B70060D4A41CCB3044A06648C78C2F72] - [13/02/2016 14:06:01] - |A| - (.-.) - [15869] - (0.0.0.0) - C:\WINDOWS\Core.xml [30/10/2015 07:48:45] - |D| - [8970858] - C:\WINDOWS\Cursors [30/10/2015 07:48:45] - |D| - [0] - C:\WINDOWS\debug [30/10/2015 07:48:45] - |RD| - [20934] - C:\WINDOWS\DesktopTileResources [30/10/2015 07:48:45] - |RD| - [2410104] - C:\WINDOWS\DevicesFlow [MD5.EF786CCAF3C1478A8E01411D928AB91C] - [17/05/2016 10:20:10] - |A| - (.-.) - [10447] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [30/10/2015 07:48:45] - |D| - [4213784] - C:\WINDOWS\diagnostics [MD5.692CA5EBC9E0CEF0A8D0BE4DF7400CEE] - [17/05/2016 10:20:10] - |A| - (.-.) - [9528] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [13/02/2016 13:56:18] - |D| - [0] - C:\WINDOWS\DigitalLocker [30/10/2015 07:48:45] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [14/07/2009 11:00:40] - |D| - [0] - C:\WINDOWS\ehome [30/10/2015 07:48:45] - |HD| - [37400] - C:\WINDOWS\ELAMBKUP [13/02/2016 13:56:18] - |D| - [0] - C:\WINDOWS\en-US [26/01/2011 14:16:01] - |D| - [88750002] - C:\WINDOWS\ERDNT [MD5.9093B6600C625A903CBC481E8A9D49B2] - [09/11/2016 11:46:04] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4074160] - (10.0.10586.672) - C:\WINDOWS\explorer.exe [30/10/2015 07:48:45] - |RSD| - [401266282] - C:\WINDOWS\Fonts [13/02/2016 13:56:18] - |D| - [134144] - C:\WINDOWS\fr-FR [30/10/2015 07:48:45] - |D| - [25770716] - C:\WINDOWS\Globalization [MD5.9E05A9C264C8A908A8E79450FCBFF047] - [26/01/2011 14:16:59] - |A| - (.-.) - [80412] - (0.0.0.0) - C:\WINDOWS\grep.exe [30/10/2015 07:48:45] - |D| - [1589372] - C:\WINDOWS\Help [MD5.6E9D72E4780C98C1293EF6C83557E51C] - [09/11/2016 11:46:49] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [898048] - (10.0.10586.672) - C:\WINDOWS\HelpPane.exe [MD5.035C7A8E4AA4A1E45CA48808A00EA43F] - [30/10/2015 07:44:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16384] - (10.0.10586.0) - C:\WINDOWS\hh.exe [30/10/2015 07:48:45] - |D| - [173194846] - C:\WINDOWS\IME [30/10/2015 07:48:45] - |RD| - [5499853] - C:\WINDOWS\ImmersiveControlPanel [30/10/2015 07:47:12] - |D| - [152104193] - C:\WINDOWS\INF [30/10/2015 07:48:45] - |D| - [724156576] - C:\WINDOWS\InfusedApps [30/10/2015 07:48:45] - |D| - [36258450] - C:\WINDOWS\InputMethod [30/10/2015 07:48:45] - |SHD| - [3756206963] - C:\WINDOWS\Installer [30/10/2015 07:48:45] - |D| - [89407] - C:\WINDOWS\L2Schemas [30/10/2015 07:48:45] - |D| - [0] - C:\WINDOWS\LiveKernelReports [30/10/2015 07:15:20] - |D| - [21492865] - C:\WINDOWS\Logs [MD5.9DAA7218961710008D7385B01BD3F386] - [26/01/2011 14:16:59] - |A| - (.-.) - [89088] - (0.0.0.0) - C:\WINDOWS\MBR.exe [30/10/2015 07:48:45] - |RSD| - [27636877] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [30/10/2015 07:44:38] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [30/10/2015 07:48:44] - |D| - [440915857] - C:\WINDOWS\Microsoft.NET [30/10/2015 07:48:45] - |D| - [2371] - C:\WINDOWS\Migration [30/10/2015 07:48:45] - |RD| - [418548] - C:\WINDOWS\MiracastView [30/10/2015 07:48:45] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:04:57] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\WINDOWS\msdfmap.ini [MD5.AE72E8619CB31D84DA25E2435E55003C] - [26/01/2011 14:16:59] - |A| - (.Copyright © 2003 - 2009 Nir Sofer - NirCmd.) - [31232] - (2.3.5.189) - C:\WINDOWS\NIRCMD.exe [MD5.49228AA189B65A13F12DD2C6F358CB09] - [20/09/2016 11:36:36] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [232448] - (10.0.10586.589) - C:\WINDOWS\notepad.exe [13/02/2016 13:59:13] - |D| - [418530] - C:\WINDOWS\OCR [30/10/2015 07:48:45] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [17/05/2016 11:48:52] - |DC| - [89866466] - C:\WINDOWS\Panther [29/08/2016 11:18:39] - |D| - [0] - C:\WINDOWS\PCHEALTH [30/10/2015 07:48:45] - |D| - [29271184] - C:\WINDOWS\Performance [MD5.F1FBA6185A6A2BC6456970914875078E] - [26/01/2011 14:16:59] - |A| - (.-.) - [256512] - (0.0.0.0) - C:\WINDOWS\PEV.exe [03/11/2011 16:41:06] - |HD| - [0] - C:\WINDOWS\PIF [30/10/2015 07:48:45] - |D| - [1136442] - C:\WINDOWS\PLA [30/10/2015 07:48:45] - |D| - [2566182] - C:\WINDOWS\PolicyDefinitions [17/05/2016 10:50:45] - |D| - [16725869] - C:\WINDOWS\Prefetch [30/10/2015 07:48:45] - |RD| - [1591051] - C:\WINDOWS\PrintDialog [30/10/2015 07:48:45] - |D| - [1298663] - C:\WINDOWS\Provisioning [30/10/2015 07:48:45] - |RD| - [650378] - C:\WINDOWS\PurchaseDialog [MD5.549091491F3FBD2859372F789242B9D2] - [30/10/2015 07:44:45] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [300032] - (10.0.10586.0) - C:\WINDOWS\regedit.exe [30/10/2015 07:48:45] - |D| - [1092288] - C:\WINDOWS\Registration [30/10/2015 07:48:45] - |D| - [6774012] - C:\WINDOWS\rescache [30/10/2015 07:48:45] - |D| - [3729539] - C:\WINDOWS\Resources [30/10/2015 07:48:45] - |D| - [0] - C:\WINDOWS\SchCache [30/10/2015 07:48:45] - |D| - [121229] - C:\WINDOWS\schemas [30/10/2015 07:48:45] - |D| - [6742016] - C:\WINDOWS\security [MD5.2B657A67AEBB84AEA5632C53E61E23BF] - [26/01/2011 14:16:59] - |A| - (.-.) - [98816] - (0.0.0.0) - C:\WINDOWS\sed.exe [13/02/2016 14:11:04] - |D| - [76456756] - C:\WINDOWS\ServiceProfiles [30/10/2015 07:13:31] - |D| - [85633739] - C:\WINDOWS\servicing [30/10/2015 07:50:08] - |D| - [42] - C:\WINDOWS\Setup [MD5.30A6A82F590F95F7089A88BE85A7FD21] - [18/04/2017 11:14:39] - |A| - (.-.) - [3112] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [18/04/2017 11:14:39] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [13/02/2016 14:05:26] - |D| - [37403] - C:\WINDOWS\ShellNew [13/02/2016 13:58:48] - |D| - [6828144] - C:\WINDOWS\SKB [20/10/2010 09:29:05] - |D| - [196565295] - C:\WINDOWS\SoftwareDistribution [30/10/2015 07:48:45] - |D| - [103547851] - C:\WINDOWS\Speech [30/10/2015 07:48:45] - |D| - [50814701] - C:\WINDOWS\Speech_OneCore [MD5.12431297FC2A420A47C367996ADB299F] - [30/10/2015 07:45:02] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [111616] - (10.0.10586.0) - C:\WINDOWS\splwow64.exe [20/03/2012 17:11:48] - |D| - [0] - C:\WINDOWS\Sun [MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - [26/01/2011 14:16:59] - |A| - (.Copyright © Frank Staal 1999-2008 - Freeware implementation of REG.EXE.) - [161792] - (3.0.0.0) - C:\WINDOWS\SWREG.exe [MD5.B7517DB073B28F5696A1E5528ABEB5D0] - [26/01/2011 14:16:59] - |A| - (.Copyright © Frank Staal 1999-2006 - Freeware implementation of SC.EXE.) - [136704] - (2.0.0.5) - C:\WINDOWS\SWSC.exe [MD5.B1A9CF0B6F80611D31987C247EC630B4] - [26/01/2011 14:16:38] - |A| - (.Copyright © Frank Staal 1999-2006 - Freeware implementation of XCACLS.) - [212480] - (1.0.1.1) - C:\WINDOWS\SWXCACLS.exe [30/10/2015 07:48:45] - |D| - [607151] - C:\WINDOWS\System [MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - [14/07/2009 04:04:23] - |A| - (.-.) - [215] - (0.0.0.0) - C:\WINDOWS\system.ini [30/10/2015 07:13:31] - |D| - [3224363916] - C:\WINDOWS\System32 [30/10/2015 07:48:45] - |D| - [122229949] - C:\WINDOWS\SystemApps [30/10/2015 07:48:45] - |D| - [18175989] - C:\WINDOWS\SystemResources [30/10/2015 07:48:45] - |D| - [0] - C:\WINDOWS\TAPI [14/07/2009 04:37:09] - |D| - [1008] - C:\WINDOWS\Tasks [30/10/2015 07:48:45] - |D| - [153944] - C:\WINDOWS\Temp [30/10/2015 07:48:45] - |D| - [0] - C:\WINDOWS\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [30/10/2015 07:45:46] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\WINDOWS\twain.dll [30/10/2015 07:48:45] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.669A44C0BCA67D8CDE111F7FBA91EE86] - [30/10/2015 07:45:46] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [60416] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [30/10/2015 07:45:46] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\WINDOWS\twunk_16.exe [MD5.CFF7299BDBD452EF05A9F95FFCB9D6F4] - [30/10/2015 07:45:46] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [33280] - (1.7.1.0) - C:\WINDOWS\twunk_32.exe [MD5.015B30309491A911E75748AD69C9E680] - [30/03/2017 09:54:24] - |A| - (.© Microsoft Corporation. - Microsoft® C Runtime Library.) - [921280] - (10.0.10586.212) - C:\WINDOWS\ucrtbase.dll [30/10/2015 07:48:45] - |D| - [12420] - C:\WINDOWS\Vss [30/10/2015 07:48:45] - |D| - [15729830] - C:\WINDOWS\Web [MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 04:04:23] - |A| - (.-.) - [403] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [30/10/2015 07:45:02] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [18/04/2017 10:04:50] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.9A355B75137E8A5F3C384C999CC6DBBC] - [30/10/2015 07:45:45] - |A| - (.Copyright © Microsoft Corp. 1981-1996 - Windows Win16 Application Launcher.) - [8960] - (3.10.0.103) - C:\WINDOWS\winhelp.exe [MD5.8C459D003560EA9817F7CDB29AA55382] - [30/10/2015 07:44:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.10586.0) - C:\WINDOWS\winhlp32.exe [30/10/2015 07:13:31] - |D| - [4491894570] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [30/10/2015 07:45:11] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.62AFF90784F1EBCD8295CE9E8F1AEA3C] - [30/10/2015 07:45:06] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (10.0.10586.0) - C:\WINDOWS\write.exe [MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - [26/01/2011 14:16:59] - |A| - (.-.) - [68096] - (0.0.0.0) - C:\WINDOWS\zip.exe [MD5.B317B33694BAC49D492DD3F23E374899] - [30/10/2015 07:45:45] - |A| - (.-.) - [707] - (0.0.0.0) - C:\WINDOWS\_default.pif ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System [30/10/2015 07:45:45] - |A| - [69584] - C:\WINDOWS\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL) [30/10/2015 07:45:45] - |A| - [109456] - C:\WINDOWS\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\lzexpand.dll (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [73376] - C:\WINDOWS\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI) [30/10/2015 07:45:45] - |A| - [25264] - C:\WINDOWS\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer) [30/10/2015 07:45:45] - |A| - [28160] - C:\WINDOWS\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [126912] - C:\WINDOWS\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\olecli.dll (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\OLESVR.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\stdole.tlb (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\ver.dll (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [30/10/2015 07:45:45] - |A| - [8960] - C:\WINDOWS\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [20/10/2010 10:07:18] - C:\WINDOWS\Installer\1bd53e.msi : (Java(TM) SE Runtime Environment 6.0 - Sun Microsystems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/05/2010 14:12:46] - C:\WINDOWS\Installer\1bd548.msi : (OpenOffice.org 3.2 - OpenOffice.org) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2009 09:08:52] - C:\WINDOWS\Installer\27cd5.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2009 09:14:38] - C:\WINDOWS\Installer\27cdb.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2009 03:58:32] - C:\WINDOWS\Installer\27ce6.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2009 09:23:10] - C:\WINDOWS\Installer\27cef.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/03/2017 11:55:23] - C:\WINDOWS\Installer\293bfbc0.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2016 11:11:10] - C:\WINDOWS\Installer\4749104.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2012 05:48:11] - C:\WINDOWS\Installer\4e00a.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/10/2010 11:23:42] - C:\WINDOWS\Installer\4edb9.msi : (Additional Font and Media Support - The J2SE Runtime Environment with European languages. This requires [Core]MB on your hard drive.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/07/2015 10:34:44] - C:\WINDOWS\Installer\e9225.msi : (Visual Studio 2012 x86 Redistributables - AVG Technologies CZ, s.r.o.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [30/10/2015 07:45:11] - [3458] - C:\WINDOWS\System32\ieuinit.inf [17/05/2016 10:54:02] - [2085388] - C:\WINDOWS\System32\PerfStringBackup.INI [30/10/2015 07:45:02] - [60124] - C:\WINDOWS\System32\tcpmon.ini [30/10/2015 07:44:41] - [2269] - C:\WINDOWS\System32\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [02/05/2017 09:42:10] - (.-.) - [18.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.47sh25snr86h7qyv5x956vupc.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [02/05/2017 09:42:13] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.79aos8mwgzsbx7dq9w8_dspmb.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [02/05/2017 09:42:10] - (.-.) - [74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.99ofwjvuhq34o5faior59mgqc.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [02/05/2017 09:42:10] - (.-.) - [14.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.ehtwzbgzflx4r0zzkfhfzhfyf.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [02/05/2017 09:42:10] - (.-.) - [10.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.niqs9zw84prteokzdaq7khhdh.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [02/05/2017 09:42:13] - (.-.) - [10.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.qtg4ebj7ui4xx3bukdaenw51.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [02/05/2017 09:42:13] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX._fveag5m9hn9xsvlqfmhg1xbd.tmp [MD5.00000000000000000000000000000000] - |D| - [18/04/2017 10:03:11] - [0.41 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/04/2017 13:59:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.596_0SZBrowser_autoupdate.download.lock [MD5.00000000000000000000000000000000] - |D| - [30/03/2017 09:59:45] - [20.24 Ko] - C:\WINDOWS\Temp\SafeZone Installer [MD5.00000000000000000000000000000000] - |D| - [30/03/2017 09:55:06] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [13/02/2016 13:56:18] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 10:39:38] - [0 Ko] - C:\WINDOWS\System32\040C [MD5.726EA6986AAEE973CC0E56BCE61F7666] - |AH| - [14/07/2009 06:34:15] - (.-.) - [22.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [MD5.726EA6986AAEE973CC0E56BCE61F7666] - |AH| - [14/07/2009 06:34:15] - (.-.) - [22.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [30/10/2015 07:45:05] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [30/10/2015 07:45:04] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [30/10/2015 07:44:37] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:15:20] - [2203.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.104B5349ABBA7E990B43E8E835045415] - |A| - [09/11/2016 11:47:08] - (.-.) - [435.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [7594.83 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [269 Ko] - C:\WINDOWS\System32\ar-SA [MD5.F4E1C590A8E4D41A4D1F2FBA86E4283A] - |A| - [11/04/2017 09:55:15] - (.Copyright (c) 2014 AVAST Software - Avast start-up scanner.) - [322.52 Ko] - (17.3.3443.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.30475F091008E24550523515A023270D] - |A| - [30/10/2015 07:48:48] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\autoexec.nt [MD5.D638E3AD81E149A75EEF59E9C743E27C] - |A| - [30/10/2015 07:48:48] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AutoWorkplace.exe.config [MD5.00000000000000000000000000000000] - |D| - [17/05/2016 11:38:03] - [84.19 Ko] - C:\WINDOWS\System32\BestPractices [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [244 Ko] - C:\WINDOWS\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [3647.16 Ko] - C:\WINDOWS\System32\Boot [MD5.9D17169DC00F9E577F230A09C67067E8] - |A| - [30/10/2015 07:44:38] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [73 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:13:31] - [37615.18 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [44422.32 Ko] - C:\WINDOWS\System32\catroot2 [MD5.30B1229BBD7CB638841904B17CBF5B35] - |A| - [30/08/2011 07:07:18] - (.Copyright CANON INC. 2008 All Rights Reserved - Canon Inkjet Printer Driver.) - [212.5 Ko] - (0.3.1536.1) - C:\WINDOWS\System32\CNBLM4.DLL [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [1715.22 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [320.5 Ko] - C:\WINDOWS\System32\Com [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:13:31] - [302741.9 Ko] - C:\WINDOWS\System32\config [MD5.01C47C2ECED034EF6F8C1552A97CFF00] - |A| - [30/10/2015 07:48:48] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\config.nt [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 07:48:45] - [48.78 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [490.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [484.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [522 Ko] - C:\WINDOWS\System32\de-DE [MD5.A81E865297800BBBF2AF842A740B8828] - |A| - [23/06/2015 15:52:44] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\debug.log [MD5.306B90493D00011EB635E161C6C024B8] - |A| - [30/10/2015 07:44:52] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [30/10/2015 07:48:48] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.27CADAE7E69FEEE773EA55108A8F9F47] - |A| - [20/10/2010 10:07:37] - (.Copyright © 2010 - Java(TM) Platform SE binary.) - [461.73 Ko] - (6.0.220.4) - C:\WINDOWS\System32\deployJava1.dll [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 07:48:45] - [412.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.F938469DAF278EE42E32CE2ED5400172] - |A| - [30/10/2015 07:44:43] - (.-.) - [90.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:13:35] - [5852.25 Ko] - C:\WINDOWS\System32\Dism [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:13:35] - [1120.09 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:23] - [61610.63 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:13:31] - [514803 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 07:48:45] - [148.5 Ko] - C:\WINDOWS\System32\dsc [MD5.28CDC073E235F024FF7EEA5D89B8871E] - |A| - [22/06/2015 02:49:50] - (.(c) VIA Technologies, Inc. - DTS Surround Sensation Control Page.) - [89.15 Ko] - (1.0.0.1) - C:\WINDOWS\System32\Dts2PropPageExt.dll [MD5.7F4A0A16B88A6B46744BAF82D8C6C785] - |A| - [30/10/2015 07:44:48] - (.-.) - [166.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EditionUpgradeHelper.dll [MD5.0E9405AB876EF56E3D5AB0DD46C1BD71] - |A| - [22/06/2015 02:51:24] - (.©2011 Dolby Laboratories. - Dolby PCEE4 ASL Analog x86.) - [96.31 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EEA32A.dll [MD5.E89EDF7B1893549B3E23ED6E0F13BF07] - |A| - [22/06/2015 02:51:24] - (.©2011 Dolby Laboratories. - Dolby PCEE4 ASL HDMI x86.) - [96.31 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EEA32H.dll [MD5.F4444E6ED3782574DA7359832A43697D] - |A| - [22/06/2015 02:51:24] - (.©2011 Dolby Laboratories. - Dolby PCEE4 COM DLL x86.) - [354.49 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EED32A.dll [MD5.8B5C216DCF2F45876973A8133B9BB03D] - |A| - [22/06/2015 02:51:24] - (.©2011 Dolby Laboratories. - Dolby PCEE4 HDMI COM DLL x86.) - [354.49 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EED32H.dll [MD5.5AE80ADDC9326DA6BB30C9845F908F3B] - |A| - [22/06/2015 02:51:24] - (.©2011 Dolby Laboratories. - Dolby PCEE4 GFX APO x86.) - [70.1 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EEG32A.dll [MD5.179CB14236FEE1AD3E717D17C881145F] - |A| - [22/06/2015 02:51:24] - (.©2011 Dolby Laboratories. - Dolby PCEE4 HDMI GFX APO x86.) - [70.1 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EEG32H.dll [MD5.83274E26570F3F950324405851743DAB] - |A| - [22/06/2015 02:51:24] - (.©2011 Dolby Laboratories. - Dolby PCEE4 LFX APO x86.) - [110.99 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EEL32A.dll [MD5.DC48C000F3CD2ECA033FEEF9EB1963BB] - |A| - [22/06/2015 02:51:24] - (.©2011 Dolby Laboratories. - Dolby PCEE4 HDMI LFX APO x86.) - [110.98 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EEL32H.dll [MD5.F61FB272F329AA53934C92BB5728D798] - |A| - [22/06/2015 02:51:26] - (.©2011 Dolby Laboratories. - Dolby PCEE4 Control Panel x86.) - [7064 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EEP32A.dll [MD5.047D6EB205F0C66455FD4B233666ABD7] - |A| - [22/06/2015 02:51:26] - (.©2011 Dolby Laboratories. - Dolby PCEE4 HDMI Control Panel x86.) - [7064 Ko] - (7.2.7000.11) - C:\WINDOWS\System32\EEP32H.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [519.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.0FA0D30065D3F4E30D0CC3988465E29F] - |A| - [17/05/2016 11:07:55] - (.-.) - [21.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [13/02/2016 13:56:19] - [5 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [233.5 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [2509.59 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [513.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [254 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [228 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [06/01/2012 10:09:14] - [153.5 Ko] - C:\WINDOWS\System32\EventProviders [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 07:48:45] - [22008.81 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [489 Ko] - C:\WINDOWS\System32\fi-FI [MD5.52F9FA83313E288614CB2A1984D41F7B] - |A| - [13/02/2016 05:11:41] - (.-.) - [251.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [13/02/2016 13:56:19] - [3393.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [260 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [44380.57 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.0FEE8DB559981D7F06E26042ECD8D671] - |A| - [30/10/2015 07:44:37] - (.-.) - [73.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.BC64E80594F6B47C6619CA30EA459EAF] - |A| - [26/11/2012 15:29:08] - (.-.) - [36.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GFE6AM.DLL [MD5.8787CA206DF4E6B2B0F559284A6DB6A8] - |A| - [13/10/2015 12:24:00] - (.© 2004-2011 Google Inc. - Google Photos Screensaver.) - [4480 Ko] - (3.9.141.259) - C:\WINDOWS\System32\GPhotos.scr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:37:08] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:37:08] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [257 Ko] - C:\WINDOWS\System32\he-IL [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [237 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [494 Ko] - C:\WINDOWS\System32\hu-HU [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.394B26364B21B65151153631DDEBC0D5] - |A| - [20/10/2010 09:37:40] - (.Copyright 2005 - igfxtvcx Module.) - [137 Ko] - (1.0.0.1) - C:\WINDOWS\System32\igfxtvcx.dll [MD5.99AF886F548DFA1AEC9868A8BF0F74FC] - |A| - [23/03/2012 03:57:22] - (.-.) - [1876.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa32.cpa [MD5.7FEF5563D091D8A44B96DD4EBE0350AA] - |A| - [23/03/2012 03:57:22] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa32.vp [MD5.A16E966DEBE65033E703CA9514753E11] - |A| - [23/03/2012 03:57:22] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc32.vp [MD5.251D22DE1DF611739E4D0C7BAB2E80D6] - |A| - [23/03/2012 03:57:22] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg32.vp [MD5.CB4DCAF11675F52D39035BCEE14ABA77] - |A| - [23/03/2012 03:57:22] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo32.vp [MD5.01645F7BA5FD57B9A02B9188FB5A67EF] - |A| - [23/03/2012 05:20:26] - (.-.) - [38.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs32.vp [MD5.1B24EC543ADEA0AFB520B4F104134CBB] - |A| - [20/10/2010 09:31:13] - (.Copyright © 2009 - Intel® Graphics Media Accelerator Driver installer.) - [978.52 Ko] - (1.1.33.0) - C:\WINDOWS\System32\igxpun.exe [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [19912.67 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [4699.66 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [2441.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.48BA23373D43BDCD0CEAC891AF7B7226] - |A| - [20/10/2010 09:37:40] - (.-.) - [118.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IScrNB.bmp [MD5.63CE6059F6DC469D919A01A123F7CB84] - |A| - [30/10/2015 07:44:55] - (.-.) - [146 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [518 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [420.5 Ko] - C:\WINDOWS\System32\ja-JP [MD5.51A850830CB841FBE5B90142BCC6B854] - |A| - [20/10/2010 11:21:46] - (.Copyright © 2010 - Java(TM) Platform SE binary.) - [141.78 Ko] - (6.0.220.4) - C:\WINDOWS\System32\java.exe [MD5.87893167C98FCEF5D14077511F219B75] - |A| - [20/10/2010 11:21:46] - (.Copyright © 2010 - Java(TM) Platform SE binary.) - [141.78 Ko] - (6.0.220.4) - C:\WINDOWS\System32\javaw.exe [MD5.42278A946AB729CB746AA47D48F5FCC0] - |A| - [20/10/2010 11:21:46] - (.Copyright © 2010 - Java(TM) Web Start Launcher.) - [149.78 Ko] - (6.0.220.4) - C:\WINDOWS\System32\javaws.exe [MD5.3A36BEB47E431C7681B2849D79DCCCAA] - |A| - [20/10/2010 11:20:40] - (.-.) - [5.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\jupdate-1.6.0_22-b04.log [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [417 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [20/10/2010 09:37:40] - [1468.03 Ko] - C:\WINDOWS\System32\Lang [MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [30/10/2015 07:44:52] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [73.22 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [11601.8 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [234 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [235 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [24283.84 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:37:08] - [0 Ko] - C:\WINDOWS\System32\manifeststore [MD5.8717CC8AACB08DE08B42CCA9E168532E] - |A| - [22/06/2015 02:51:24] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [510.45 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.299155DD5ACA5F9B36E0800C78D77878] - |A| - [22/06/2015 02:51:24] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [856.33 Ko] - (4.12.5.0) - C:\WINDOWS\System32\MaxxAudioAPOShell.dll [MD5.A847DBA2BCB78875B47E41CE934E13EB] - |A| - [22/06/2015 02:51:28] - (.Copyright © 1996-2013 -.) - [26974.38 Ko] - (1.7.3.0) - C:\WINDOWS\System32\MaxxAudioVnA.dll [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [30/10/2015 07:44:52] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |SD| - [13/02/2016 05:12:18] - [17.41 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:13:35] - [5393.63 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [39026.01 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [27/08/2013 16:29:03] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [4180.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [17/05/2016 11:38:03] - [6153.42 Ko] - C:\WINDOWS\System32\msmq [MD5.18403DE4979A328F21279DECB2E4298F] - |A| - [30/10/2015 07:45:11] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqpub.mof [MD5.E0640DE5407EEE4C6E16D839243B71F9] - |A| - [30/10/2015 07:45:11] - (.-.) - [8.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrc.mof [MD5.3ED9AC3EE11EE2C16E2E41F0DC4BAD42] - |A| - [30/10/2015 07:45:11] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrcRemove.mof [MD5.7A48941BD36C50DC2D66F0BBA701A73E] - |A| - [13/02/2016 13:58:24] - (.-.) - [172 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MTFServer.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [19.65 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [480.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [384 Ko] - C:\WINDOWS\System32\NDF [MD5.2ABDFF7FAC73445BF0A1C615B8A9C8BE] - |A| - [17/05/2016 10:50:13] - (.-.) - [25.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [30/10/2015 07:44:37] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [102 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [500 Ko] - C:\WINDOWS\System32\nl-NL [MD5.A6721EC6819576FC083289F64ED62116] - |A| - [22/06/2015 02:51:24] - (.© QSound Labs, Inc. - nQ APO.) - [81.41 Ko] - (6.0.0.0) - C:\WINDOWS\System32\nQAPO.dll [MD5.3B96EBC0D81036C26496DB33EBF2CA18] - |A| - [22/06/2015 02:49:50] - (.(c) QSound Labs, Inc. -.) - [83 Ko] - (6.0.6001.1) - C:\WINDOWS\System32\nQPropPageExt.dll [MD5.00000000000000000000000000000000] - |SD| - [30/10/2015 07:48:45] - [16570.66 Ko] - C:\WINDOWS\System32\Nui [MD5.DE4FA2E0FBF5D7CAF54977DE21949EC2] - |A| - [30/10/2015 07:48:49] - (.-.) - [15.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |A| - [30/10/2015 07:44:42] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [11134.36 Ko] - C:\WINDOWS\System32\oobe [MD5.42D2360079B1DF3230024AE920737367] - |A| - [30/10/2015 07:44:52] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.48036B7F36947D25DFB520D24EB3C99E] - |A| - [30/10/2015 07:49:53] - (.-.) - [162.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.64EAF3F99A00A58AAA6A1B680FDAB839] - |A| - [13/02/2016 13:56:33] - (.-.) - [186.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [30/10/2015 07:49:53] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |A| - [13/02/2016 13:56:33] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.7698F54AF3EC4DFCB14BD9EAC2E94D5A] - |A| - [30/10/2015 07:49:53] - (.-.) - [793.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.156851E4F4ED625289EC29B40B05AD92] - |A| - [13/02/2016 13:56:33] - (.-.) - [893.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.FE540AE9E069C0936676F3C6BEF0B605] - |A| - [17/05/2016 10:54:02] - (.-.) - [2036.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [499.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [291.5 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [13/02/2016 13:56:20] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.431432A91CD1CA3CEFFFE024AFCAD5F8] - |A| - [22/06/2015 02:49:50] - (.TODO: (c) . - TODO: .) - [55.15 Ko] - (1.0.0.1) - C:\WINDOWS\System32\PropPageExt.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [30/10/2015 07:44:39] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [502.5 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [498 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [1.8 Ko] - C:\WINDOWS\System32\Recovery [MD5.83C7F778129D2C79DF276E0E7A7A2654] - |A| - [30/10/2015 07:45:46] - (.-.) - [6.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.46E400D1AC15E86DEAA7305AEAE0D5ED] - |A| - [30/10/2015 07:45:46] - (.-.) - [6.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.2C4FD464C19BE020D1C4BCCBE21CBD78] - |A| - [30/10/2015 07:45:46] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriLMImageList [MD5.04E2BD7D082337A2290D4612AE573F22] - |A| - [30/10/2015 07:45:46] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriULMImageList [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [0 Ko] - C:\WINDOWS\System32\restore [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [239.5 Ko] - C:\WINDOWS\System32\ro-RO [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [496 Ko] - C:\WINDOWS\System32\ru-RU [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [30/10/2015 07:45:45] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [30/10/2015 07:44:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [241 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [236.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [24/05/2016 10:25:10] - [0 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [13/02/2016 13:56:20] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [30/10/2015 07:44:52] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:13:31] - [9537.02 Ko] - C:\WINDOWS\System32\SMI [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [6498.34 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [6111.38 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [98634.76 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [6070.46 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [23.67 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [06/01/2012 10:10:23] - [1699 Ko] - C:\WINDOWS\System32\SPReview [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [240 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [30/10/2015 07:44:43] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [17/05/2016 10:51:20] - [1854.71 Ko] - C:\WINDOWS\System32\SRSLabs [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [3400 Ko] - C:\WINDOWS\System32\sru [MD5.B59958CD06C9F89C39281FB12F1BB233] - |A| - [30/10/2015 07:45:11] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\staticurllist.bin [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [484.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:13:35] - [1281.94 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [961.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [547.34 Ko] - C:\WINDOWS\System32\Tasks [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [30/10/2015 07:45:02] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [224.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [482 Ko] - C:\WINDOWS\System32\tr-TR [MD5.19C97B5E64AE8CC148FD7CF967D7A67A] - |A| - [20/10/2010 09:37:40] - (.Copyright © 2006 - Intel(R) TVWizard.) - [389 Ko] - (1.0.1.0) - C:\WINDOWS\System32\TVWizudlg.exe [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [235.5 Ko] - C:\WINDOWS\System32\uk-UA [MD5.CC7C694B2BD1510C5AAE7374A5B52B92] - |A| - [03/02/1999 07:45:42] - (.-.) - [26.46 Ko] - (2.0.0.5215) - C:\WINDOWS\System32\VBAFR32.OLB [MD5.5CB2E8BB1047977D2C21DCF7DD6F5262] - |A| - [22/06/2015 02:51:26] - (.(c) VIA Technologies, Inc. - ViaKaraoke APO.) - [1015.14 Ko] - (0.1.0.0) - C:\WINDOWS\System32\ViaKaraokeApo.dll [MD5.0B6B8D484F9A78DBD1B4B460EE43D00C] - |A| - [22/06/2015 02:49:50] - (.(c)VIA Technologies,Inc. - VIA APO for MicArray Applications..) - [118.15 Ko] - (0.2.0.0) - C:\WINDOWS\System32\ViaKaraokePropPageExt.dll [MD5.08E02A6C3AD33057DFC8E33D26BFA06C] - |A| - [22/06/2015 02:49:50] - (.(c) VIA Technologies, Inc. - Service binary.) - [35.65 Ko] - (0.1.0.0) - C:\WINDOWS\System32\ViakaraokeSrv.exe [MD5.DB403A70369853E9ADACAEFA71A6AD47] - |A| - [22/06/2015 02:51:26] - (.(c)Copyright Reserved. VIA Technologies,Inc. - ViaMicArray APO.) - [1682.41 Ko] - (0.5.0.0) - C:\WINDOWS\System32\ViaMicArrayAPO.dll [MD5.03605DD600F421F794B2CBF27DDA492A] - |A| - [22/06/2015 02:49:50] - (.VIA Technologies,Inc. - VIA APO for MicArray Applications..) - [93.15 Ko] - (0.5.0.0) - C:\WINDOWS\System32\ViaMicArrayPropPageExt.dll [MD5.EA8BEC022D0471EADADBF103693EFC52] - |A| - [22/06/2015 02:49:50] - (.VIA Technologies, Inc. - VIA LFX/GFX DSP UI component.) - [2487.2 Ko] - (11.5.0.20) - C:\WINDOWS\System32\VIAPropPageExt.dll [MD5.B81078E0784B112A84A709703FAF4C9F] - |A| - [22/06/2015 02:51:26] - (.Copyright (c) VIA Technologies, Inc. All Rights Reserved - VIA LFX/GFX DSP Component.) - [1077.55 Ko] - (1.0.0.0) - C:\WINDOWS\System32\VIASysFx.dll [MD5.56F1956227924F6DB0D04C090FFC085F] - |A| - [22/06/2015 02:51:26] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Creative Chaining Property Page Loader Module.) - [52.05 Ko] - (1.0.0.180) - C:\WINDOWS\System32\VMPPCN32.DLL [MD5.6A3941EE0A6F4CA7CCAB9F73FE4D3AD6] - |A| - [22/06/2015 02:51:26] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Property Page Loader Module.) - [55.09 Ko] - (1.0.54.0) - C:\WINDOWS\System32\VMPPLD32.DLL [MD5.F46E5668AD7358FDDF2D1C43655389EB] - |A| - [22/06/2015 02:51:26] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [326.02 Ko] - (1.0.0.220) - C:\WINDOWS\System32\VMWRP32.DLL [MD5.00000000000000000000000000000000] - |D| - [20/10/2010 11:08:11] - [0 Ko] - C:\WINDOWS\System32\Wat [MD5.85601D19C07EE15976DB0629AB555B04] - |A| - [22/06/2015 02:51:26] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [1805.55 Ko] - (4.4.3.0) - C:\WINDOWS\System32\WavesGUILib.dll [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [71786.4 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [13/02/2016 13:56:20] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [93250.55 Ko] - C:\WINDOWS\System32\WDI [MD5.BDDF10F9D8E179323BC1B49603809EB0] - |A| - [30/10/2015 07:44:44] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:37:09] - [0 Ko] - C:\WINDOWS\System32\wfp [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [1.09 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [48815.5 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [8619.71 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [129332 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [3696 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [13/02/2016 13:56:20] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [30/10/2015 07:45:11] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |A| - [30/10/2015 07:45:11] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WpcNBModel.bin [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [30/10/2015 07:44:57] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.00000000000000000000000000000000] - |D| - [20/10/2010 09:31:13] - [0 Ko] - C:\WINDOWS\System32\x64 [MD5.00000000000000000000000000000000] - |D| - [17/05/2016 11:38:03] - [10.16 Ko] - C:\WINDOWS\System32\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [390.5 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [385.5 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 07:48:45] - [385.5 Ko] - C:\WINDOWS\System32\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\CLUB OUSTAOU\AppData\Roaming [17/05/2016 10:54:57] "Local AppData"=C:\Users\CLUB OUSTAOU\AppData\Local [17/05/2016 10:54:57] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Libraries [20/10/2010 09:29:31] "My Video"=C:\Users\CLUB OUSTAOU\Videos [20/10/2010 09:29:18] "My Pictures"=C:\Users\CLUB OUSTAOU\Pictures [20/10/2010 09:29:18] "Desktop"=C:\Users\CLUB OUSTAOU\Desktop [20/10/2010 09:29:18] "History"=C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\Windows\History [20/10/2010 09:29:18] "NetHood"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Network Shortcuts [17/05/2016 10:54:57] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\CLUB OUSTAOU\Contacts [20/10/2010 09:29:22] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\Windows\RoamingTiles [17/05/2016 11:20:38] "Cookies"=C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\Windows\INetCookies [20/10/2010 09:29:18] "Favorites"=C:\Users\CLUB OUSTAOU\Favorites [20/10/2010 09:29:18] "SendTo"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\SendTo [17/05/2016 10:54:57] "Start Menu"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu [17/05/2016 10:54:57] "My Music"=C:\Users\CLUB OUSTAOU\Music [20/10/2010 09:29:18] "Programs"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [17/05/2016 10:54:57] "Recent"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Recent [20/10/2010 09:29:18] "CD Burning"=C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\Windows\Burn\Burn [17/05/2016 11:25:28] "PrintHood"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [17/05/2016 10:54:57] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\CLUB OUSTAOU\Searches [20/10/2010 09:29:31] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\CLUB OUSTAOU\Downloads [20/10/2010 09:29:18] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\CLUB OUSTAOU\AppData\LocalLow [20/10/2010 09:29:18] "Startup"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [20/10/2010 09:29:31] "Administrative Tools"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [20/10/2010 09:29:31] "Personal"=C:\Users\CLUB OUSTAOU\Documents [20/10/2010 09:29:18] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\CLUB OUSTAOU\Links [20/10/2010 09:29:18] "Cache"=C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\Windows\INetCache [17/05/2016 10:54:57] "Templates"=C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Templates [17/05/2016 10:54:57] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\CLUB OUSTAOU\Saved Games [20/10/2010 09:29:18] "Fonts"=C:\WINDOWS\Fonts [30/10/2015 07:48:45] [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/10/2015 07:48:44] "Common AppData"=C:\ProgramData [30/10/2015 07:48:44] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 04:37:05] "Common Documents"=C:\Users\Public\Documents [14/07/2009 04:37:05] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [30/10/2015 07:48:44] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [30/10/2015 07:48:44] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [30/10/2015 07:48:44] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 04:37:05] "CommonMusic"=C:\Users\Public\Music [14/07/2009 04:37:05] "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 04:37:05] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 04:37:05] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [Administrateur] [13/02/2016 14:15:02] - |D| - [128728561] - C:\Users\Administrateur\AppData\Local [13/02/2016 14:15:02] - |D| - [0] - C:\Users\Administrateur\AppData\LocalLow [13/02/2016 14:15:02] - |D| - [132792] - C:\Users\Administrateur\AppData\Roaming [13/02/2016 14:17:04] - |D| - [0] - C:\Users\Administrateur\AppData\Local\ActiveSync [13/02/2016 14:15:02] - |SHD| - [1322310241] - C:\Users\Administrateur\AppData\Local\Application Data [13/02/2016 14:15:02] - |SHD| - [130] - C:\Users\Administrateur\AppData\Local\Historique [13/02/2016 14:20:45] - |AH| - [3724] - C:\Users\Administrateur\AppData\Local\IconCache.db [13/02/2016 14:15:02] - |D| - [114376124] - C:\Users\Administrateur\AppData\Local\Microsoft [13/02/2016 14:15:06] - |D| - [3264937] - C:\Users\Administrateur\AppData\Local\Packages [13/02/2016 14:15:02] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Temp [13/02/2016 14:15:02] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files [13/02/2016 14:15:06] - |D| - [11083776] - C:\Users\Administrateur\AppData\Local\TileDataLayer [13/02/2016 14:18:38] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\Adobe [13/02/2016 14:15:02] - |SD| - [132792] - C:\Users\Administrateur\AppData\Roaming\Microsoft [13/02/2016 14:18:39] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [13/02/2016 14:15:02] - |SHD| - [18848] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [13/02/2016 14:15:02] - |RD| - [18848] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [13/02/2016 14:15:02] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [13/02/2016 14:15:02] - |RD| - [2921] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [13/02/2016 14:18:39] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [13/02/2016 14:18:39] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [13/02/2016 14:15:02] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [13/02/2016 14:19:26] - |A| - [2401] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [13/02/2016 14:18:39] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [13/02/2016 14:15:02] - |RD| - [5318] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [13/02/2016 14:15:02] - |RSD| - [3628] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [13/02/2016 14:18:39] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [CLUB OUSTAOU] [17/05/2016 10:54:57] - |D| - [1319572454] - C:\Users\CLUB OUSTAOU\AppData\Local [20/10/2010 09:29:18] - |D| - [25321601] - C:\Users\CLUB OUSTAOU\AppData\LocalLow [17/05/2016 10:54:57] - |D| - [74133068] - C:\Users\CLUB OUSTAOU\AppData\Roaming [17/05/2016 11:22:38] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\ActiveSync [20/10/2010 09:54:16] - |D| - [19107495] - C:\Users\CLUB OUSTAOU\AppData\Local\Adobe [17/05/2016 10:54:58] - |SHD| - [14069085695] - C:\Users\CLUB OUSTAOU\AppData\Local\Application Data [17/09/2015 09:56:07] - |D| - [200069589] - C:\Users\CLUB OUSTAOU\AppData\Local\Avg [29/10/2015 11:44:21] - |D| - [9529492] - C:\Users\CLUB OUSTAOU\AppData\Local\AvgSetupLog [29/11/2016 12:29:52] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\CEF [17/05/2016 14:45:48] - |D| - [22028308] - C:\Users\CLUB OUSTAOU\AppData\Local\Comms [03/09/2013 15:44:37] - |A| - [5120] - C:\Users\CLUB OUSTAOU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [20/06/2016 10:04:39] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\Diagnostics [03/11/2010 11:03:16] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\ElevatedDiagnostics [13/11/2014 16:16:48] - |SHD| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\EmieBrowserModeList [17/04/2014 10:16:03] - |SHD| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\EmieSiteList [17/04/2014 10:16:03] - |SHD| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\EmieUserList [20/10/2010 13:38:37] - |A| - [55232] - C:\Users\CLUB OUSTAOU\AppData\Local\GDIPFONTCACHEV1.DAT [26/03/2013 12:50:17] - |D| - [418612329] - C:\Users\CLUB OUSTAOU\AppData\Local\Google [02/06/2015 10:01:20] - |D| - [71] - C:\Users\CLUB OUSTAOU\AppData\Local\GWX [17/05/2016 10:54:58] - |SHD| - [580] - C:\Users\CLUB OUSTAOU\AppData\Local\Historique [17/05/2016 12:05:31] - |AH| - [145214] - C:\Users\CLUB OUSTAOU\AppData\Local\IconCache.db [29/10/2015 11:44:00] - |D| - [14990507] - C:\Users\CLUB OUSTAOU\AppData\Local\MFAData [17/05/2016 10:54:57] - |D| - [497244830] - C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft [20/10/2010 16:31:16] - |D| - [1351251] - C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft Games [20/10/2010 11:01:04] - |D| - [4] - C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft Help [17/05/2016 11:25:44] - |D| - [82095] - C:\Users\CLUB OUSTAOU\AppData\Local\MicrosoftEdge [26/05/2016 11:10:26] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\NetworkTiles [17/05/2016 11:20:26] - |D| - [107847961] - C:\Users\CLUB OUSTAOU\AppData\Local\Packages [20/10/2010 11:10:21] - |D| - [40960] - C:\Users\CLUB OUSTAOU\AppData\Local\Power2Go [15/11/2016 12:33:13] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\Programs [17/05/2016 11:22:39] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\Publishers [17/05/2016 10:54:57] - |D| - [749252] - C:\Users\CLUB OUSTAOU\AppData\Local\Temp [17/05/2016 10:54:58] - |SHD| - [71650197] - C:\Users\CLUB OUSTAOU\AppData\Local\Temporary Internet Files [20/03/2017 14:50:11] - |D| - [15252712] - C:\Users\CLUB OUSTAOU\AppData\Local\Thunderbird [17/05/2016 11:20:10] - |D| - [12460032] - C:\Users\CLUB OUSTAOU\AppData\Local\TileDataLayer [20/10/2010 09:29:19] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Local\VirtualStore [18/04/2013 13:54:56] - |D| - [1828531] - C:\Users\CLUB OUSTAOU\AppData\LocalLow\Adobe [20/10/2010 09:39:19] - |SD| - [1255000] - C:\Users\CLUB OUSTAOU\AppData\LocalLow\Microsoft [20/10/2010 10:07:18] - |D| - [22238070] - C:\Users\CLUB OUSTAOU\AppData\LocalLow\Sun [04/10/2012 15:25:18] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\LocalLow\Temp [20/10/2010 09:54:16] - |D| - [7166350] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Adobe [30/03/2017 09:55:41] - |D| - [2099588] - C:\Users\CLUB OUSTAOU\AppData\Roaming\AVAST Software [22/03/2016 16:14:56] - |D| - [12821] - C:\Users\CLUB OUSTAOU\AppData\Roaming\AVG [21/10/2010 14:37:05] - |D| - [4770] - C:\Users\CLUB OUSTAOU\AppData\Roaming\CyberLink [20/10/2010 09:29:23] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Identities [20/10/2010 13:25:10] - |D| - [939] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Macromedia [20/10/2010 09:29:18] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Media Center Programs [17/05/2016 10:54:57] - |SD| - [8574830] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft [20/03/2017 14:50:16] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Mozilla [20/10/2010 10:17:16] - |D| - [2616305] - C:\Users\CLUB OUSTAOU\AppData\Roaming\OpenOffice.org [04/10/2011 15:14:03] - |D| - [282] - C:\Users\CLUB OUSTAOU\AppData\Roaming\PhotoFiltre [24/11/2016 11:58:06] - |D| - [77] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Skype [20/03/2017 14:48:18] - |D| - [69366] - C:\Users\CLUB OUSTAOU\AppData\Roaming\SumatraPDF [20/03/2017 14:50:11] - |D| - [49074246] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Thunderbird [22/03/2016 16:13:44] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Roaming\TuneUp Software [17/12/2013 11:46:04] - |D| - [85222] - C:\Users\CLUB OUSTAOU\AppData\Roaming\vlc [30/03/2017 09:27:40] - |D| - [4428272] - C:\Users\CLUB OUSTAOU\AppData\Roaming\ZHP [20/10/2010 09:29:31] - |ASH| - [174] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [17/05/2016 10:54:58] - |SHD| - [35749] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [17/05/2016 10:54:57] - |RD| - [35749] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [17/05/2016 10:54:57] - |RD| - [3888] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [17/05/2016 10:54:57] - |RD| - [4235] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [20/10/2010 09:29:31] - |RD| - [174] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [17/05/2016 11:20:38] - |ASH| - [174] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [17/05/2016 11:28:05] - |A| - [1051] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk [20/10/2010 09:49:52] - |D| - [13221] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools [17/05/2016 10:54:57] - |D| - [170] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [17/05/2016 12:05:30] - |A| - [2432] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [04/10/2011 15:13:56] - |D| - [0] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre [20/10/2010 09:29:31] - |RD| - [1458] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [17/05/2016 10:54:57] - |RD| - [5318] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [17/05/2016 10:54:57] - |RSD| - [3628] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [20/10/2010 09:29:31] - |ASH| - [174] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [08/03/2011 10:47:57] - |A| - [1284] - C:\Users\CLUB OUSTAOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk ---------- | [Public] [26/01/2011 14:20:56] - |D| - [0] - C:\Users\Public\AppData\Local [26/01/2011 14:20:56] - |D| - [0] - C:\Users\Public\AppData\Local\temp ---------- | C:\ProgramData [20/10/2010 09:39:54] - |D| - [815256764] - C:\ProgramData\Adobe [17/05/2016 11:11:56] - |SHD| - [19938167743] - C:\ProgramData\Application Data [30/03/2017 09:51:06] - |D| - [13386600] - C:\ProgramData\AVAST Software [14/01/2016 16:04:56] - |AD| - [160] - C:\ProgramData\Avg [26/01/2011 14:23:46] - |D| - [233488266] - C:\ProgramData\avg9 [20/10/2010 09:29:07] - |SHD| - [11926] - C:\ProgramData\Bureau [20/10/2010 13:15:12] - |HD| - [173927] - C:\ProgramData\CanonBJ [17/03/2011 10:39:16] - |HD| - [288] - C:\ProgramData\Common Files [30/10/2015 07:48:44] - |D| - [0] - C:\ProgramData\Comms [20/10/2010 09:43:39] - |D| - [147973] - C:\ProgramData\CyberLink [17/05/2016 11:11:56] - |SHD| - [278] - C:\ProgramData\Documents [20/10/2010 09:29:07] - |SHD| - [0] - C:\ProgramData\Favoris [07/03/2017 11:33:33] - |D| - [93683907] - C:\ProgramData\Malwarebytes [20/10/2010 09:29:07] - |SHD| - [130379] - C:\ProgramData\Menu Démarrer [29/07/2015 10:30:07] - |D| - [23976] - C:\ProgramData\MFAData [30/10/2015 07:48:44] - |SD| - [519496411] - C:\ProgramData\Microsoft [20/10/2010 11:01:02] - |D| - [3017034] - C:\ProgramData\Microsoft Help [13/02/2016 14:18:55] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [20/10/2010 09:29:07] - |SHD| - [31386] - C:\ProgramData\Modèles [30/10/2015 07:48:44] - |D| - [1000] - C:\ProgramData\regid.1991-06.com.microsoft [30/10/2015 07:48:44] - |D| - [0] - C:\ProgramData\SoftwareDistribution [20/10/2010 10:07:44] - |D| - [154] - C:\ProgramData\Sun [20/10/2010 09:41:07] - |D| - [196821] - C:\ProgramData\Temp [30/10/2015 07:48:44] - |D| - [2487] - C:\ProgramData\USOPrivate [13/02/2016 14:15:56] - |D| - [1933312] - C:\ProgramData\USOShared ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [30/10/2015 07:48:46] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [20/10/2010 11:16:54] - |A| - [2687] - C:\ProgramData\Microsoft\Windows\Start Menu\Nouveau document Microsoft Office.lnk [20/10/2010 11:16:54] - |A| - [2683] - C:\ProgramData\Microsoft\Windows\Start Menu\Ouvrir un document Microsoft Office.lnk [20/10/2010 09:29:07] - |SHD| - [124835] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [30/10/2015 07:48:44] - |RD| - [124835] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [30/10/2015 07:48:44] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [30/10/2015 07:48:44] - |RD| - [18364] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [30/10/2015 07:48:44] - |RD| - [19184] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/04/2013 13:54:04] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [30/03/2017 09:55:06] - |A| - [2164] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [30/03/2017 10:00:15] - |A| - [1197] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk [02/03/2017 11:57:06] - |D| - [1138] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [30/10/2015 07:48:46] - |ASH| - [1140] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/10/2015 07:45:06] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk [30/10/2015 07:45:47] - |RAS| - [2197] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk [14/07/2009 06:52:30] - |RD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [30/10/2015 07:45:47] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [25/04/2013 10:58:38] - |D| - [2655] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jeu de Belote [30/10/2015 07:48:44] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [07/03/2017 11:33:39] - |D| - [4299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [20/10/2010 11:16:54] - |D| - [29729] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [30/10/2015 07:44:52] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [20/10/2010 10:08:21] - |SD| - [7398] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2 [04/10/2011 15:13:56] - |D| - [4110] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre [20/03/2017 14:56:44] - |D| - [3606] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [30/10/2015 07:45:46] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [30/10/2015 07:45:00] - |RAS| - [1588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk [30/10/2015 07:48:44] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [20/03/2017 14:48:13] - |A| - [1948] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk [30/10/2015 07:48:44] - |RD| - [4033] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [17/12/2013 11:43:05] - |D| - [6522] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [17/05/2016 11:00:21] - |A| - [1544] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [30/10/2015 07:48:46] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files [18/04/2013 13:53:59] - |D| - [184640757] - C:\Program Files\Adobe [30/03/2017 09:51:52] - |D| - [1666665324] - C:\Program Files\AVAST Software [20/10/2010 10:19:14] - |D| - [232924] - C:\Program Files\AVG [02/03/2017 11:57:02] - |AD| - [11091816] - C:\Program Files\CCleaner [30/10/2015 07:13:31] - |D| - [351131317] - C:\Program Files\Common Files [20/10/2010 09:48:49] - |D| - [240461378] - C:\Program Files\CyberLink [30/10/2015 07:48:46] - |ASH| - [174] - C:\Program Files\desktop.ini [14/07/2009 06:52:30] - |D| - [0] - C:\Program Files\DVD Maker [20/10/2010 09:29:07] - |SHD| - [351131317] - C:\Program Files\Fichiers communs [26/03/2013 12:50:17] - |D| - [64934489] - C:\Program Files\Google [20/10/2010 09:49:52] - |D| - [27685121] - C:\Program Files\InstallShield Installation Information [20/10/2010 09:37:40] - |D| - [12036242] - C:\Program Files\Intel [30/10/2015 07:48:44] - |D| - [2648636] - C:\Program Files\Internet Explorer [15/11/2016 12:33:14] - |AD| - [1729909] - C:\Program Files\ItinéraireInfoInstaller [20/10/2010 10:07:30] - |D| - [90682455] - C:\Program Files\Java [20/10/2010 10:07:59] - |AD| - [16295712] - C:\Program Files\JRE [07/03/2017 11:33:33] - |D| - [112450677] - C:\Program Files\Malwarebytes [25/04/2013 10:56:45] - |D| - [56034868] - C:\Program Files\Micro Application [14/07/2009 06:52:30] - |D| - [2680] - C:\Program Files\Microsoft Games [20/10/2010 11:14:19] - |AD| - [379606635] - C:\Program Files\Microsoft Office [20/10/2010 11:16:20] - |D| - [3726168] - C:\Program Files\Microsoft Works [30/10/2015 07:48:44] - |D| - [8175999] - C:\Program Files\Microsoft.NET [09/06/2016 10:49:17] - |D| - [0] - C:\Program Files\Mozilla Firefox [20/03/2017 14:49:45] - |D| - [594] - C:\Program Files\Mozilla Maintenance Service [17/05/2016 11:38:03] - |D| - [25757] - C:\Program Files\MSBuild [20/10/2010 10:07:57] - |AD| - [386500907] - C:\Program Files\OpenOffice.org 3 [04/10/2011 15:13:56] - |D| - [3699431] - C:\Program Files\PhotoFiltre [17/05/2016 11:38:03] - |D| - [39191809] - C:\Program Files\Reference Assemblies [20/03/2017 14:48:12] - |AD| - [11100584] - C:\Program Files\SumatraPDF [13/02/2016 14:15:05] - |HD| - [0] - C:\Program Files\Uninstall Information [17/05/2016 10:51:21] - |D| - [2347216] - C:\Program Files\VIA [17/12/2013 11:42:55] - |D| - [103403220] - C:\Program Files\VideoLAN [30/10/2015 07:48:44] - |D| - [9044898] - C:\Program Files\Windows Defender [30/10/2015 07:48:44] - |D| - [5961728] - C:\Program Files\Windows Mail [30/10/2015 07:48:44] - |D| - [4863091] - C:\Program Files\Windows Media Player [30/10/2015 07:48:44] - |D| - [220064] - C:\Program Files\Windows Multimedia Platform [30/10/2015 07:48:44] - |D| - [7575610] - C:\Program Files\Windows NT [30/10/2015 07:48:44] - |D| - [5484224] - C:\Program Files\Windows Photo Viewer [30/10/2015 07:48:44] - |D| - [220064] - C:\Program Files\Windows Portable Devices [30/10/2015 07:48:44] - |SHD| - [0] - C:\Program Files\Windows Sidebar [30/10/2015 07:48:44] - |HD| - [1081044363] - C:\Program Files\WindowsApps [30/10/2015 07:48:44] - |SD| - [2856133] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files\Common Files [18/04/2013 13:53:59] - |AD| - [7781643] - C:\Program Files\Common Files\Adobe [30/03/2017 09:54:58] - |D| - [960376] - C:\Program Files\Common Files\AV [20/10/2010 09:50:42] - |D| - [114688] - C:\Program Files\Common Files\CyberLink [15/05/2014 17:01:57] - |AD| - [99992] - C:\Program Files\Common Files\DESIGNER [20/10/2010 11:23:45] - |D| - [1243079] - C:\Program Files\Common Files\Java [30/10/2015 07:48:44] - |AD| - [256142447] - C:\Program Files\Common Files\microsoft shared [30/10/2015 07:48:44] - |D| - [2702] - C:\Program Files\Common Files\Services [17/05/2016 10:57:07] - |D| - [41095079] - C:\Program Files\Common Files\SpeechEngines [30/10/2015 07:48:44] - |D| - [43691311] - C:\Program Files\Common Files\System ---------- | Tasks [MD5.F69DA46DE291BD5600E3E9B0745D8CB3] - [30/11/2012 10:04:37] - |A| - [1002] - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [13/02/2016 14:14:53] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.ED6DD5950F2F2B9AABE28AF8F0F28396] - [24/12/2014 15:46:06] - |A| - [4550] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.0913ABE46AFE78DF5047CDB8E92761CC] - [30/11/2012 10:04:37] - |A| - [4050] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.BC7125D74BB82557D3BA1F9DB3B29E40] - [30/03/2017 09:54:53] - |A| - [3994] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.00000000000000000000000000000000] - [30/03/2017 09:54:58] - |D| - [3968] - C:\WINDOWS\System32\Tasks\AVAST Software [MD5.950CA067543D2B59F17024BC3A813BDD] - [02/03/2017 11:57:07] - |A| - [2882] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.DEB14E0D91509A44490480134B70AB2B] - [20/10/2010 11:10:09] - |A| - [3672] - C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask : C:\Windows\System32\browserchoice.exe [MD5.00000000000000000000000000000000] - [30/10/2015 07:48:45] - |D| - [525822] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.8B2CB78CE11253016DA1E9138E6466B7] - [31/01/2017 11:01:39] - |A| - [3302] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.089BA90A7612634529645D0ADE0F1FAD] - [30/03/2017 10:00:16] - |A| - [4046] - C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1490860804 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe [MD5.7A8C7B7732E596D414FF98765807A09B] - [20/10/2010 09:55:43] - |A| - [4190] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{45E2904F-B521-4609-90B0-E0459DE87133} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [14/07/2009 06:54:35] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "DeliveryOptimization-TCP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "WirelessDisplay-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "MDNS-In-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "{C284CC9E-159F-4536-B05B-E0DDF988DE58}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "IIS-WebServerRole-HTTP-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30500|Desc=@%windir%\system32\inetsrv\iisres.dll,-30510|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30501| "IIS-WebServerRole-HTTPS-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=443|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30502|Desc=@%windir%\system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30503| "WCF-NetTcpActivator-In-TCP-32bit"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=808|Svc=NetTcpActivator|Name=@%systemroot%\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll,-2000|Desc=@%systemroot%\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll,-2001|EmbedCtxt=@%systemroot%\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll,-2002| "{37911A0F-D952-4C7B-98A8-4729CF499400}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2002| "{AEC14D58-4E43-4619-9B0E-A17A37484965}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE|Name=CyberLink PowerDVD 8.0|Desc=CyberLink PowerDVD 8.0| "{5BA9CEC8-4FDD-43CC-93E0-1C2332F1DE89}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{BF9FC829-CCFA-48CC-8580-24458A9617C5}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-1000|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{02A1742C-A833-447D-8879-7408541D78A6}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| "{A16075FB-0774-4971-BA9C-16404A28AB07}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| "{6FE6F384-60C2-42C9-9236-752801E6FC52}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-1000|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{78EB7273-F5CF-4668-86CE-8D30D214528E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-1000|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{F6D2EE06-6727-4EE5-A937-8B6975E5FBFB}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-1000|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{48C857BA-A4FA-41FB-846B-7901A874AF5A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-1000|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7698AC50-FB5A-4529-ADFA-E696D78C6D19}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-1000|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "{211B6E97-6CB3-4FC6-9E67-AE971856EDDB}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-1000|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{54EE5BA8-91C9-4AAE-822D-6B8570B02E18}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-1000|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{5139F11F-5482-4D55-9F0A-D8B4B1E19A14}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1559902248-2445429790-4024575060-1000|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security Accelerator [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{B95B836B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [30/10/2015 07:44:25] - (3.0.2.181) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw8.sys [30/10/2015 07:44:28] - (1.0.0.23) - (Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)) - C:\WINDOWS\System32\drivers\L1E62x86.sys [13/08/2004 09:56:20] - (1043.2.15.37) - ( - ATK0110 ACPI Utility) - C:\WINDOWS\system32\DRIVERS\ASACPI.sys [22/06/2015 02:49:50] - (6.0.11.800) - (VIA Technologies, Inc. - VIA High Definition Audio Function Driver) - C:\WINDOWS\system32\drivers\viahduaa.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdagp (@machine.inf,%amdagp_svcdesc%;AMD AGP Bus Filter Driver) -> System32\drivers\amdagp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Pilote de disque) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - gagp30kx (@agp.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - sisagp (@machine.inf,%sisagp_svcdesc%;SIS AGP Bus Filter) -> System32\drivers\sisagp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - uagp35 (@agp.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - viaagp (@machine.inf,%agpvia_svcdesc%;VIA AGP Bus Filter) -> System32\drivers\viaagp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> \SystemRoot\system32\drivers\aswbidsdriverx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswKbd (aswKbd) -> \SystemRoot\system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Parvdm () -> \SystemRoot\System32\drivers\parvdm.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAuth (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros Files whitelisted) [MD5.533B10DEEAB26696E6E36EC731B7D529] - [30/10/2015 07:44:28] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [83.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys [MD5.90D2195E7357C8A1450223BAEDC6F856] - [30/10/2015 07:44:28] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1013.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys [MD5.FB115921FA9C6ACB3D99A1BB95822983] - [30/10/2015 07:44:28] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [73.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys [MD5.0B0037ADF21A4A199356CCF43D0DBAAF] - [30/10/2015 07:44:28] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows family.) - [210.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys [MD5.22BA036FD3C92A6B44BEFB482D3C75D9] - [30/10/2015 07:44:28] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [22.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys [MD5.50964D19126E2154EAAC042E1475A420] - [30/10/2015 07:44:28] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [113.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys [MD5.D48659BB24C48345D926ECB45C1EBDF5] - [13/08/2004 09:56:20] - (.- ATK0110 ACPI Utility.) - [5.67 Ko] - (1043.2.15.37) - C:\WINDOWS\System32\Drivers\ASACPI.sys [MD5.045ED769BF5396D346FA7493F47DF811] - [30/10/2015 07:44:28] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [8 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys [MD5.E4D6B5E5E5CD2606391220B156235692] - [30/10/2015 07:44:28] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [8 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys [MD5.C5F43A40D9E09BE05DC6418BC23381F3] - [07/03/2017 11:33:59] - (.(C) Malwarebytes. - Malwarebytes Anti-Ransomware Protection.) - [85.45 Ko] - (3.0.0.253) - C:\WINDOWS\System32\Drivers\farflt.sys [MD5.916D0E02CE190CEAB13859159B0AC4D3] - [30/10/2015 07:44:28] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [55.34 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys [MD5.801117B7AA15AD1C341C3CF371AFF325] - [30/10/2015 07:44:25] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [64.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys [MD5.73EFE8A2747BB87F66B5646AA2262AE4] - [30/10/2015 07:44:28] - (.Intel Corporation. - Intel(R) Atom(TM) Processor GPIO Controller Driver.) - [21.5 Ko] - (6.3.9423.0) - C:\WINDOWS\System32\Drivers\iaiogpio.sys [MD5.646D3B416BC970C3CD2F53844FD156A5] - [30/10/2015 07:44:28] - (.© Intel Corporation. - Intel(R) Atom(TM) Processor I2C Controller Driver.) - [60.48 Ko] - (6.3.9423.0) - C:\WINDOWS\System32\Drivers\iaioi2c.sys [MD5.8CFFB5797ADA7215993581A5FA51EF16] - [30/10/2015 07:44:28] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x86.) - [512.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys [MD5.26D396F60FDD0313CD97B4750F4FCC84] - [30/10/2015 07:44:28] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - ia32.) - [325.84 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys [MD5.35CBB5A4A91DA63C8EE6F36FE9B1FDB5] - [23/03/2012 04:29:58] - (.Copyright (c) 1998-2006 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [4703 Ko] - (8.14.10.2697) - C:\WINDOWS\System32\Drivers\igdkmd32.sys [MD5.611CCF74A32835BD737B37A46E60E98E] - [30/10/2015 07:44:28] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [91.84 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys [MD5.09B3B5C44F4E6C3B088622727559FBDC] - [30/10/2015 07:44:28] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [86.84 Ko] - (2.0.76.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys [MD5.497BA2351A7748EAD8C5F78EAB02DF7B] - [30/10/2015 07:44:28] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [81.34 Ko] - (2.50.96.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys [MD5.E9395CB4168B9D2F3A8E3CF18F2E21C1] - [30/10/2015 07:44:28] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [67.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys [MD5.6CAE869A16BC8EFD7D7939AD27FBADA5] - [07/03/2017 11:33:37] - (.-.) - [58.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\mbae.sys [MD5.D9351F554ED0784764DB0564186906AE] - [07/03/2017 11:33:53] - (.(C) Malwarebytes. - Malwarebytes Real-Time Protection.) - [38.44 Ko] - (3.0.0.83) - C:\WINDOWS\System32\Drivers\mbam.sys [MD5.7023B5835A1D6E5C69518AB6FED7DD0C] - [07/03/2017 11:34:03] - (.(C) Malwarebytes. - Malwarebytes Chameleon.) - [149.44 Ko] - (3.0.0.149) - C:\WINDOWS\System32\Drivers\MBAMChameleon.sys [MD5.BF7D701D9EDDA9737DF8A39C1C0B8210] - [07/03/2017 11:33:49] - (.(C) Malwarebytes. - Malwarebytes SwissArmy.) - [213.94 Ko] - (4.2.0.101) - C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [MD5.9996A2D4AA02E7EC365CB002623BEDD8] - [30/10/2015 07:44:28] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [50.84 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys [MD5.EC4C9BD08D216E50C39BBEF14EE288EA] - [30/10/2015 07:44:28] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [453.84 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys [MD5.269D818745A242640355702646A74B99] - [30/10/2015 07:44:28] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [56.84 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys [MD5.72793AED42960DF58DB51CDF6B1F22A8] - [07/03/2017 11:33:59] - (.(C) Malwarebytes. - Malwarebytes Web Protection.) - [71.44 Ko] - (3.0.0.126) - C:\WINDOWS\System32\Drivers\mwac.sys [MD5.F3A3A757559C735001AC71A191577E8B] - [30/10/2015 07:44:28] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [116.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys [MD5.4EACAB016B1239921387500173BFAE41] - [30/10/2015 07:44:28] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [138.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys [MD5.8763C09E1C0DC49D6C96E12364387B89] - [30/10/2015 07:44:28] - (.Copyright © LSI Corporation 2014 - MEGASAS RAID Controller Driver for Windows.) - [49.84 Ko] - (6.803.21.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys [MD5.70BE20D700E853153AAEF254B56B8EB3] - [30/10/2015 07:44:28] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [50.34 Ko] - (6.602.12.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys [MD5.CB00A2CA0B4B236D59837B9C43104E6B] - [30/10/2015 07:44:28] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [40.34 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys [MD5.18706B3C33D8A5AE575BD7922846497E] - [30/10/2015 07:44:28] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [77.34 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys [MD5.D4379D5350797ED7E8DB376BA2607242] - [30/10/2015 07:44:28] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x86.) - [26.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys [MD5.CF2BE06DE822624CF88E8C99A13519E1] - [22/06/2015 02:49:50] - (.Copyright © Creative Technology Ltd. 2009 - Creative Audio Driver.) - [33.7 Ko] - (6.10.0.8) - C:\WINDOWS\System32\Drivers\VMfilt32.sys [MD5.72AECD924E0FC8E0241C1DEEA628F33A] - [30/10/2015 07:44:28] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR X86-32.) - [146.34 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys [MD5.1F1AD54C55038FE642AAB73C94BC48EF] - [30/10/2015 07:44:28] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [270.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS ---------- | Uninstall [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Critical Security Update] : (Critical Security Update.-.JNLP) -> C:\Windows\system32\javaws.exe -uninstall -prompt "http://sffog.8cianisto.info/637fd85ec02768f7c1793154544a3a54/a93b186c2361dffa805e3ba56c742252.jnlp" [HKU\S-1-5-21-1559902248-2445429790-4024575060-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PhotoFiltre] : (PhotoFiltre.-.) -> "C:\Program Files\PhotoFiltre\Uninst.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Avast Antivirus] : (Avast Antivirus Gratuit.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HDMI] : (Intel(R) Graphics Media Accelerator Driver.-.Intel Corporation) -> C:\Windows\system32\igxpun.exe -uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}] : (LG Power Tools.-.CyberLink Corp.) -> "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}] : (LG CyberLink PowerDVD.-.CyberLink Corp.) -> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}] : (LG CyberLink Power2Go.-.CyberLink Corp.) -> "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Jeu de Belote_is1] : (Jeu de Belote 1.0.-.Micro Application) -> "C:\Program Files\Micro Application\Tarot et Belote Deluxe 2\Jeu de Belote\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Picasa 3] : (Picasa 3.-.Google, Inc.) -> "C:\Program Files\Google\Picasa3\Uninstall.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SafeZone 3.55.2393.596] : (SafeZone Stable 3.55.2393.596.-.Avast Software) -> "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" /uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SumatraPDF] : (SumatraPDF.-.Krzysztof Kowalczyk) -> "C:\Program Files\SumatraPDF\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TVWiz] : (Intel(R) TV Wizard.-.Intel Corporation) -> C:\Windows\system32\TVWizudlg.exe -uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player 2.1.2.-.VideoLAN) -> C:\Program Files\VideoLAN\VLC\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0176CED7-7111-441F-BAF1-88DFF261DF66}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{064C1329-E15C-4FF4-8885-59BD5E355D8A}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0689F2A1-4544-4EFB-A6D4-4E1C39E74080}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0EC28962-27C8-4421-A3E9-1655D3AB63A9}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1E28E628-9CA3-469D-9F0A-2243C476D9B3}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}] : (LG Power Tools.-.CyberLink Corp.) -> "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{24C87FAC-EF2F-4624-9566-491C46B9DAF8}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{266517E6-D866-439D-919C-B8B1A52E6080}] : (OpenOffice.org 3.2.-.OpenOffice.org) -> MsiExec.exe /I{266517E6-D866-439D-919C-B8B1A52E6080} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}] : (Java(TM) 6 Update 22.-.Sun Microsystems, Inc.) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FB}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{293A7B52-A3D0-4D2E-9AC9-431C55C6E7F6}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}] : (LG CyberLink PowerDVD.-.CyberLink Corp.) -> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.0.4.1269.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}] : (LG CyberLink Power2Go.-.CyberLink Corp.) -> "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{433A0418-4611-4BFA-9312-F70093C2BCED}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{45245351-2F21-4425-B1CA-F4674DC4052E}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Sun Microsystems, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4F17CC19-ABCD-4E15-A073-711C0ABA23B4}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{58BD347A-F9F6-4BAC-8838-998D0BCB87CA}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{61737AF5-04A4-4235-A9BB-4216EBD9788D}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{61F008CF-1DEB-492E-B5BA-DD13E7F6A711}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6EC1F626-9982-4C4D-9EBF-F3DCBFF91D71}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{74619465-ECE2-4427-9665-B3B9BD488E54}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7AE38961-7ED2-48EE-AD99-1AE194B946D0}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] : (Visual Studio 2012 x86 Redistributables.-.AVG Technologies CZ, s.r.o.) -> MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A2B92392-DC17-416B-88F6-A6A55E053E32}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A8A8EAEE-61E6-40F8-906F-8B1A40FA16BC}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A937E511-F7B7-45F1-8C02-4A446E649529}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{ABED3E9A-2FE6-4306-B5FC-24FDC373A11D}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824166751}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824202044}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824202044} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AB0000000001}] : (Adobe Reader XI (11.0.10) - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AB0000000001} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AFAB7A83-B2FD-4514-AF2A-F34F55ADD0F6}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B55B479C-5CA9-41BD-9611-24BD3F9C39EA}_is1] : (ItinéraireInfoInstaller version 1.0.-.ItinéraireInfo) -> "C:\Program Files\ItinéraireInfoInstaller\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BBA78ED0-EFF6-4313-84BB-1F1E64D52482}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BBD335B6-C665-4107-BC62-78DAE36926C5}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD2736C9-B69A-4695-936E-A7D4992CA1BD}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D137D646-FC74-459D-B99F-270BDCC7E3DF}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E45F79CD-A5F3-42E4-BB96-D0076FECEAB3}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E6CF0766-938B-48C1-B2E0-921076CAE649}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EDB49F0A-CD98-405C-9FDE-D6E81CD931B9}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F20B7D85-4244-4E31-83CF-452CCCD6559E}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F2331EF8-07CA-42B2-8DED-A9DBF0E185DB}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F511A6EF-76D9-45A1-A9B7-72193F36E2CD}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F8A88C3B-95D7-4887-BAA6-0D8F31C223BD}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FA8DECDC-B351-4B6A-9820-6C818AEE4EDA}] : (.-.) -> ---------- | Ports ---------- | Installer [HKCR\Installer\Products\38E1FB04BE028D11795C00905C206085] : Power2Go -> C:\Windows\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe [HKCR\Installer\Products\42C6FBF1DF1C10144AB2C065F4E9E897] : PowerStarter -> C:\Windows\Installer\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF238120602FF] : Java(TM) 6 Update 22 [HKCR\Installer\Products\68AB67CA408033019195008142020244] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824202044}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744BA0000000010] : Adobe Reader XI (11.0.10) - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico [HKCR\Installer\Products\6E715662668DD93419C98B1B5AE20608] : OpenOffice.org 3.2 -> C:\Windows\Installer\{266517E6-D866-439D-919C-B8B1A52E6080}\soffice.ico [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A91FFE89BA03B4E49B340FB6C136BE8F] : Visual Studio 2012 x86 Redistributables [HKCR\Installer\Products\F13E2FB2BB8B7A046B05892DE8F0D774] : PowerDVD -> C:\Windows\Installer\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater ---------- | ADS ---------- | Drives Disk: 0 Size=238G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 100M Yes No 2,048 204,800 1 1 07-NTFS 238G No No 206,848 487,266,304 2 2 27-UNKNWN 450M No No 487,473,152 921,600 ---------- | MBR Windows Version: Windows Information: (build 9200), 32-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: System manufacturer System Product Name: System Product Name Logical Drives Mask: 0x0000001c Analysis of file "C:\QuickDiag\MBR.bin": Windows 7 MBR code detected Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.2.9200 Disk: WDC_WD2500AAJB-00J3A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys C:\WINDOWS\system32\drivers\aswSP.sys AVAST Software Avast Antivirus 1 nt!IofCallDriver[0x81CFB490] -> \Device\Harddisk0\DR0[0x88CB9030] 3 aswSP[0x86618651] -> nt!IofCallDriver[0x81CFB490] -> [0x88FF1950] 5 ACPI[0x85E81412] -> nt!IofCallDriver[0x81CFB490] -> \Device\Ide\IdeDeviceP0T0L0-0[0x897E4878] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } user & kernel MBR OK ---------- | 20 LastEventLog Échec de la sauvegarde. Raison : une erreur d'écriture s'est produite à l'emplacement de sauvegarde (E:\). Erreur : Emplacement de sauvegarde introuvable ou non valide. Vérifiez-le en passant en revue vos paramètres de sauvegarde. (0x81000006). ------------ Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez. ------------ Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion. ------------ Windows ne peut pas charger le profil stocké localement. Les causes possibles de cette erreur incluent des droits de sécurité insuffisants ou un profil local endommagé. DÉTAIL - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ------------ Windows ne peut pas charger le Registre. Ce problème est souvent causé par une mémoire insuffisante ou des droits d’accès insuffisants. DÉTAIL - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. pour C:\Users\DefaultAppPool\ntuser.dat ------------ Échec de la sauvegarde. Raison : une erreur d'écriture s'est produite à l'emplacement de sauvegarde (E:\). Erreur : Emplacement de sauvegarde introuvable ou non valide. Vérifiez-le en passant en revue vos paramètres de sauvegarde. (0x81000006). ------------ Échec de la sauvegarde. Raison : une erreur d'écriture s'est produite à l'emplacement de sauvegarde (E:\). Erreur : Emplacement de sauvegarde introuvable ou non valide. Vérifiez-le en passant en revue vos paramètres de sauvegarde. (0x81000006). ------------ La création du contexte d’activation a échoué pour « C:\Program Files\AVAST Software\Avast\x64\gaming_hook.exe ». Assembly dépendant Avast.VC140.CRT,processorArchitecture="amd64",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ ccsetup528 (4744) testing: L’erreur -1032 (0xfffffbf8) s’est produite lors de l’ouverture d’un fichier journal C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\Windows\WebCache\V01.log. ------------ ccsetup528 (4744) testing: Une tentative d’ouverture du fichier « C:\Users\CLUB OUSTAOU\AppData\Local\Microsoft\Windows\WebCache\V01.log » a échoué en indiquant l’erreur système 32 (0x00000020) : « Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.  ». L’opération d’ouverture de fichier échouera en indiquant l’erreur -1032 (0xfffffbf8). ------------ Échec de la sauvegarde. Raison : une erreur d'écriture s'est produite à l'emplacement de sauvegarde (E:\). Erreur : Emplacement de sauvegarde introuvable ou non valide. Vérifiez-le en passant en revue vos paramètres de sauvegarde. (0x81000006). ------------ Nom de l’application défaillante taskhostw.exe, version : 10.0.10586.0, horodatage : 0x5632d6d3 Nom du module défaillant : ntdll.dll, version : 10.0.10586.672, horodatage : 0x580eddc4 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0003b372 ID du processus défaillant : 0x1e68 Heure de début de l’application défaillante : 0x01d2b298fda84f4a Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\taskhostw.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : b3975bd3-e5eb-4feb-a68b-4d0630111a6e Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de la sauvegarde. Raison : une erreur d'écriture s'est produite à l'emplacement de sauvegarde (E:\). Erreur : Emplacement de sauvegarde introuvable ou non valide. Vérifiez-le en passant en revue vos paramètres de sauvegarde. (0x81000006). ------------ La création du contexte d’activation a échoué pour « C:\Program Files\AVAST Software\Avast\x64\gaming_hook.exe ». Assembly dépendant Avast.VC140.CRT,processorArchitecture="amd64",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « c:\program files\avast software\avast\x64\gaming_hook.exe ». Assembly dépendant Avast.VC140.CRT,processorArchitecture="amd64",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « C:\Program Files\AVAST Software\Avast\x64\gaming_hook.exe ». Assembly dépendant Avast.VC140.CRT,processorArchitecture="amd64",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll ». Assembly dépendant Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Nom de l’application défaillante IEXPLORE.EXE, version : 11.0.10586.672, horodatage : 0x580ef184 Nom du module défaillant : msvcrt.dll, version : 7.0.10586.0, horodatage : 0x5632d722 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000884fa ID du processus défaillant : 0x278 Heure de début de l’application défaillante : 0x01d2a7bfbc7f6cc9 Chemin d’accès de l’application défaillante : C:\Program Files\Internet Explorer\IEXPLORE.EXE Chemin d’accès du module défaillant: C:\WINDOWS\system32\msvcrt.dll ID de rapport : 8c901a23-403b-4a73-bf18-8ab1343f209b Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de la sauvegarde. Raison : une erreur d'écriture s'est produite à l'emplacement de sauvegarde (E:\). Erreur : Emplacement de sauvegarde introuvable ou non valide. Vérifiez-le en passant en revue vos paramètres de sauvegarde. (0x81000006). ------------ ----------( EOF)---------- - 3485 | 09:54:55