--------------- QuickDiag | g3n-h@ckm@n | V3_01.07.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 25/07/2017 19:27:52 Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [arthur (Administrator)] - [LAPTOP-K47H04LB] (S-1-5-21-2851040129-3181136865-233656314-1001) System: Microsoft Windows 10 Famille - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: Aspire VN7-592G - Acer - IdNumber: NHG7REF00164704C396600 - UUID: 95B57918-9424-A846-ABD8-17FFF9A23B8C Processor : X64 - 2304 Mhz - Intel(R) Core(TM) i5-6300HQ CPU @ 2.30GHz V1.11 - - Insyde Corp. - S/N: NHG7REF00164704C396600 - V1.11 - ACRSYS - 0 CoreTemp : 43 Celsius ----------| Quick ---------- | SoundDevice Technologie Intel® Smart Sound - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: INTELAUDIO\LINKTYPE_02&DEVTYPE_01&VEN_8086&DEV_AE20&SUBSYS_10251039&REV_10EC\5&33C0D245&0&0100 Realtek High Definition Audio(SST) - Status: OK - Manufacturer: Realtek - PNPDeviceID: INTELAUDIO\FUNC_01&VEN_10EC&DEV_0255&SUBSYS_10251039&REV_1000\4&34D7DDD7&0&0001 NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000 Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: INTELAUDIO\FUNC_01&VEN_8086&DEV_2809&SUBSYS_80860101&REV_1000\4&34D7DDD7&0&0201 ---------- | Video Intel(R) HD Graphics 530 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64,igd10iumd64,igd10iumd64,igd12umd64,igdumdim32,igd10iumd32,igd10iumd32,igd12umd32 - PNPDeviceID: PCI\VEN_8086&DEV_191B&SUBSYS_10391025&REV_06\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 NVIDIA GeForce GTX 960M - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvldumd.dll - PNPDeviceID: PCI\VEN_10DE&DEV_139B&SUBSYS_10391025&REV_A2\4&2B470B88&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 530 - DriverVersion: 21.20.16.4550 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84992 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42488 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\vorbis.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 1562432 - Manufacturer: HMS http://hp.vector.co.jp/authors/VA012897/ - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35208 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:13 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:0 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros QCA61x4A Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Connexion au réseau local* 12 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_10391025&REV_15\4&379E1BCD&0&00E3 Qualcomm Atheros QCA61x4A Wireless Network Adapter - Ethernet 802.3 - Qualcomm Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_003E&SUBSYS_080711AD&REV_32\4&C076A9D&0&00E0 Microsoft Wi-Fi Direct Virtual Adapter - - - Status: - PnPID : Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&1C08D0FF&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&1C08D0FF&0&2 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&35C3612F&1&12 Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE WAN Miniport (SSTP) - - - Status: - PnPID : WAN Miniport (IKEv2) - - - Status: - PnPID : WAN Miniport (L2TP) - - - Status: - PnPID : WAN Miniport (PPTP) - - - Status: - PnPID : WAN Miniport (PPPOE) - - - Status: - PnPID : WAN Miniport (IP) - - - Status: - PnPID : WAN Miniport (IPv6) - - - Status: - PnPID : WAN Miniport (Network Monitor) - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 8215 | Free (MB) : 5219 Pagefile = Total (MB) : 12278 | Free (MB) : 9246 Virtual = Total (MB) : 4194 | Free (MB) : 3930 Physical Memory 0 : Capacity: 8589934592 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: Kingston - PartNumber: ACR24D4S7S8MB-8 - S/N: 06421811 ---------- | SID Users Administrateur : [S-1-5-21-2851040129-3181136865-233656314-500] arthur : [S-1-5-21-2851040129-3181136865-233656314-1001] DefaultAccount : [S-1-5-21-2851040129-3181136865-233656314-503] defaultuser0 : [S-1-5-21-2851040129-3181136865-233656314-1000] Invité : [S-1-5-21-2851040129-3181136865-233656314-501] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Acer] | Total : 930.4 Go | Free : 687.42 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:] : Read:1,692,808 bytes/sec, Written:0 bytes/sec Max Read:1,692,808 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:1,692,808 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST1000LM024_HN-M\4&2E652CFA&0&020000 ---------- | Windows updates Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows (Notification Mode) ---------- | Browsers IE : 11.0.15063.0 (© Microsoft Corporation. Tous droits réservés.) FF : 54.0.1.6388 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 59.0.3071.115 (Copyright 2016 Google Inc.) Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "" ---------- | FlashPlayer FlashPlayer ActiveX : 26.0.0.137 FlashPlayer Plugin : 26.0.0.137 ---------- | Security AV : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 496 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.15063.0) = C:\Windows\System32\smss.exe [18/03/2017 22:57:38] CPU Usage:0 % 644 | [Owner : Système | Parent : 596() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 22:57:38] CPU Usage:0 % 760 | [Owner : Système | Parent : 596() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.15063.483) = C:\Windows\System32\wininit.exe [12/07/2017 13:32:10] CPU Usage:0 % 772 | [Owner : Système | Parent : 752() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 22:57:38] CPU Usage:0 % 840 | [Owner : Système | Parent : 760(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.15063.0) = C:\Windows\System32\services.exe [18/03/2017 22:57:39] CPU Usage:0 % 848 | [Owner : Système | Parent : 760(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.15063.483) = C:\Windows\System32\lsass.exe [12/07/2017 13:32:29] CPU Usage:0 % 948 | [Owner : Système | Parent : 752() | 10.22 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.15063.483) = C:\Windows\System32\winlogon.exe [12/07/2017 13:32:25] CPU Usage:0 % 392 | [Owner : Système | Parent : 840(services.exe) | 3.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 448 | [Owner : UMFD-0 | Parent : 760(wininit.exe) | 4.04 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe [12/07/2017 13:31:57] CPU Usage:0 % 444 | [Owner : UMFD-1 | Parent : 948(winlogon.exe) | 6.48 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe [12/07/2017 13:31:57] CPU Usage:0 % 608 | [Owner : Système | Parent : 840(services.exe) | 27.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1040 | [Owner : SERVICE RÉSEAU | Parent : 840(services.exe) | 11.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1092 | [Owner : Système | Parent : 840(services.exe) | 6.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1160 | [Owner : DWM-1 | Parent : 948(winlogon.exe) | 66.02 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.15063.0) = C:\Windows\System32\dwm.exe [18/03/2017 22:58:21] CPU Usage:0 % 1216 | [Owner : Système | Parent : 840(services.exe) | 7.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1248 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 10.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1300 | [Owner : Système | Parent : 840(services.exe) | 9.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1320 | [Owner : Système | Parent : 840(services.exe) | 16.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1400 | [Owner : Système | Parent : 840(services.exe) | 10.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1408 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 10.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1516 | [Owner : Système | Parent : 840(services.exe) | 8.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1564 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 17.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1604 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 8.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1640 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 7.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1688 | [Owner : SERVICE RÉSEAU | Parent : 840(services.exe) | 11.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1708 | [Owner : Système | Parent : 840(services.exe) | 6.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1748 | [Owner : SERVICE LOCAL | Parent : 1708(svchost.exe) | 5.19 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe [18/03/2017 22:57:46] CPU Usage:0 % 1824 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 9.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1860 | [Owner : Système | Parent : 840(services.exe) | 10.83 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [31/05/2017 23:36:43] CPU Usage:0 % 1936 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 7.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1964 | [Owner : Système | Parent : 840(services.exe) | 5.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1972 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 7.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2032 | [Owner : Système | Parent : 1860(NVDisplay.Container.exe) | 24.94 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [31/05/2017 23:36:43] CPU Usage:0 % 2072 | [Owner : Système | Parent : 840(services.exe) | 8.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2096 | [Owner : Système | Parent : 840(services.exe) | 7.99 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4550) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe [23/11/2016 02:59:26] CPU Usage:0 % 2128 | [Owner : Système | Parent : 840(services.exe) | 7.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2136 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 6.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2236 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 11.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2356 | [Owner : SERVICE RÉSEAU | Parent : 840(services.exe) | 7.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2364 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 6.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2372 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 13.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2452 | [Owner : Système | Parent : 840(services.exe) | 10.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2608 | [Owner : Système | Parent : 840(services.exe) | 16.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2688 | [Owner : Système | Parent : 840(services.exe) | 11.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2724 | [Owner : Système | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2744 | [Owner : Système | Parent : 840(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (17.5.3585.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [24/07/2017 23:53:47] CPU Usage:6 % 2948 | [Owner : Système | Parent : 840(services.exe) | 14.51 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe [18/03/2017 22:58:24] CPU Usage:0 % 3000 | [Owner : Système | Parent : 840(services.exe) | 5.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2088 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 20.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 2444 | [Owner : SERVICE RÉSEAU | Parent : 840(services.exe) | 7.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3196 | [Owner : Système | Parent : 840(services.exe) | 24.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3204 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 6.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3212 | [Owner : SERVICE RÉSEAU | Parent : 840(services.exe) | 12.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3224 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 16.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3244 | [Owner : Système | Parent : 840(services.exe) | 7.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3304 | [Owner : Système | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.483) = C:\Windows\System32\SecurityHealthService.exe [12/07/2017 13:33:42] CPU Usage:0 % 3312 | [Owner : Système | Parent : 840(services.exe) | 77.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:6 % 3320 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 8.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3344 | [Owner : Système | Parent : 840(services.exe) | 17.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3356 | [Owner : Système | Parent : 840(services.exe) | 5.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3372 | [Owner : Système | Parent : 840(services.exe) | 17.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3468 | [Owner : Système | Parent : 840(services.exe) | 3.36 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [19/05/2015 10:11:04] CPU Usage:0 % 3512 | [Owner : Système | Parent : 840(services.exe) | 8.17 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (6.1.7600.16385) = C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [05/08/2016 08:47:06] CPU Usage:0 % 3544 | [Owner : Système | Parent : 840(services.exe) | 10.78 Mo] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [26/11/2016 02:49:41] CPU Usage:0 % 3560 | [Owner : Système | Parent : 840(services.exe) | 21.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3692 | [Owner : Système | Parent : 840(services.exe) | 13.39 Mo] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.11.4.0) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [26/11/2016 02:49:48] CPU Usage:0 % 3800 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 5.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3828 | [Owner : Système | Parent : 840(services.exe) | 31.24 Mo] - (.Intel(R) Corporation - Intel(R) RealSense(TM) Depth Camera Manager SR300 Service.) - (3.2.26.6137) = C:\Program Files (x86)\Common Files\Intel\RSDCM_SR300\bin\win32\RealSenseDCMSR300.exe [05/07/2016 19:32:34] CPU Usage:0 % 3968 | [Owner : Système | Parent : 840(services.exe) | 15.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4072 | [Owner : Système | Parent : 840(services.exe) | 3.66 Mo] - (.Acer Incorporated - CCD Monitor Service.) - (2.1.3007.0) = C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [26/11/2016 03:06:57] CPU Usage:0 % 3448 | [Owner : Système | Parent : 840(services.exe) | 9.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5024 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 19.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4916 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 9.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 1840 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 8.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4604 | [Owner : Système | Parent : 840(services.exe) | 10.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 3732 | [Owner : Système | Parent : 840(services.exe) | ?????] - (.AVAST Software s.r.o. - Avast Behavior Shield.) - (17.5.3.9168) = C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [24/07/2017 23:53:43] CPU Usage:0 % 4840 | [Owner : arthur | Parent : 1516(svchost.exe) | 24.12 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe [18/03/2017 22:58:10] CPU Usage:0 % 2380 | [Owner : arthur | Parent : 840(services.exe) | 12.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 660 | [Owner : arthur | Parent : 840(services.exe) | 25.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5040 | [Owner : Système | Parent : 840(services.exe) | 14.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 5292 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 24.6 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8795) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [30/05/2017 18:35:30] CPU Usage:0 % 5732 | [Owner : arthur | Parent : 1320(svchost.exe) | 16.66 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe [18/03/2017 22:57:57] CPU Usage:0 % 5904 | [Owner : arthur | Parent : 5800() | 100.94 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.447) = C:\Windows\explorer.exe [12/07/2017 13:32:23] CPU Usage:0 % 6048 | [Owner : Système | Parent : 840(services.exe) | 8.01 Mo] - (.Acer Incorporated - QASvc.) - (2.1.3007.0) = C:\Program Files\Acer\Acer Quick Access\QASvc.exe [29/07/2016 11:57:00] CPU Usage:0 % 6136 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 7.33 Mo] - (.Acer Incorporated - QALSvc.) - (2.1.3007.0) = C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [29/07/2016 11:57:00] CPU Usage:0 % 3052 | [Owner : Système | Parent : 608(svchost.exe) | 9.89 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 22:58:01] CPU Usage:0 % 4536 | [Owner : arthur | Parent : 6044() | 28.18 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4550) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe [23/11/2016 03:00:06] CPU Usage:0 % 3888 | [Owner : arthur | Parent : 2032(NVDisplay.Container.exe) | 12.8 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.8205) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [30/05/2017 17:53:06] CPU Usage:0 % 5632 | [Owner : arthur | Parent : 1320(svchost.exe) | 0.8 Mo] - (.Acer Incorporated - Acer Collection Monitor.) - (1.0.0.3004) = C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [02/03/2017 16:31:30] CPU Usage:0 % 1312 | [Owner : arthur | Parent : 2032(NVDisplay.Container.exe) | 14.8 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.8205) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [30/05/2017 17:53:06] CPU Usage:0 % 6172 | [Owner : arthur | Parent : 608(svchost.exe) | 63.32 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [18/03/2017 22:56:41] CPU Usage:0 % 6216 | [Owner : arthur | Parent : 608(svchost.exe) | 87.1 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [14/06/2017 00:18:38] CPU Usage:0 % 6316 | [Owner : arthur | Parent : 3888(nvtray.exe) | 18.15 Mo] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.16.6.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [26/11/2016 02:49:43] CPU Usage:0 % 6636 | [Owner : arthur | Parent : 608(svchost.exe) | 38.99 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe [18/03/2017 22:58:01] CPU Usage:0 % 6696 | [Owner : Système | Parent : 840(services.exe) | 6.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 6820 | [Owner : Système | Parent : 840(services.exe) | 17.4 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe [14/06/2017 00:19:14] CPU Usage:0 % 6944 | [Owner : arthur | Parent : 5976() | 0.84 Mo] - (.Acer Incorporated - QAAgent.) - (2.1.3007.0) = C:\Program Files\Acer\Acer Quick Access\QAAgent.exe [29/07/2016 11:57:02] CPU Usage:0 % 7116 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 10.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4512 | [Owner : SERVICE RÉSEAU | Parent : 608(svchost.exe) | 15.51 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 22:58:01] CPU Usage:0 % 3272 | [Owner : Système | Parent : 840(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 7852 | [Owner : arthur | Parent : 1320(svchost.exe) | 3.75 Mo] - (.- FubTracking.) - (1.0.0.0) = C:\OEM\Preload\FubTool\FubTool.exe [26/11/2016 03:27:44] CPU Usage:0 % 7980 | [Owner : Système | Parent : 840(services.exe) | 42.11 Mo] - (.- DolbyDAX2API.) - (0.7.2.61) = C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [18/07/2016 10:39:28] CPU Usage:0 % 6916 | [Owner : arthur | Parent : 608(svchost.exe) | 31.94 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.332) = C:\Windows\System32\smartscreen.exe [14/06/2017 00:18:17] CPU Usage:0 % 5460 | [Owner : Système | Parent : 6048(QASvc.exe) | 17.63 Mo] - (.Acer Incorporated - QAAdminAgent.) - (2.1.3007.0) = C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe [29/07/2016 11:57:02] CPU Usage:0 % 6120 | [Owner : Système | Parent : 6048(QASvc.exe) | 7.97 Mo] - (.Acer Incorporated - QALockHandler.) - (2.1.3007.0) = C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe [29/07/2016 11:57:00] CPU Usage:0 % 5624 | [Owner : Système | Parent : 608(svchost.exe) | 6.65 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.15063.0) = C:\Windows\System32\wbem\unsecapp.exe [18/03/2017 22:57:50] CPU Usage:0 % 7916 | [Owner : arthur | Parent : 5904(explorer.exe) | 8.98 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe [18/03/2017 22:56:44] CPU Usage:0 % 5568 | [Owner : Système | Parent : 608(svchost.exe) | 8.63 Mo] - (.Intel Corporation - igfxext Module.) - (6.15.10.4550) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxext.exe [23/11/2016 03:00:26] CPU Usage:0 % 7992 | [Owner : arthur | Parent : 5904(explorer.exe) | 15.28 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1020) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [26/11/2016 02:27:55] CPU Usage:0 % 7644 | [Owner : Système | Parent : 608(svchost.exe) | 6.7 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.15063.0) = C:\Windows\System32\wbem\unsecapp.exe [18/03/2017 22:57:50] CPU Usage:0 % 7368 | [Owner : arthur | Parent : 5904(explorer.exe) | 14.34 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.246) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [26/11/2016 02:27:55] CPU Usage:0 % 7504 | [Owner : Système | Parent : 840(services.exe) | 5.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 7640 | [Owner : arthur | Parent : 5904(explorer.exe) | 11.32 Mo] - (.-.) - (0.7.2.62) = C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [24/06/2016 01:33:26] CPU Usage:0 % 7572 | [Owner : arthur | Parent : 3404() | 27.6 Mo] - (.AVAST Software - Avast Antivirus.) - (17.5.3585.182) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [24/07/2017 23:53:58] CPU Usage:0 % 5324 | [Owner : arthur | Parent : 5904(explorer.exe) | 31.7 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6943.625) = C:\Users\arthur\AppData\Local\Microsoft\OneDrive\OneDrive.exe [06/01/2017 18:34:04] CPU Usage:0 % 6588 | [Owner : arthur | Parent : 1320(svchost.exe) | 3.56 Mo] - (.Acer Incorporated - Background Agent.) - (1.0.1.7) = C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [30/08/2016 16:09:52] CPU Usage:0 % 7544 | [Owner : arthur | Parent : 1320(svchost.exe) | 16.11 Mo] - (.- ACCStd.) - (2.1.8019.0) = C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [24/05/2017 20:11:58] CPU Usage:0 % 6600 | [Owner : arthur | Parent : 1320(svchost.exe) | 21.52 Mo] - (.Acer Incorporated - ePowerButton_NB.) - (2.1.3007.0) = C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [29/07/2016 11:57:02] CPU Usage:0 % 5456 | [Owner : arthur | Parent : 1320(svchost.exe) | 43.24 Mo] - (.- Acer Collection.) - (1.1.3006.0) = C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [02/03/2017 20:18:28] CPU Usage:0 % 6752 | [Owner : arthur | Parent : 1320(svchost.exe) | 5.71 Mo] - (.SweetLabs, Inc - Host App Service Updater.) - (1.0.0.0) = C:\Users\arthur\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [14/07/2017 12:12:02] CPU Usage:0 % 7440 | [Owner : arthur | Parent : 1320(svchost.exe) | 7.84 Mo] - (.Acer - Acer Portal.) - (3.0.12.2004) = C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [09/09/2016 12:00:40] CPU Usage:0 % 6084 | [Owner : SERVICE LOCAL | Parent : 840(services.exe) | 5.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 9836 | [Owner : Système | Parent : 840(services.exe) | 31.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 9968 | [Owner : arthur | Parent : 608(svchost.exe) | 14.23 Mo] - (.Microsoft Corporation - InstallAgent.) - (10.0.15063.447) = C:\Windows\System32\InstallAgent.exe [12/07/2017 13:33:09] CPU Usage:0 % 10164 | [Owner : Système | Parent : 840(services.exe) | 9.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 10200 | [Owner : arthur | Parent : 840(services.exe) | 11.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 4376 | [Owner : Système | Parent : 840(services.exe) | 15.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 9908 | [Owner : Système | Parent : 4072(CCDMonitorService.exe) | 14.8 Mo] - (.Acer Cloud Technology - AcerCloud Client.) - (0.0.0.0) = C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe [07/01/2017 15:03:26] CPU Usage:0 % 860 | [Owner : Système | Parent : 9908(ccd.exe) | 5.66 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe [18/03/2017 22:57:35] CPU Usage:0 % 8836 | [Owner : arthur | Parent : 5904(explorer.exe) | 504.18 Mo] - (.Mozilla Corporation - Firefox.) - (54.0.1.6388) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [12/01/2017 19:17:41] CPU Usage:4 % 11092 | [Owner : Système | Parent : 840(services.exe) | 14.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 8508 | [Owner : Système | Parent : 840(services.exe) | 38.55 Mo] - (.acer - UEIPSvc.) - (3.2.3001.0) = C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [27/05/2016 16:42:38] CPU Usage:0 % 8208 | [Owner : arthur | Parent : 8508(UBTService.exe) | 15.43 Mo] - (.TODO: - AppMonitorPlugIn.) - (3.2.3001.0) = C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe [27/05/2016 16:42:40] CPU Usage:0 % 8432 | [Owner : Système | Parent : 840(services.exe) | 6.26 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.0.1169) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [19/09/2015 00:35:16] CPU Usage:0 % 10236 | [Owner : Système | Parent : 11004() | 0.72 Mo] - (.Google Inc. - Programme d'installation de Google.) - (1.3.32.7) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22/01/2017 20:16:55] CPU Usage:0 % 6620 | [Owner : Système | Parent : 840(services.exe) | 12.19 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.0.0.1169) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [19/09/2015 00:34:26] CPU Usage:0 % 9332 | [Owner : Système | Parent : 840(services.exe) | 33.22 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8229.2086) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [26/11/2016 01:53:55] CPU Usage:0 % 7728 | [Owner : arthur | Parent : 7572(AvastUI.exe) | 6.83 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.15063.0) = C:\Windows\SysWOW64\ctfmon.exe [18/03/2017 22:58:59] CPU Usage:0 % 7836 | [Owner : Système | Parent : 840(services.exe) | 8.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 10228 | [Owner : Système | Parent : 840(services.exe) | 14.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % 8900 | [Owner : SERVICE LOCAL | Parent : 2236(svchost.exe) | 15.2 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.15063.447) = C:\Windows\System32\audiodg.exe [12/07/2017 13:31:23] CPU Usage:0 % 7520 | [Owner : arthur | Parent : 5904(explorer.exe) | 41.05 Mo] - (.SosVirus - QuickDiag.) - (1.7.17.1) = C:\Users\arthur\Downloads\QuickDiag.exe [25/07/2017 19:26:31] CPU Usage:0 % 3180 | [Owner : SERVICE RÉSEAU | Parent : 608(svchost.exe) | 9.73 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [18/03/2017 22:58:50] CPU Usage:0 % ---------- | MD5 [MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [12/07/2017 13:32:23] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4733.81 Ko] - (10.0.15063.447) : C:\WINDOWS\Explorer.exe [MD5.94912C1D73ADE68F2486ED4D8EA82DE6] - [18/03/2017 22:57:50] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [265.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\cmd.exe [MD5.31E45CAA8E7035ECD47E96A7377BE975] - [18/03/2017 22:57:38] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.28 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\csrss.exe [MD5.2D29C0AFCC8225AFF6637F7362C22960] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - COM Surrogate.) - [20.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\dllhost.exe [MD5.90224339656D3CFEC43150209B4CD38E] - [30/05/2017 18:43:45] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [692.1 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\Kernel32.dll [MD5.9936F9E94C6E3F47A158D7BFF020575A] - [12/07/2017 13:32:29] - (.© Microsoft Corporation. - Local Security Authority Process.) - [57.12 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\lsass.exe [MD5.0E79A4C76CAAA0CFE9CA42C13E5AA086] - [30/05/2017 18:43:42] - (.© Microsoft Corporation. - Distributed COM Services.) - [1060 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\rpcss.dll [MD5.ECB702B8C5650381C0784F1EEABB97BC] - [18/03/2017 22:58:29] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [67 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\rundll32.exe [MD5.800D00D1A7ADA9E341CACDF287347584] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [515.6 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\services.exe [MD5.3120B24060924F9B94182A1432B2D7F9] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [46.55 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\svchost.exe [MD5.9F67071B597A3CCC8C11CE761CE88B04] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1313.56 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\user32.dll [MD5.46B72E05D0B9F489CA60DBD7361039B0] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\userinit.exe [MD5.B2DB5876B6F68D32E470F691C7088F3F] - [12/07/2017 13:32:10] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [310.77 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\Wininit.exe [MD5.31E3287EF6D97C5864A301CEA75BBBA1] - [12/07/2017 13:32:25] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [690 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\Winlogon.exe [MD5.AC1928C2F7505BD556C552F153B062AB] - [18/03/2017 22:57:36] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [596.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.01733BEEE02E51F712330D5909BD701C] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [28.41 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.71CCAFFF7D5E64E3D07BD96F2B2898EF] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.ABE77AD954BC3D72F559CF0C381E50BC] - [18/03/2017 22:56:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.185A4519B7764F4DEF714D890A7A9FD2] - [18/03/2017 22:57:47] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - [12/07/2017 13:33:25] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84.5 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.C6C8315E3262FAE460529C6DA2951682] - [18/03/2017 22:56:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.DCC05E5EAA580C97F13B434FAFACED85] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - [18/03/2017 22:57:54] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [456.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.59F3D5FEF4A24871C07C279762DA8624] - [12/07/2017 13:32:30] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1213.41 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.30C2F67EC84EB11B22011620107E0325] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [298 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.8D72D5038C5F91AFEF1B160FE524C2D9] - [12/07/2017 13:32:13] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2272.91 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.2CC6C325B271C7CA60F374F8F868CB45] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.5279EC98F6218D29EADDFECCC0D80E9A] - [18/03/2017 22:58:07] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - [18/03/2017 22:59:55] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [179 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.DC0D1B5284152315F81894DAABBB2AF3] - [12/07/2017 13:33:14] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2618.91 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.892AB2637603A5E9507C39E61101C3C3] - [14/06/2017 00:18:58] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.91 Ko] - (10.0.15063.413) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.E3429DBBEA3965BB96E24B16EF4A2551] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [387.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (21.20.16.4550) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igd10iumd64.dll (.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (21.20.16.4550) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igc64.dll (.AVAST Software.-.Avast Shell Extension.) - (17.5.3585.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 382.05.) - (22.21.13.8205) -- C:\WINDOWS\system32\nvapi64.dll (.NVIDIA Corporation.-.NVIDIA French language resource library.) - (8.17.13.8205) -- C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.8205) -- C:\WINDOWS\system32\nv3dappshext.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.15.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.NVIDIA Corporation.-.NVIDIA Capture Server Proxy.) - (2.11.4.0) -- C:\WINDOWS\system32\nvspcap64.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 382.05.) - (22.21.13.8205) -- C:\WINDOWS\system32\nvapi64.dll (.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (21.20.16.4550) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igc64.dll (.AVAST Software s.r.o..-.Hook Library.) - (17.5.3.9168) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\SOFTWARE\...\Run]) - User: LAPTOP-K47H04LB\defaultuser0 OneDrive - ("C:\Users\arthur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\...\Run]) - User: LAPTOP-K47H04LB\arthur Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\...\Run]) - User: LAPTOP-K47H04LB\arthur CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\...\Run]) - User: LAPTOP-K47H04LB\arthur SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg_Dolby - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [HKLM\SOFTWARE\...\Run]) - User: Public NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\SOFTWARE\...\Run]) - User: Public ShadowPlay - ("C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public DAX2_APP - (C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe -Hide [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"=C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"=%ProgramFiles%\Windows Mail\wab.exe /Upgrade [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"= "IsMRUEstablished"=4294967295 "LegacyDefaultPrinterMode"=4294967295 [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\arthur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "CCleaner Monitoring"=0x0300000070A7330ABEE5D201 "Steam"=0x030000008046910CBEE5D201 [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Microsoft Print to PDF,winspool,Ne01: "IsMRUEstablished"=0 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui "DAX2_APP"=C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe -Hide [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x040000000000000000000000 "RTHDVCPL"=0x040000000000000000000000 "RtHDVBg_Dolby"=0x040000000000000000000000 "WindowsDefender"=0x040000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D2A02A4539A47C [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List ACC ACCAgent ACCBackgroundApplication Acer Collection Application Acer Collection Monitor Application AcerCloud AcerCMUpdateTask2.1.16258 Adobe Flash Player Updater App Explorer Avast Emergency Update BacKGroundAgent CCleanerSkipUAC FubToolByPLD GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-2851040129-3181136865-233656314-1001 Power Button Quick Access SafeZone scheduled Autoupdate 1485109088 Software Update Application UbtFrameworkService ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=e11a9e49-d908-427c-8706-f72ecaa "GlassSessionId"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ClearTempFiles"=1 [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=6 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [06/01/2017 18:27:37] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=848 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Windows\Web\Wallpaper\Windows\img0.jpg [18/03/2017 22:56:56] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E3E038012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301002B73030080070000B0040000C1AF623A57DFD10143003A005C00570069006E0064006F00770073005C005700650062005C00570061006C006C00700061007000650072005C00570069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\arthur\Downloads\yaa6sp.jpeg [07/01/2017 19:48:24] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=0 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E5E078012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100C6940D00000A0000A005000052B0D5510E69D20143003A005C00550073006500720073005C006100720074006800750072005C0044006F0077006E006C006F006100640073005C007900610061003600730070002E006A00700065006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "LockScreenAutoLockActive"=0 "Pattern Upgrade"=TRUE "ScreenSaverIsSecure"=0 "ScreenSaveTimeOut"=60 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003C28000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=1 "GlobalAssocChangedCounter"=76 "AppReadinessLogonComplete"=1 "FirstRunTelemetryComplete"=1 "SlowContextMenuEntries"=0x0114020000000000C00000000000004624070000FB9A790967ADD111ABCD00C04FC30936C3040000D3EFA9CCED290A43BA6DE6BBFF0A60C269060000CEC429A936FD7042B4F534ECAC5BD63C0B060000AF75193DC6488E4FA182BE0E08FA86A95F050000 [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x05976E5900000000 "ReindexedProfile"=1 "TaskbarSizeMove"=1 "ShowTaskViewButton"=0 "TaskbarBadges"=1 "TaskbarAutoHideInTabletMode"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=4 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=2 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=15063 "FirstLogon"=0 "PUUActive"=0x3A3934BC010005001400160198EC0D00CEDB1000A5B81600D100000002000F00A34693EC78AB490003C514008A5B070097F7060004F5000077F20000836A12002C150000A1060000ECA9A0576A05D30198EC0D00000000000100000000000000 "DP"=0xCE0058006E000500140000003A3934BC0000000000000000ECA9A0576A05D301ECA9A0576A05D301000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "LastLogOffEndTimePerfCounter"=784487691347 "ShutdownFlags"=39 "Userinit"=C:\Windows\system32\userinit.exe, "scremoveoption"=0 "AutoAdminLogon"=0 "DefaultUserName"=arthur "IsConnectedAutoLogon"=0 "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [20/03/2017 07:10:48] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [20/03/2017 07:10:48] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser ---------- | AppcompatFlags [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files\Acer\Acer Quick Access\QAAgent.exe"=0x5341435001000000000000000700000028000000A0DD0600E102070001000000000000000000000A73220000D5B3B31A57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000009DE60200000000000100000001000000 [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\OEM\Preload\DPOP\OEMCustomize\FirstBoot.cmd"=0x5341435001000000000000000700000028000000008E0300E25F040001000000000000000000010500100000D5B3B31A57DFD1010000000000000000 "C:\Program Files\Acer\Acer Quick Access\QAAgent.exe"=0x5341435001000000000000000700000028000000A0DD0600E102070001000000000000000000000A73220000E78E163C2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D6BAF333000000003F0000003F000000 "C:\OEM\Preload\Autorun\CheckFiles.exe"=0x5341435001000000000000000700000028000000207A0D00AD780E000100000000000000000000067100000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B4090000000000000100000001000000 "C:\Users\arthur\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0BA02005C1F030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\arthur\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\arthur\Downloads\Battle.net-Setup.exe"=0x5341435001000000000000000700000028000000F0B52F003B50300001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000011613A00000000000100000001000000 "C:\Users\arthur\Downloads\SteamSetup.exe"=0x534143500100000000000000070000002800000088131600052B160001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000002310000000000000100000001000000 "C:\Program Files\WindowsApps\Booking.com_1.0.1606.2210_x64__96rgg7pjt343r\Setup\CentennialWeb.exe"=0x5341435001000000000000000700000028000000001600000000000001000000000000000000000AF3220000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000703E0000000000000900000009000000 "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe"=0x5341435001000000000000000700000028000000E8A32F00535E300001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000080000000000000000000000000000000000000001B634001000000000300000003000000 "C:\Users\arthur\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_fr.exe"=0x534143500100000000000000070000002800000066CAE3070000000001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000ECD10200000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600A653960001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000100000000000000000000000000000000014200C01000000000400000004000000 "C:\Users\arthur\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601002029020001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000A2FD706000000001200000012000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000C0A61D008D841E0001000000000000000000000A0021000033504C2B57DFD1010000009100000000 "C:\Program Files (x86)\Steam\bin\steamservice.exe"=0x5341435001000000000000000700000028000000205716001292160001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000006F060200000000000500000005000000 "C:\Users\arthur\Downloads\avast_free_antivirus_setup_online.exe"=0x534143500100000000000000070000002800000080A96000747E610001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000052600300000000000100000001000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x534143500100000000000000070000002800000068EA8A0013388B0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A9030000000000000100000001000000 "C:\Program Files (x86)\McAfee\SiteAdvisor\uninstall.exe"=0x534143500100000000000000070000002800000088060F00EB400F0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000003B2E0F00000000000200000002000000 "C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\Warhammer.exe"=0x534143500100000000000000070000002800000000DACA060000000001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000010000030000000000000000000000000000000001D4C0000000000000100000001000000 "C:\Users\arthur\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files (x86)\Acer\Acer Collection\LaunchUWPService.exe"=0x534143500100000000000000070000002800000030B704002434050001000000000000000000000AF5220000E63F486B2AA0D2010000000000000000020000002800000000000000800000000000000000000000000000000000000077D40000000000002900000029000000 "C:\Users\arthur\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100B8B0010001000000000000000000000A73220000D5B3B31A57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000076090000000000000200000002000000 "C:\Users\arthur\Downloads\flashplayer24_xa_install.exe"=0x534143500100000000000000070000002800000068541200695F120001000000000000000000000A0021000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000007D220000000000000100000001000000 "C:\Users\arthur\Downloads\flashplayer25_ka_install.exe"=0x534143500100000000000000070000002800000008581200A9F7120001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A0901C00000000000100000001000000 "C:\Users\arthur\Downloads\flstudio_12-4-1.exe"=0x5341435001000000000000000700000028000000389E32284B6933280100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000AC040800000000000200000002000000 "C:\Program Files (x86)\Image-Line\FL Studio 12\FL.exe"=0x534143500100000000000000070000002800000040FB0500CDC706000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000048C1700000000000100000001000000 "C:\Users\arthur\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\StarCraft II\StarCraft II.exe"=0x5341435001000000000000000700000028000000E89D3500C47F360001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000078D3D62C000000000300000003000000 "C:\Users\arthur\Downloads\CCleaner531.exe"=0x5341435001000000000000000700000028000000D8854400BAEB440001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000009D9EC300000000000100000001000000 "C:\Users\arthur\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8F3070014AF080001000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Acer\Freedome VPN (source)\StartAWC.exe"=0x5341435001000000000000000700000028000000A03F000018FA000001000000000000000000000AF5220000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000008F240000000000000100000001000000 "C:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020BB2E006E9F2F0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B0D50D00000000004000000040000000 "C:\Users\arthur\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D0F2A6017F93A70101000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\arthur\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D89895005B53960001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B1070000000000000200000002000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000584712001E19130001000000000000000000000A00210000E78E163C2AA0D2010000000100000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000C0504300150E440001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000ADB80100000000000100000001000000 "C:\Users\arthur\Downloads\QuickDiag.exe"=0x5341435001000000000000000700000028000000A83547001933480001000000000000000000000A00210000E63F486B2AA0D2010000000000000000 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"=32 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131406350859574406 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "TrustedImageIdentifier"=POP01S0063X81C02-PAP010NK63X89C51 "ProductType"=2 "InstallTime"=0xA4F53C4B7547D201 "InstallLocation"=C:\Program Files\Windows Defender\ "ProductStatus"=0 "OOBEInstallTime"=0x8C724BA23A68D201 "DisableAntiVirus"=1 "ManagedDefenderProductType"=0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [172.217.19.238] avec 32 octets de donn?es?: R?ponse de 172.217.19.238?: octets=32 temps=36 ms TTL=54 R?ponse de 172.217.19.238?: octets=32 temps=34 ms TTL=54 R?ponse de 172.217.19.238?: octets=32 temps=36 ms TTL=54 R?ponse de 172.217.19.238?: octets=32 temps=35 ms TTL=54 Statistiques Ping pour 172.217.19.238: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 34ms, Maximum = 36ms, Moyenne = 35ms ---------- | @ [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/5.0 (compatible; MSIE 9.0; Win32) "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://acer17win10.msn.com/?pc=ACTE "Default_Page_URL"=http://acer17win10.msn.com/?pc=ACTE "DisableFirstRunCustomize"=1 "ImageStoreRandomFolder"=56cgftc [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x3612AAC3C7D8D201 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy [HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies] ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSynced] - {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} -- C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [07/01/2017 15:02:21] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSyncing] - {C1E1456F-C2D8-4C96-870D-35F1E13941EE} -- C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [07/01/2017 15:02:21] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudToBeSynced] - {307523FA-DDC0-4068-983F-2A6B34627744} -- C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [07/01/2017 15:02:21] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [26/11/2016 01:56:43] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [26/11/2016 01:56:43] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [26/11/2016 01:56:43] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [24/07/2017 23:54:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [24/07/2017 23:54:00] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [18/03/2017 22:57:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSynced] - {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} -- C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [07/01/2017 15:02:21] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSyncing] - {C1E1456F-C2D8-4C96-870D-35F1E13941EE} -- C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [07/01/2017 15:02:21] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudToBeSynced] - {307523FA-DDC0-4068-983F-2A6B34627744} -- C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [07/01/2017 15:02:21] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={D7C06EFE-6C93-4F2D-9ADB-417D46392733} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={D7C06EFE-6C93-4F2D-9ADB-417D46392733} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7C06EFE-6C93-4F2D-9ADB-417D46392733}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{D7C06EFE-6C93-4F2D-9ADB-417D46392733}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> () : ---------- | Chrome C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\arthur\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox C:\Users\arthur\AppData\Roaming\Mozilla\Firefox\Profiles\tfk8syy7.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org : : Dictionnaire français - : http://www.dicollecte.org/ C:\Users\arthur\AppData\Roaming\Mozilla\Firefox\Profiles\tfk8syy7.default\Extensions\partnerdefaults@mozilla.com : : Mozilla Partner Defaults - : https://mozilla.com/ C:\Users\arthur\AppData\Roaming\Mozilla\Firefox\Profiles\tfk8syy7.default\Extensions\langpack-fr@firefox.mozilla.org.xpi C:\Users\arthur\AppData\Roaming\Mozilla\Firefox\Profiles\tfk8syy7.default\Extensions\sp@avast.com.xpi C:\Users\arthur\AppData\Roaming\Mozilla\Firefox\Profiles\tfk8syy7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.137 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.137 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll C:\Users\arthur\AppData\Roaming\Mozilla\Firefox\Profiles\tfk8syy7.default\Prefs.js user_pref("browser.search.defaultenginename", "Web Start Page"); user_pref("browser.search.selectedEngine", "Web Start Page"); user_pref("browser.startup.homepage", "www.google.com/"); user_pref("browser.startup.homepage_override.buildID", "20170628075643"); user_pref("browser.startup.homepage_override.mstone", "54.0.1"); user_pref("extensions.adblockplus.currentVersion", "2.9.1"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1501003363398,\"softExpiration\":1501008763402,\"hardExpiration\":1501078694486,\"data\":{\"notifications\":[],\"version\":\"201707241417\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":120}"); user_pref("extensions.blocklist.pingCountTotal", 144); user_pref("extensions.blocklist.pingCountVersion", 16); user_pref("extensions.bootstrappedAddons", "{\"partnerdefaults@mozilla.com\":{\"version\":\"1.0.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\extensions\\\\partnerdefaults@mozilla.com\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"fr-dicollecte@dictionaries.addons.mozilla.org\":{\"version\":\"6.0.2\",\"type\":\"dictionary\",\"descriptor\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\extensions\\\\fr-dicollecte@dictionaries.addons.mozilla.org\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":true},\"langpack-fr@firefox.mozilla.org\":{\"version\":\"54.0\",\"type\":\"locale\",\"descriptor\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\extensions\\\\langpack-fr@firefox.mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"followonsearch@mozilla.com\":{\"version\":\"0.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\features\\\\{302117ae-8aaa-4ab9-ba4a-c80890010f16}\\\\followonsearch@mozilla.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"shield-recipe-client@mozilla.org\":{\"version\":\"1.0.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\features\\\\{302117ae-8aaa-4ab9-ba4a-c80890010f16}\\\\shield-recipe-client@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.50\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getpocket.com\":{\"version\":\"1.0.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"aushelper@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"webcompat@mozilla.org\":{\"version\":\"1.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"screenshots@mozilla.org\":{\"version\":\"6.6.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}"); user_pref("extensions.databaseSchema", 19); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", false); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", true); user_pref("extensions.e10sMultiBlockedByAddons", true); user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0.1"); user_pref("extensions.followonsearch.cohortSample", "0.788267"); user_pref("extensions.getAddons.cache.lastUpdate", 1500927401); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20170302.01"); user_pref("extensions.installedDistroAddon.abb-acer@amazon.com", true); user_pref("extensions.installedDistroAddon.langpack-fr@firefox.mozilla.org", true); user_pref("extensions.installedDistroAddon.partnerdefaults@mozilla.com", true); user_pref("extensions.lastAppVersion", "54.0.1"); user_pref("extensions.lastPlatformVersion", "54.0.1"); user_pref("extensions.partnerdefaults.firstRunDate", "1483720821873"); user_pref("extensions.partnerdefaults.firstRunDone", true); user_pref("extensions.pendingOperations", false); user_pref("extensions.pocket.settings.test.panelSignUp", "v1"); user_pref("extensions.shield-recipe-client.api_url", "https://normandy.cdn.mozilla.net/api/v1"); user_pref("extensions.shield-recipe-client.dev_mode", false); user_pref("extensions.shield-recipe-client.enabled", true); user_pref("extensions.shield-recipe-client.logging.level", 50); user_pref("extensions.shield-recipe-client.startup_delay_seconds", 300); user_pref("extensions.shield-recipe-client.user_id", "63dd72cc-03c2-4ea5-ada2-4571c56d75a3"); user_pref("extensions.shownSelectionUI", true); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{302117ae-8aaa-4ab9-ba4a-c80890010f16}\",\"addons\":{\"followonsearch@mozilla.com\":{\"version\":\"0.9.1\"},\"shield-recipe-client@mozilla.org\":{\"version\":\"1.0.0\"}}}"); user_pref("extensions.ui.dictionary.hidden", false); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", false); user_pref("extensions.webextensions.uuids", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"7b3ed15b-f5f0-4e1d-bae6-a6cd118ae273\"}"); user_pref("extensions.xpiState", "{\"app-profile\":{\"fr-dicollecte@dictionaries.addons.mozilla.org\":{\"d\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\extensions\\\\fr-dicollecte@dictionaries.addons.mozilla.org\",\"e\":true,\"v\":\"6.0.2\",\"st\":1488566758454,\"mt\":1488566758419},\"langpack-fr@firefox.mozilla.org\":{\"d\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\extensions\\\\langpack-fr@firefox.mozilla.org.xpi\",\"e\":true,\"v\":\"54.0\",\"st\":1498077576316},\"partnerdefaults@mozilla.com\":{\"d\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\extensions\\\\partnerdefaults@mozilla.com\",\"e\":true,\"v\":\"1.0.1\",\"st\":1483720815881,\"mt\":1457063416000},\"sp@avast.com\":{\"d\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\extensions\\\\sp@avast.com.xpi\",\"e\":false,\"v\":\"12.0.222\",\"st\":1496248984972},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.9.1\",\"st\":1496872349591}},\"app-system-addons\":{\"followonsearch@mozilla.com\":{\"d\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\features\\\\{302117ae-8aaa-4ab9-ba4a-c80890010f16}\\\\followonsearch@mozilla.com.xpi\",\"e\":true,\"v\":\"0.9.1\",\"st\":1498988201159},\"shield-recipe-client@mozilla.org\":{\"d\":\"C:\\\\Users\\\\arthur\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tfk8syy7.default\\\\features\\\\{302117ae-8aaa-4ab9-ba4a-c80890010f16}\\\\shield-recipe-client@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0.0\",\"st\":1498988201243}},\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1498905350376},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.50\",\"st\":1498905350361},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.5\",\"st\":1498905350358},\"screenshots@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"e\":true,\"v\":\"6.6.0\",\"st\":1498077565048},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.1\",\"st\":1498905350337}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"54.0.1\",\"st\":1498905350386}}}"); [Profile0] - Name=default -> Profiles/tfk8syy7.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{049b60da-d63d-4ac5-9f36-3f9c932ce53d}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{e483ffe5-d392-44d9-9782-c4d92d90de44}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{049b60da-d63d-4ac5-9f36-3f9c932ce53d}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{e483ffe5-d392-44d9-9782-c4d92d90de44}] "DhcpNameServer"=192.168.0.254 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "Camera"=FrameS "DevicesFlow"=DevicesFlowUserSvc "smbsvcs"=lanmanserver browser [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) TokenBroker - %SystemRoot%\System32\TokenBroker.dll : %SystemRoot%\system32\svchost.exe -k netsvcs ---------- | Software [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\DashlaneUpgrade] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Google] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Host App Service] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Intel] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\McAfee] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\NVIDIA Corporation] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\OEM] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Piriform] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Policies] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\RegisteredApplications] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Acer] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\AMPLITUDE Studios] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\AppDataLow] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\AVAST Software] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Blizzard Entertainment] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\BugSplat] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Chromium] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Clients] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\F-Secure] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Google] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Host App Service] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Image-Line] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Intel] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Ludeon Studios] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Mozilla] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Netscape] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\ODBC] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\OEM] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\OpenOffice] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Piriform] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Policies] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\QtProject] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Realtek] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\RegisteredApplications] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\SoftVoice] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\sysinternals] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\The Creative Assembly] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Unity] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Valve] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Wow6432Node] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\acer] [HKLM\Software\AGEIA Technologies] [HKLM\Software\ASIO] [HKLM\Software\Atheros] [HKLM\Software\Clearfi] [HKLM\Software\Clients] [HKLM\Software\Dolby] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Image-Line] [HKLM\Software\Intel] [HKLM\Software\IPS] [HKLM\Software\Khronos] [HKLM\Software\Macromedia] [HKLM\Software\McAfee] [HKLM\Software\mcafeeupdater] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Propellerhead Software] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\SoftVoice] [HKLM\Software\SRS Labs] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\Waves Audio] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Blizzard Entertainment] [HKLM\Software\WOW6432Node\Clearfi] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Image-Line] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\mcafeeupdater] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\MimarSinan] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OEM] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\Propellerhead Software] [HKLM\Software\WOW6432Node\Qualcomm Atheros] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\SoftVoice] [HKLM\Software\WOW6432Node\SyncIntegrationClients] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | Drives ---------- | C: [16/07/2016 13:47:47] - |SHD| - [387] - C:\$Recycle.Bin [MD5.79B9D2263314FB764719CF6372B1D0C5] - [16/07/2016 14:58:18] - |RASH| - (.-.) - [384322] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [16/07/2016 14:58:19] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [26/05/2017 09:31:35] - |SHD| - [1116632] - C:\Config.Msi [07/01/2017 01:19:50] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/05/2017 18:05:56] - |ASH| - (.-.) - [3364786176] - (0.0.0.0) - C:\hiberfil.sys [26/11/2016 02:36:53] - |HD| - [189899] - C:\Intel [06/01/2017 18:45:10] - |D| - [186178] - C:\logs [05/10/2016 12:13:12] - |HD| - [391231344] - C:\OEM [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/11/2016 09:33:48] - |ASH| - (.-.) - [4160749568] - (0.0.0.0) - C:\pagefile.sys [18/03/2017 23:03:28] - |D| - [0] - C:\PerfLogs [18/03/2017 23:03:28] - |RD| - [5978642377] - C:\Program Files [18/03/2017 23:03:28] - |RD| - [144385271139] - C:\Program Files (x86) [18/03/2017 23:03:29] - |HD| - [2258822965] - C:\ProgramData [25/07/2017 19:27:37] - |D| - [262062] - C:\QuickDiag [MD5.1F9B5E1BC8F18007A7C26D7B69D5B531] - [25/07/2017 19:27:52] - |A| - (.-.) - [167663] - (0.0.0.0) - C:\QuickDiag.txt [26/11/2016 03:14:11] - |HD| - [3418892904] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/11/2016 01:39:31] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [26/11/2016 01:39:28] - |SHD| - [0] - C:\System Volume Information [18/03/2017 13:40:20] - |RD| - [87046817376] - C:\Users [18/03/2017 13:40:20] - |D| - [21580350793] - C:\Windows [30/05/2017 18:44:50] - |D| - [107179958] - C:\Windows.old ---------- | C:\WINDOWS [MD5.0D9BB7F139C6A8DE6C007781B788D4E0] - [26/11/2016 03:15:30] - |A| - (.-.) - [30626] - (0.0.0.0) - C:\WINDOWS\3DCAM.txt [MD5.A486C15BA34B4C23677AA34F47CE2C0D] - [26/11/2016 02:43:27] - |A| - (.-.) - [1078] - (0.0.0.0) - C:\WINDOWS\ACU.ico [18/03/2017 23:03:29] - |D| - [802] - C:\WINDOWS\addins [18/03/2017 23:03:29] - |D| - [14477261] - C:\WINDOWS\appcompat [18/03/2017 23:03:29] - |D| - [12467296] - C:\WINDOWS\AppPatch [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\AppReadiness [18/03/2017 23:03:28] - |RSD| - [927137618] - C:\WINDOWS\assembly [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [22/01/2017 20:13:48] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [18/03/2017 23:03:29] - |D| - [639657] - C:\WINDOWS\bcastdvr [MD5.293283CF350E00AF8C4A2770BDBF4D50] - [14/06/2017 00:18:04] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [64512] - (10.0.15063.413) - C:\WINDOWS\bfsvc.exe [18/03/2017 23:03:29] - |D| - [38058819] - C:\WINDOWS\Boot [MD5.4A4DB4357E17A4C4D38AFD3C4A76358E] - [30/05/2017 17:50:04] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [18/03/2017 23:03:29] - |D| - [2447960] - C:\WINDOWS\Branding [18/03/2017 22:51:24] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.993DE0684168CCB684711C7B2C0BDF78] - [26/11/2016 09:51:22] - |A| - (.-.) - [41] - (0.0.0.0) - C:\WINDOWS\ChangeLang_Done.tag [MD5.F471CF70EE6D49C5650A4D5295531435] - [20/03/2017 07:12:07] - |A| - (.-.) - [34390] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.D388EC634932E7E2AD61BE764566981D] - [26/11/2016 09:51:23] - |A| - (.-.) - [10] - (0.0.0.0) - C:\WINDOWS\CSUP.txt [18/03/2017 23:03:29] - |D| - [8970858] - C:\WINDOWS\Cursors [18/03/2017 23:03:29] - |D| - [2807729] - C:\WINDOWS\debug [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [30/05/2017 18:23:11] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [18/03/2017 23:03:29] - |D| - [4450554] - C:\WINDOWS\diagnostics [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [30/05/2017 18:23:11] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [20/03/2017 07:10:26] - |D| - [0] - C:\WINDOWS\DigitalLocker [18/03/2017 23:03:29] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [18/03/2017 23:03:29] - |HD| - [44632] - C:\WINDOWS\ELAMBKUP [20/03/2017 07:10:26] - |D| - [0] - C:\WINDOWS\en-US [MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [12/07/2017 13:32:23] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4847424] - (10.0.15063.447) - C:\WINDOWS\explorer.exe [18/03/2017 23:03:29] - |RSD| - [388337124] - C:\WINDOWS\Fonts [20/03/2017 07:10:26] - |D| - [109056] - C:\WINDOWS\fr-FR [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [18/03/2017 23:03:29] - |D| - [45967119] - C:\WINDOWS\Globalization [18/03/2017 23:03:29] - |D| - [71861792] - C:\WINDOWS\Help [MD5.E064A38A807C83ADC8AD9E1B54C85CF9] - [14/06/2017 00:18:31] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975360] - (10.0.15063.413) - C:\WINDOWS\HelpPane.exe [MD5.40CBB6FF53388188A2CDA538D5F26A59] - [18/03/2017 22:57:33] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.15063.0) - C:\WINDOWS\hh.exe [20/03/2017 07:11:49] - |D| - [14071088] - C:\WINDOWS\HoloShell [18/03/2017 23:03:29] - |D| - [173056880] - C:\WINDOWS\IME [18/03/2017 23:03:29] - |RD| - [8336344] - C:\WINDOWS\ImmersiveControlPanel [18/03/2017 23:01:21] - |D| - [78047784] - C:\WINDOWS\INF [18/03/2017 23:03:29] - |D| - [1553929630] - C:\WINDOWS\InfusedApps [18/03/2017 23:03:29] - |D| - [38340109] - C:\WINDOWS\InputMethod [18/03/2017 23:03:29] - |SHDC| - [519222568] - C:\WINDOWS\Installer [18/03/2017 23:03:29] - |D| - [94096] - C:\WINDOWS\L2Schemas [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\LiveKernelReports [18/03/2017 13:40:24] - |D| - [50700918] - C:\WINDOWS\Logs [18/03/2017 23:03:29] - |RSD| - [20316123] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [18/03/2017 22:57:03] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [18/03/2017 23:03:28] - |RD| - [818358507] - C:\WINDOWS\Microsoft.NET [18/03/2017 23:03:29] - |D| - [2751] - C:\WINDOWS\Migration [18/03/2017 23:03:29] - |RD| - [487308] - C:\WINDOWS\MiracastView [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\ModemLogs [26/11/2016 09:42:28] - |D| - [22573542] - C:\WINDOWS\NAPP_Dism_Log [MD5.F60A9D3A9461F68DE0FCCEBB0C6CB31A] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [246784] - (10.0.15063.0) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [10/02/2017 20:11:39] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [20/03/2017 07:11:22] - |D| - [199472] - C:\WINDOWS\OCR [06/01/2017 18:23:42] - |D| - [1827] - C:\WINDOWS\oem [18/03/2017 23:03:29] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [24/05/2017 19:11:03] - |DC| - [209774024] - C:\WINDOWS\Panther [18/03/2017 23:03:29] - |D| - [29321982] - C:\WINDOWS\Performance [MD5.7A27F343B6B6CE1E398C11A930C5BDDE] - [24/07/2017 23:55:49] - |A| - (.-.) - [1672] - (0.0.0.0) - C:\WINDOWS\PFRO.log [18/03/2017 23:03:29] - |D| - [1136442] - C:\WINDOWS\PLA [18/03/2017 23:03:29] - |D| - [2730616] - C:\WINDOWS\PolicyDefinitions [30/05/2017 17:49:08] - |D| - [19504416] - C:\WINDOWS\Prefetch [18/03/2017 23:03:29] - |RD| - [2168600] - C:\WINDOWS\PrintDialog [18/03/2017 23:03:29] - |D| - [2884514] - C:\WINDOWS\Provisioning [MD5.A3B1FC6C72EA944C2E1B359A19CB40AB] - [18/03/2017 22:57:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [321024] - (10.0.15063.0) - C:\WINDOWS\regedit.exe [18/03/2017 23:03:29] - |D| - [1095144] - C:\WINDOWS\Registration [18/03/2017 23:03:29] - |D| - [8686555] - C:\WINDOWS\rescache [18/03/2017 23:03:29] - |D| - [4374348] - C:\WINDOWS\Resources [MD5.51254CE041C5D011944C3E11D5A00608] - [26/11/2016 02:27:37] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2838232] - (1.0.6.8) - C:\WINDOWS\RtlExUpd.dll [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\SchCache [18/03/2017 23:03:29] - |D| - [121229] - C:\WINDOWS\schemas [18/03/2017 23:03:29] - |D| - [3489792] - C:\WINDOWS\security [30/05/2017 18:38:49] - |D| - [45583963] - C:\WINDOWS\ServiceProfiles [18/03/2017 13:40:20] - |D| - [76154078] - C:\WINDOWS\servicing [18/03/2017 23:06:43] - |D| - [42] - C:\WINDOWS\Setup [18/03/2017 23:03:29] - |D| - [41940992] - C:\WINDOWS\ShellExperiences [20/03/2017 07:11:06] - |D| - [3070736] - C:\WINDOWS\SKB [MD5.FB9372BC10F162645F64884A47B5F79D] - [06/06/2017 22:19:16] - |A| - (.-.) - [61304] - (8.0.4624.2183) - C:\WINDOWS\SMSS-PFRO47f5.tmp [26/11/2016 01:53:25] - |D| - [82911899] - C:\WINDOWS\SoftwareDistribution [18/03/2017 23:03:29] - |D| - [86037185] - C:\WINDOWS\Speech [18/03/2017 23:03:29] - |D| - [58890509] - C:\WINDOWS\Speech_OneCore [MD5.31F324879B791EBF76E0005D1ABDE10E] - [18/03/2017 22:58:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.15063.0) - C:\WINDOWS\splwow64.exe [MD5.C27F1EAE27B704D86873ADF7E944616D] - [11/01/2017 18:52:24] - |A| - (.-.) - [40] - (0.0.0.0) - C:\WINDOWS\spotify.preload [18/03/2017 23:03:29] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [16/07/2016 13:47:50] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [18/03/2017 13:40:20] - |D| - [7251351575] - C:\WINDOWS\System32 [18/03/2017 23:03:29] - |D| - [189919934] - C:\WINDOWS\SystemApps [18/03/2017 23:03:29] - |D| - [19463543] - C:\WINDOWS\SystemResources [18/03/2017 13:40:24] - |D| - [1590685433] - C:\WINDOWS\SysWOW64 [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\TAPI [16/07/2016 13:47:48] - |D| - [6] - C:\WINDOWS\Tasks [18/03/2017 23:03:29] - |D| - [762930] - C:\WINDOWS\Temp [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\tracing [18/03/2017 23:03:29] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.C0792EA1BA08CA6E6420C9BB8E14CB3E] - [18/03/2017 22:58:54] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [18/03/2017 23:03:29] - |D| - [12420] - C:\WINDOWS\Vss [18/03/2017 23:03:30] - |D| - [35402288] - C:\WINDOWS\Web [MD5.60CDAF0811BF825164C0E246F4F5620D] - [16/07/2016 13:47:50] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [18/03/2017 22:58:27] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [24/07/2017 23:05:00] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.6E6947D6368FA11E9146C4767F31286E] - [18/03/2017 22:58:42] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.15063.0) - C:\WINDOWS\winhlp32.exe [18/03/2017 13:40:20] - |D| - [6987154328] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [18/03/2017 22:56:51] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.ECEB16331FDDE0EBD7BE30BE085AD3D9] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.15063.0) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [02/09/2015 05:42:55] - C:\WINDOWS\Installer\105e9.msi : (DriverSetupUtility - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/10/2015 20:43:34] - C:\WINDOWS\Installer\105ed.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/01/2016 04:05:20] - C:\WINDOWS\Installer\105f1.msi : (Intel(R) Serial IO - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/07/2016 14:04:14] - C:\WINDOWS\Installer\11af5948.msi : (Intel® Software Guard Extensions Platform Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/05/2016 10:28:52] - C:\WINDOWS\Installer\12d76.msi : (User Experience Improvement Program - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/06/2016 15:24:52] - C:\WINDOWS\Installer\12d82.msi : ( - Acer) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 03:04:08] - C:\WINDOWS\Installer\12d86.msi : (Intel® RealSense™ SDK 2014 Runtime (x86): Core - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 03:04:08] - C:\WINDOWS\Installer\12d8a.msi : (Intel® RealSense™ SDK 2014 Runtime (x64): Core - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 03:04:08] - C:\WINDOWS\Installer\12d8e.msi : (Intel® RealSense™ SDK 2014 Runtime (x86): Dummy Core - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/07/2016 04:17:20] - C:\WINDOWS\Installer\12da2.msi : (Acer Configuration Manager - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/07/2016 05:22:58] - C:\WINDOWS\Installer\12da6.msi : (Quick Access - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2016 13:46:36] - C:\WINDOWS\Installer\174a1.msi : (Thunderbolt(TM) Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/01/2017 20:16:54] - C:\WINDOWS\Installer\1f507748.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:43:00] - C:\WINDOWS\Installer\30208.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/06/2017 06:19:02] - C:\WINDOWS\Installer\398fd3c8.msi : (Care Center - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2017 02:35:00] - C:\WINDOWS\Installer\3f56c4fa.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\42ffd.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Depth Camera Manager Service - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\43001.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ 3D camera SR300 IO module - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\43005.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ Depth Camera Manager Service - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\43009.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ 3D camera SR300 IO module - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\4300d.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera Virtual Bus Enumerator - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\43011.msi : (Intel® RealSense™ Depth Camera Manager Gold (x86): dptf_com - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\43015.msi : (Intel® RealSense™ Depth Camera Manager Gold (x64): dptf_com - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\43019.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera SR300 Virtual Driver - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\4301d.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera SR300 Source Provider - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2017 17:53:33] - C:\WINDOWS\Installer\43021.msi : (Intel® RealSense™ Depth Camera Manager Gold (x64): Intel® RealSense™ 3D camera ACPI driver - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/07/2016 20:06:08] - C:\WINDOWS\Installer\4e61b.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/06/2016 18:55:26] - C:\WINDOWS\Installer\4e620.msi : (Dolby Audio X2 Windows APP - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/05/2016 08:12:28] - C:\WINDOWS\Installer\6c979.msi : (abFiles - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/09/2016 12:07:46] - C:\WINDOWS\Installer\6ca0c.msi : ( - Acer) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/03/2017 14:25:33] - C:\WINDOWS\Installer\8a3dab24.msi : (Acer Collection - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/08/2016 12:11:10] - C:\WINDOWS\Installer\a16f0.msi : (abPhoto - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2016 05:04:13] - C:\WINDOWS\Installer\a2166.msi : (Acer Portal - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/08/2016 09:11:08] - C:\WINDOWS\Installer\a2185.msi : (AOP Framework - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2016 19:11:18] - C:\WINDOWS\Installer\b3623b7.msi : (OpenOffice 4.1.3 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/09/2015 00:38:20] - C:\WINDOWS\Installer\c566.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/09/2015 00:39:04] - C:\WINDOWS\Installer\c56a.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/09/2015 00:39:18] - C:\WINDOWS\Installer\c57c.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2015 18:27:22] - C:\WINDOWS\Installer\c580.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2015 02:25:00] - C:\WINDOWS\Installer\c584.msi : (Intel® Security Assist - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/07/2016 21:06:08] - C:\WINDOWS\Installer\c588.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5a0.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Depth Camera Manager Service - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5a4.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ 3D camera SR300 IO module - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5a8.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ Depth Camera Manager Service - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5ac.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ 3D camera SR300 IO module - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5b0.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera Virtual Bus Enumerator - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5b4.msi : (Intel® RealSense™ Depth Camera Manager Gold (x86): dptf_com - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5b8.msi : (Intel® RealSense™ Depth Camera Manager Gold (x64): dptf_com - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5bc.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera SR300 Virtual Driver - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5c0.msi : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera SR300 Source Provider - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:30:35] - C:\WINDOWS\Installer\c5c4.msi : (Intel® RealSense™ Depth Camera Manager Gold (x64): Intel® RealSense™ 3D camera ACPI driver - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/11/2016 02:22:51] - C:\WINDOWS\Installer\dfd5.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [18/03/2017 22:56:50] - [3458] - C:\WINDOWS\System32\ieuinit.inf [30/05/2017 18:14:06] - [2233842] - C:\WINDOWS\System32\PerfStringBackup.INI [18/03/2017 22:58:24] - [60124] - C:\WINDOWS\System32\tcpmon.ini [18/03/2017 22:57:50] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [18/03/2017 22:59:49] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [18/03/2017 22:58:48] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.A681527B9F23DD5F1A6C8D3F621E814E] - |A| - [18/03/2017 22:57:20] - (.-.) - [14.73 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb [MD5.5FDD24FAC55C4D679046EE4ECA3F7D46] - |A| - [12/07/2017 13:32:06] - (.-.) - [552.6 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [20/07/2017 22:07:38] - [316.28 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/07/2017 19:22:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.609_0SZBrowser_autoupdate.download.lock [MD5.70634151E4951ACC54278BA5E32D90FC] - |A| - [20/07/2017 23:05:44] - (.-.) - [371.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K47H04LB-20170720-2305.log [MD5.8B45C02D9A1FF53A39AA53F770909382] - |A| - [24/07/2017 16:19:38] - (.-.) - [6.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K47H04LB-20170724-1619.log [MD5.3E17A152261E4781D5FA90A1D9BFBB98] - |A| - [24/07/2017 16:29:54] - (.-.) - [7.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K47H04LB-20170724-1629.log [MD5.ED54DEB553B89F656D02D7BE9C5CFF59] - |A| - [24/07/2017 20:35:09] - (.-.) - [1.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K47H04LB-20170724-2035.log [MD5.7578DFBB4101993D0EE870E85C59BAD1] - |A| - [24/07/2017 21:39:38] - (.-.) - [7.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K47H04LB-20170724-2139.log [MD5.BAAFAF984F16F61F08F4D696950F49F2] - |A| - [25/07/2017 19:25:11] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K47H04LB-20170725-1925.log [MD5.694478E39EB1D2ACA38ADA5207960EA0] - |A| - [25/07/2017 19:25:12] - (.-.) - [10.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K47H04LB-20170725-1925a.log [MD5.4C1E056738BD3F0E69D70B8101A09A74] - |A| - [24/07/2017 23:14:23] - (.-.) - [1.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/07/2017 19:25:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201707251925122474).log [MD5.00000000000000000000000000000000] - |D| - [31/05/2017 19:48:18] - [26.29 Ko] - C:\WINDOWS\Temp\SafeZone Installer [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/07/2017 23:54:30] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\safezone_crashreporter.log [MD5.00000000000000000000000000000000] - |D| - [30/05/2017 18:07:24] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/07/2017 20:35:09] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{AA4000F6-6E31-4366-A931-66212089B425} - OProcSessId.dat [MD5.F7AD9A1A17052C6DACDB9CFF439C50A7] - |A| - [03/06/2016 06:18:31] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\$Acer$.cmd [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:57:42] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [18/03/2017 22:58:18] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [18/03/2017 22:57:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:17] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:21] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [18/03/2017 22:58:18] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [18/03/2017 22:57:53] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [18/03/2017 22:56:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:24] - [2979.4 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.E21E74D118E16FF9BA42A6F87F34E9B0] - |A| - [18/03/2017 22:57:00] - (.-.) - [435.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2480.52 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.7545F03BC8AFBB0DC54EB65F64B05047] - |A| - [24/07/2017 23:54:05] - (.Copyright (c) 2014 AVAST Software - Avast start-up scanner.) - [391.08 Ko] - (17.5.3585.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.EFFD0ABB4DDD2CCDD511F903D042AD5B] - |A| - [18/03/2017 22:57:05] - (.-.) - [77.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4546.61 Ko] - C:\WINDOWS\System32\Boot [MD5.B13766AFE48C3CF775F53CE90488F7DE] - |A| - [18/03/2017 22:57:03] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [90.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops [MD5.4B307488C9D3D1030DEC61FA4DAC7EE0] - |RA| - [18/03/2017 22:59:10] - (.-.) - [116.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureBrackets.hcp [MD5.DC112F4CFDF23AAF5CB0F46BE92CB1CE] - |RA| - [18/03/2017 22:59:10] - (.-.) - [122.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureCountdown.hcp [MD5.F80C2CB1D5A28528D662B0DDF440F0F3] - |RA| - [18/03/2017 22:59:10] - (.-.) - [17.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureToast.hcp [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [59025.23 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [33134.21 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [3106.63 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [357.5 Ko] - C:\WINDOWS\System32\Com [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [377844.4 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\System32\Configuration [MD5.0E7CCD69215CA3615CDF824D81D82D1B] - |A| - [22/11/2016 21:48:20] - (.-.) - [547.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.739F0F11C62C946AC86B146D0413A136] - |A| - [26/11/2016 02:27:43] - (.©Conexant Systems Inc. - Conexant APO.) - [1569.47 Ko] - (1.59.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.E8F46CB4914D141E835C9C7DEC6A9986] - |A| - [26/11/2016 02:27:43] - (.©Conexant Systems Inc. - Conexant MFX APO Proxy.) - [1493.3 Ko] - (1.2.0.0) - C:\WINDOWS\System32\CX64Proxy.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [295 Ko] - C:\WINDOWS\System32\da-DK [MD5.75BC227ACD70C906785DB11F853165E4] - |A| - [18/03/2017 22:58:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [30/05/2017 17:52:09] - [10260.68 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [190.86 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [333 Ko] - C:\WINDOWS\System32\de-DE [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [18/03/2017 22:57:05] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [18/03/2017 23:03:37] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [870 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.E82380D30048D73E4D4CB8C925F6E721] - |A| - [18/03/2017 22:57:58] - (.-.) - [90.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [7526.04 Ko] - C:\WINDOWS\System32\Dism [MD5.462321CE758F018AEAF724CDFCC18B31] - |A| - [20/08/2016 15:52:20] - (.-.) - [799.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab [MD5.EB5F8DCE4D5A383DF85A1AF8601DC9D1] - |A| - [26/11/2016 02:27:44] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1089.01 Ko] - (0.7.2.31) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.1ECF37AEFACF3B918A28D652CD18AF41] - |A| - [26/11/2016 02:27:44] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2381.88 Ko] - (0.7.2.31) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [1126.54 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:02:55] - [107578.42 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [3337268.25 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [159 Ko] - C:\WINDOWS\System32\dsc [MD5.B438E6C7A6C395E0C2B31E80112C3ACE] - |A| - [12/07/2017 13:32:14] - (.-.) - [31.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [329.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.F2F3DCFB588617AE34E59F1C13C2413F] - |A| - [30/05/2017 18:15:00] - (.-.) - [22.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [242.5 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2159.03 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [322 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [266 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [239 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [28452.16 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.0AC9AD669A97318E9EFA28AD4A2AFFC0] - |A| - [30/05/2017 17:48:22] - (.-.) - [400.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [3402.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [44645.75 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [18/03/2017 22:57:02] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [30/05/2017 17:51:34] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [260.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.762F865F75F21FCB260E7C95404B5110] - |A| - [18/03/2017 22:58:18] - (.-.) - [122.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.8448AAEEF1426EBECA795281C5890931] - |A| - [26/11/2016 02:27:45] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [364.01 Ko] - (0.7.2.60) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.7B7859030FF4D38A912A7BCC4A1B3B5E] - |A| - [18/03/2017 22:59:09] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyStub.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [249 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [304.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:11:49] - [31.52 Ko] - C:\WINDOWS\System32\Hydrogen [MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [18/03/2017 22:58:01] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.7BDA75A7AF11283ABB377A06510CBA37] - |A| - [23/11/2016 02:59:22] - (.-.) - [265.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.6DF9BA3AD0CD866EE939C4C49CEA7B30] - |A| - [18/03/2017 22:57:35] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [26/11/2016 02:43:02] - [2848.42 Ko] - C:\WINDOWS\System32\ihvmanager [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [25951.17 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.479B7966309A411BF4FC34898AC96557] - |A| - [18/03/2017 22:58:10] - (.-.) - [134.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6446.5 Ko] - C:\WINDOWS\System32\InputMethod [MD5.00000000000000000000000000000000] - |D| - [30/05/2017 17:51:49] - [32939.21 Ko] - C:\WINDOWS\System32\Intel [MD5.00000000000000000000000000000000] - |D| - [30/05/2017 17:52:19] - [306.71 Ko] - C:\WINDOWS\System32\IntelSSTAPO [MD5.BAB1515ECA97F941DDB545CD5760FBF2] - |A| - [23/11/2016 03:02:12] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [111 Ko] - (2.1.0.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [326.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [236 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [233.5 Ko] - C:\WINDOWS\System32\ko-KR [MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [18/03/2017 22:57:05] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [79.18 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [31131.84 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [244.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [246.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [58635.58 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.37D600A2A69C6F834A8E221C217BE6BC] - |A| - [26/11/2016 02:27:46] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1185.22 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll [MD5.06858BEBDB4999DB86164F7D20BC0F3F] - |A| - [26/11/2016 02:27:46] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1389.58 Ko] - (6.1.17.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll [MD5.E8B2CB14CA0238566BDB20BD2A06D733] - |A| - [14/06/2017 00:18:04] - (.-.) - [760 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [18/03/2017 22:57:05] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/05/2017 18:38:49] - [3.7 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5497.13 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [47457.11 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [06/01/2017 21:50:45] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4180.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [19.15 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [640 Ko] - C:\WINDOWS\System32\NDF [MD5.5E2814E23A58E62AA16C8517B6204851] - |A| - [30/05/2017 17:48:39] - (.-.) - [30.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [18/03/2017 22:57:02] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [16570.66 Ko] - C:\WINDOWS\System32\Nui [MD5.A1AEDB9202950B42A3FAFBA2CFFB8B2F] - |A| - [18/05/2017 04:34:40] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json [MD5.188012B5553C42539C85397B89D83C28] - |A| - [30/05/2017 17:53:06] - (.-.) - [7758.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.B9B60FBDA0904BF9D649E4C8556B43EE] - |A| - [17/01/2017 02:37:20] - (.-.) - [44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.42256DDFDF673E3FB6C236CB1FF49FE0] - |A| - [26/11/2016 02:50:00] - (.-.) - [109.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvRtmpStreamer64.dll [MD5.C9246EF96F14CB2F0C393F73A20590D8] - |A| - [18/03/2017 23:03:38] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |A| - [18/03/2017 22:57:12] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [43454.69 Ko] - C:\WINDOWS\System32\oobe [MD5.42D2360079B1DF3230024AE920737367] - |A| - [18/03/2017 22:57:05] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.3DFB71AE08BA55FAFFF3FD46E6CFFEC9] - |A| - [18/03/2017 23:05:34] - (.-.) - [186.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.DDC530E73AD43F317B5F0134A4E391D6] - |A| - [20/03/2017 07:10:29] - (.-.) - [209.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [18/03/2017 23:05:34] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [20/03/2017 07:10:29] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.D879428FBD0A5229CD6FED1DBB25DF21] - |A| - [18/03/2017 23:05:34] - (.-.) - [775.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.CD10CF1DE3A33213351D604627825303] - |A| - [20/03/2017 07:10:29] - (.-.) - [1007.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.A0E67835FAFEBF189EF25E8CBDEEDB21] - |A| - [30/05/2017 18:14:06] - (.-.) - [2181.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [310 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [634.5 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [18/03/2017 22:57:54] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311.5 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [307 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof [MD5.D9DF00023703568AE6B4303E3C5C90BB] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.99C7924C7268BABB5C4E3CFD2EE03331] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.53C4B57F00C2E7E2300135AE3B8C7D06] - |A| - [26/11/2016 02:41:02] - (.-.) - [18.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml [MD5.EABD549516BF670A684743EEE6A1ADA9] - |A| - [26/11/2016 02:54:11] - (.Copyright (C) 2014 - RtCRX.) - [81.21 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [18/03/2017 22:59:52] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [18/03/2017 22:58:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [253 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [249 Ko] - C:\WINDOWS\System32\sl-SI [MD5.61887B40C313FBC1E271CE3B5B03DBD8] - |A| - [26/11/2016 02:28:01] - (.Copyright (C) 2016 DTS, Inc. - DTS Universal APO DLL.) - [1017.33 Ko] - (3.5.12.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.43EA709D7AE76E69496FDCA72E51EB37] - |A| - [26/11/2016 02:28:01] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Controller DLL.) - [2152.1 Ko] - (3.5.12.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [30/05/2017 17:48:29] - [45781.2 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.B7381BE4A2A1914A52843BEB7FD65D5A] - |A| - [26/11/2016 02:28:02] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Technology DLL.) - [2643.42 Ko] - (3.5.12.0) - C:\WINDOWS\System32\sltech64.dll [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [18/03/2017 22:57:05] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.76F8BDA4D4AA4AA4C4D84C2E2660E6FF] - |A| - [18/03/2017 22:57:05] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7504.91 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [11620.23 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [46736.28 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7777.28 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [31.88 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [251.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.5128BC123224124D67397A1BE698431C] - |A| - [18/03/2017 22:57:16] - (.-.) - [56.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [25048 Ko] - C:\WINDOWS\System32\sru [MD5.E042A078EDE878E1F489D08F045D2205] - |A| - [18/03/2017 22:57:05] - (.-.) - [368.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [18/03/2017 22:58:24] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [234 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [293 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [18/03/2017 22:58:18] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [18/03/2017 22:58:18] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [247 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |D| - [12/05/2017 22:32:44] - [2137.72 Ko] - C:\WINDOWS\System32\UNP [MD5.55F9B4B3E7580D1EB81ADB536884BB96] - |A| - [15/12/2016 14:59:54] - (.Copyright (C)2001 H.Mutsuki - Ogg Vorbis CODEC for MSACM.) - [1525.81 Ko] - (0.0.45.6) - C:\WINDOWS\System32\vorbis.acm [MD5.6632EC0848E7C2745695C9FC25416789] - |A| - [10/03/2017 23:17:14] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [524.28 Ko] - (1.0.42.1) - C:\WINDOWS\System32\vulkan-1-1-0-42-1.dll [MD5.6632EC0848E7C2745695C9FC25416789] - |A| - [31/05/2017 23:37:20] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [524.28 Ko] - (1.0.42.1) - C:\WINDOWS\System32\vulkan-1.dll [MD5.5D71BF91F7F8760097BE36B38B76BB09] - |A| - [10/03/2017 23:17:10] - (.-.) - [248.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-42-1.exe [MD5.5D71BF91F7F8760097BE36B38B76BB09] - |A| - [31/05/2017 23:37:20] - (.-.) - [248.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [116780.11 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [185035.47 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [18/03/2017 22:57:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [778.4 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [76166.44 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.558D9282D5CEA82B2253B88017552F33] - |A| - [18/03/2017 22:58:18] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [9339.55 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [116428 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4744.09 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [18/03/2017 22:58:17] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.19820EEC2D1A4D264F051B789F79D51A] - |A| - [14/06/2017 00:18:01] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [208 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [203 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [26/11/2016 02:31:39] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\2016-11-26_01_31_39_124_LogDLL.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [30/05/2017 17:55:11] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\2017-05-30_17_55_11_345_LogDLL.log [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:58:44] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:54] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:51] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:24] - [1998.91 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [234 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [314 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [78623.11 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.D1F36FAD1454D00AE1435CA32093B7B0] - |A| - [26/11/2016 02:27:43] - (.©Conexant Systems Inc. - Conexant APO.) - [1483.66 Ko] - (1.59.0.0) - C:\WINDOWS\SysWOW64\CX32APO.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [275 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [201.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5929.02 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1077.55 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [3416.51 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [306.5 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [223 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1547.03 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [244.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [220 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [24159.66 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [3149 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [250.5 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [37347.29 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.036F5D00B29FEECFEE8AADD015927A03] - |A| - [26/11/2016 02:38:41] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Gms.log [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [243 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.2927ADFC93821B344BA524BCF9889A51] - |A| - [18/03/2017 22:58:54] - (.-.) - [109.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [229 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [283 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.24E1434E899B3EC4E3CD4CA56AA63BC6] - |A| - [18/03/2017 22:58:54] - (.-.) - [114.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [221.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.7239B44EEDABAB95545DD1ABBBA1E73F] - |A| - [23/11/2016 03:02:08] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [102.01 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [305 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/02/2017 13:11:39] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\last.dump [MD5.D2E6CC3733FCA7C9B976ABE9D85C8251] - |A| - [23/11/2016 03:02:16] - (.-.) - [138.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libEGL.dll [MD5.61159DAFE80A86C0DD6A4A768EA2C5B7] - |A| - [23/11/2016 03:02:22] - (.-.) - [99 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv1_CM.dll [MD5.B680DCA23FEB1E3383CB6932660F342A] - |A| - [23/11/2016 03:02:26] - (.-.) - [109.51 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv2.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [79.18 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [224.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [49817.19 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |SD| - [10/07/2017 11:31:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2978.39 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [814.41 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [271 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.83B77B03667AF77E0BA3E093EF4831F6] - |A| - [18/05/2017 04:34:40] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json [MD5.1291A61F0F4A49E5F4C869E677F67C57] - |A| - [18/03/2017 22:58:39] - (.-.) - [300 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [276.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [215 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.C784CB2642333216B4ED5F4785ED8B70] - |A| - [15/12/2016 15:00:02] - (.Copyright (C)2001 H.Mutsuki - Ogg Vorbis CODEC for MSACM.) - [1422.31 Ko] - (0.0.45.6) - C:\WINDOWS\SysWOW64\vorbis.acm [MD5.4F89AC14A299EEB1E23D1BACA381A89F] - |A| - [10/03/2017 23:17:28] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [513.28 Ko] - (1.0.42.1) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-42-1.dll [MD5.4F89AC14A299EEB1E23D1BACA381A89F] - |A| - [31/05/2017 23:37:20] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [513.28 Ko] - (1.0.42.1) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.82695D42B9F6C2B9625A3E9D3C924B50] - |A| - [10/03/2017 23:17:20] - (.-.) - [228.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-42-1.exe [MD5.82695D42B9F6C2B9625A3E9D3C924B50] - |A| - [31/05/2017 23:37:20] - (.-.) - [228.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [15582.66 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.D676BC75BD566BC91BFEC3D4EDA42655] - |A| - [18/03/2017 22:58:54] - (.-.) - [84.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7507.12 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4744.1 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.B6F89F4C37052969C0E5A8CF47C103D5] - |A| - [14/06/2017 00:19:10] - (.-.) - [58.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [30/05/2017 18:36:30] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [197.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [192 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\arthur\AppData\Roaming [30/05/2017 17:56:01] "Local AppData"=C:\Users\arthur\AppData\Local [30/05/2017 17:56:01] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Libraries [06/01/2017 18:30:34] "My Video"=C:\Users\arthur\Videos [06/01/2017 18:27:37] "My Pictures"=C:\Users\arthur\Pictures [06/01/2017 18:27:37] "Desktop"=C:\Users\arthur\Desktop [06/01/2017 18:27:37] "History"=C:\Users\arthur\AppData\Local\Microsoft\Windows\History [06/01/2017 18:27:37] "NetHood"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Network Shortcuts [30/05/2017 17:56:01] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\arthur\Contacts [06/01/2017 18:30:34] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\arthur\AppData\Local\Microsoft\Windows\RoamingTiles [06/01/2017 18:30:34] "Cookies"=C:\Users\arthur\AppData\Local\Microsoft\Windows\INetCookies [06/01/2017 18:27:37] "Favorites"=C:\Users\arthur\Favorites [06/01/2017 18:27:37] "SendTo"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\SendTo [06/01/2017 18:27:37] "Start Menu"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu [06/01/2017 18:27:37] "My Music"=C:\Users\arthur\Music [06/01/2017 18:27:37] "Programs"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [06/01/2017 18:27:37] "Recent"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Recent [06/01/2017 18:27:37] "CD Burning"=C:\Users\arthur\AppData\Local\Microsoft\Windows\Burn\Burn [30/05/2017 18:31:03] "PrintHood"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [30/05/2017 17:56:01] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\arthur\Searches [06/01/2017 18:30:34] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\arthur\Downloads [06/01/2017 18:27:37] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\arthur\AppData\LocalLow [06/01/2017 18:27:37] "Startup"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [06/01/2017 18:30:35] "Administrative Tools"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [06/01/2017 18:30:35] "Personal"=C:\Users\arthur\Documents [06/01/2017 18:27:37] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\arthur\Links [06/01/2017 18:27:37] "Cache"=C:\Users\arthur\AppData\Local\Microsoft\Windows\INetCache [30/05/2017 17:56:01] "Templates"=C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Templates [30/05/2017 17:56:01] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\arthur\Saved Games [06/01/2017 18:27:37] "Fonts"=C:\WINDOWS\Fonts [18/03/2017 23:03:29] [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 23:03:29] "Common AppData"=C:\ProgramData [18/03/2017 23:03:29] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 23:03:29] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 23:03:29] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:29] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 23:03:29] "Common AppData"=C:\ProgramData [18/03/2017 23:03:29] "Common Desktop"=C:\Users\Public\Desktop [16/07/2016 13:47:48] "Common Documents"=C:\Users\Public\Documents [16/07/2016 13:47:48] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 23:03:29] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 23:03:29] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:29] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [16/07/2016 13:47:48] "CommonMusic"=C:\Users\Public\Music [16/07/2016 13:47:48] "CommonPictures"=C:\Users\Public\Pictures [16/07/2016 13:47:48] "CommonVideo"=C:\Users\Public\Videos [16/07/2016 13:47:48] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [arthur] [30/05/2017 17:56:01] - |D| - [1326754355] - C:\Users\arthur\AppData\Local [06/01/2017 18:27:37] - |D| - [65194778] - C:\Users\arthur\AppData\LocalLow [30/05/2017 17:56:01] - |D| - [676614267] - C:\Users\arthur\AppData\Roaming [23/05/2017 22:43:09] - |D| - [0] - C:\Users\arthur\AppData\Local\Adobe [06/01/2017 18:32:16] - |D| - [2587625] - C:\Users\arthur\AppData\Local\AOP SDK [30/05/2017 17:56:01] - |SHD| - [14000630612] - C:\Users\arthur\AppData\Local\Application Data [06/01/2017 18:44:58] - |D| - [40336425] - C:\Users\arthur\AppData\Local\Battle.net [06/01/2017 18:45:07] - |D| - [28530] - C:\Users\arthur\AppData\Local\Blizzard Entertainment [06/01/2017 18:33:18] - |D| - [9101] - C:\Users\arthur\AppData\Local\CareCenter [06/01/2017 18:52:27] - |D| - [0] - C:\Users\arthur\AppData\Local\CEF [06/01/2017 18:52:27] - |D| - [40] - C:\Users\arthur\AppData\Local\Chromium [06/01/2017 18:32:16] - |D| - [243447954] - C:\Users\arthur\AppData\Local\clear.fi [06/01/2017 18:52:49] - |D| - [26959876] - C:\Users\arthur\AppData\Local\Comms [06/01/2017 18:30:14] - |D| - [3501864] - C:\Users\arthur\AppData\Local\ConnectedDevicesPlatform [06/01/2017 18:28:16] - |D| - [0] - C:\Users\arthur\AppData\Local\CrashDumps [16/06/2017 23:59:18] - |D| - [0] - C:\Users\arthur\AppData\Local\DBG [11/05/2017 22:22:57] - |D| - [1278642] - C:\Users\arthur\AppData\Local\Diagnostics [11/07/2017 11:02:41] - |D| - [105147] - C:\Users\arthur\AppData\Local\ElevatedDiagnostics [22/01/2017 20:18:17] - |D| - [134963368] - C:\Users\arthur\AppData\Local\Google [30/05/2017 17:56:01] - |SHD| - [130] - C:\Users\arthur\AppData\Local\Historique [06/01/2017 18:27:37] - |D| - [112148520] - C:\Users\arthur\AppData\Local\Host App Service [31/05/2017 00:16:05] - |AH| - [25059] - C:\Users\arthur\AppData\Local\IconCache.db [20/07/2017 21:21:58] - |D| - [174080] - C:\Users\arthur\AppData\Local\IIIQF [23/05/2017 22:45:37] - |D| - [0] - C:\Users\arthur\AppData\Local\Macromedia [30/05/2017 17:56:01] - |D| - [312943826] - C:\Users\arthur\AppData\Local\Microsoft [06/01/2017 22:52:49] - |D| - [81432] - C:\Users\arthur\AppData\Local\MicrosoftEdge [06/01/2017 18:40:12] - |D| - [67538720] - C:\Users\arthur\AppData\Local\Mozilla [06/01/2017 18:33:52] - |D| - [0] - C:\Users\arthur\AppData\Local\NetworkTiles [06/01/2017 18:30:16] - |D| - [80754110] - C:\Users\arthur\AppData\Local\NVIDIA [06/01/2017 18:30:16] - |D| - [658481] - C:\Users\arthur\AppData\Local\NVIDIA Corporation [06/01/2017 18:30:17] - |D| - [181541862] - C:\Users\arthur\AppData\Local\Packages [06/01/2017 18:31:21] - |D| - [0] - C:\Users\arthur\AppData\Local\Publishers [13/07/2017 14:53:00] - |D| - [0] - C:\Users\arthur\AppData\Local\Robot Entertainment [06/01/2017 18:52:27] - |D| - [93201970] - C:\Users\arthur\AppData\Local\Steam [30/05/2017 17:56:01] - |D| - [12319481] - C:\Users\arthur\AppData\Local\Temp [30/05/2017 17:56:01] - |SHD| - [5249637] - C:\Users\arthur\AppData\Local\Temporary Internet Files [06/01/2017 18:30:16] - |D| - [12148736] - C:\Users\arthur\AppData\Local\TileDataLayer [13/05/2017 16:46:04] - |D| - [0] - C:\Users\arthur\AppData\Local\UNP [06/01/2017 18:30:20] - |D| - [0] - C:\Users\arthur\AppData\Local\VirtualStore [21/01/2017 19:38:30] - |D| - [574] - C:\Users\arthur\AppData\LocalLow\AMPLITUDE Studios [18/01/2017 20:40:25] - |D| - [64874474] - C:\Users\arthur\AppData\LocalLow\Ludeon Studios [06/01/2017 18:28:14] - |SD| - [319730] - C:\Users\arthur\AppData\LocalLow\Microsoft [12/01/2017 19:30:33] - |D| - [0] - C:\Users\arthur\AppData\LocalLow\Mozilla [10/01/2017 19:30:46] - |D| - [0] - C:\Users\arthur\AppData\LocalLow\Temp [06/01/2017 18:30:25] - |D| - [30220] - C:\Users\arthur\AppData\Roaming\Adobe [22/01/2017 20:14:37] - |D| - [26591332] - C:\Users\arthur\AppData\Roaming\AVAST Software [06/01/2017 18:43:26] - |D| - [8611] - C:\Users\arthur\AppData\Roaming\Battle.net [29/05/2017 19:51:18] - |D| - [2752370] - C:\Users\arthur\AppData\Roaming\Image-Line [06/01/2017 18:36:30] - |D| - [506] - C:\Users\arthur\AppData\Roaming\Macromedia [30/05/2017 17:56:01] - |SD| - [41828948] - C:\Users\arthur\AppData\Roaming\Microsoft [06/01/2017 18:40:12] - |D| - [92838977] - C:\Users\arthur\AppData\Roaming\Mozilla [09/01/2017 19:09:30] - |D| - [12431332] - C:\Users\arthur\AppData\Roaming\OpenOffice [06/01/2017 18:34:24] - |D| - [76] - C:\Users\arthur\AppData\Roaming\Skype [06/01/2017 23:31:45] - |D| - [500131895] - C:\Users\arthur\AppData\Roaming\The Creative Assembly [06/01/2017 18:30:34] - |ASH| - [174] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [30/05/2017 17:56:01] - |SHD| - [34288] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [06/01/2017 18:27:37] - |RD| - [34288] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [30/05/2017 17:56:01] - |RD| - [3888] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [30/05/2017 17:56:01] - |RD| - [2929] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [06/01/2017 18:30:35] - |RD| - [174] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/05/2017 18:28:54] - |ASH| - [174] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [06/01/2017 18:33:51] - |A| - [1333] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gestionnaire audio HD.lnk [29/05/2017 19:51:15] - |D| - [8634] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [30/05/2017 17:56:01] - |D| - [170] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [06/01/2017 18:34:04] - |A| - [2414] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [06/01/2017 18:30:35] - |RD| - [174] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [06/01/2017 19:30:49] - |D| - [3664] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [30/05/2017 17:56:01] - |RD| - [3496] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [30/05/2017 17:56:01] - |RD| - [7238] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [06/01/2017 18:30:35] - |ASH| - [174] - C:\Users\arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] ---------- | C:\ProgramData [26/11/2016 03:01:08] - |D| - [6086127] - C:\ProgramData\Acer [30/05/2017 18:25:58] - |SHD| - [23699091426] - C:\ProgramData\Application Data [22/01/2017 20:10:55] - |D| - [35769111] - C:\ProgramData\AVAST Software [06/01/2017 18:42:26] - |D| - [11867242] - C:\ProgramData\Battle.net [06/01/2017 18:45:01] - |D| - [436477935] - C:\ProgramData\Blizzard Entertainment [07/01/2017 01:19:50] - |SHD| - [14901] - C:\ProgramData\Bureau [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms [30/05/2017 18:25:58] - |SHD| - [278] - C:\ProgramData\Documents [11/07/2017 11:09:34] - |D| - [5722112] - C:\ProgramData\Dolby [26/11/2016 02:18:32] - |D| - [6024] - C:\ProgramData\DriverSetupUtility [12/07/2017 09:22:04] - |D| - [9212] - C:\ProgramData\F-Secure [30/05/2017 17:53:42] - |D| - [140234795] - C:\ProgramData\Intel [26/11/2016 03:08:30] - |D| - [220] - C:\ProgramData\McAfee [07/01/2017 01:19:50] - |SHD| - [123190] - C:\ProgramData\Menu Démarrer [18/03/2017 23:03:29] - |SD| - [899765833] - C:\ProgramData\Microsoft [30/05/2017 18:31:47] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [30/05/2017 17:52:39] - |A| - [102] - C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc [07/01/2017 01:19:50] - |SHD| - [31386] - C:\ProgramData\Modèles [26/11/2016 02:49:24] - |D| - [313343] - C:\ProgramData\NVIDIA [30/05/2017 17:52:55] - |D| - [585236931] - C:\ProgramData\NVIDIA Corporation [06/01/2017 18:30:30] - |HD| - [37217322] - C:\ProgramData\O949 [26/11/2016 03:00:51] - |D| - [48919070] - C:\ProgramData\OEM [30/05/2017 17:54:45] - |D| - [46978311] - C:\ProgramData\Package Cache [26/11/2016 03:02:23] - |D| - [41376] - C:\ProgramData\PPiP [18/03/2017 23:03:29] - |AD| - [5302] - C:\ProgramData\regid.1991-06.com.microsoft [30/05/2017 17:52:19] - |D| - [1938588] - C:\ProgramData\rtkSSTSetting [18/03/2017 23:03:29] - |D| - [0] - C:\ProgramData\SoftwareDistribution [25/07/2017 19:22:26] - |D| - [0] - C:\ProgramData\SWCUTemp [06/01/2017 18:45:38] - |D| - [0] - C:\ProgramData\Synaptics [18/03/2017 23:03:29] - |D| - [5992] - C:\ProgramData\USOPrivate [30/05/2017 17:59:29] - |D| - [1253376] - C:\ProgramData\USOShared [20/03/2017 07:11:49] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [26/11/2016 03:02:29] - |A| - [2847] - C:\ProgramData\Microsoft\Windows\Start Menu\Freedome VPN.lnk [07/01/2017 01:19:50] - |SHD| - [120169] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [18/03/2017 23:03:29] - |RD| - [120169] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [26/11/2016 01:56:34] - |A| - [2516] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk [18/03/2017 23:03:29] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [18/03/2017 23:03:29] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [26/11/2016 03:00:53] - |D| - [19120] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer [18/03/2017 23:03:29] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [15/07/2016 20:08:46] - |A| - [3236] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk [22/01/2017 20:14:35] - |A| - [1983] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [22/01/2017 20:18:11] - |A| - [1092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk [06/01/2017 18:44:49] - |D| - [882] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net [15/06/2017 11:50:10] - |D| - [967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [18/03/2017 23:03:33] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [11/07/2017 11:09:55] - |D| - [2312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby [26/11/2016 01:56:34] - |A| - [2489] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk [20/07/2017 21:23:58] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [22/01/2017 20:17:52] - |A| - [2274] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [29/05/2017 19:51:14] - |D| - [2135] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line [18/03/2017 22:59:54] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [26/11/2016 03:04:07] - |D| - [1586] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [26/11/2016 02:47:02] - |D| - [2350] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logiciel Thunderbolt(TM) [18/03/2017 23:03:29] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [18/03/2017 22:57:42] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [26/11/2016 03:05:22] - |A| - [1232] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [26/11/2016 02:49:59] - |D| - [1472] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [26/11/2016 01:56:34] - |A| - [2489] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk [09/01/2017 19:06:33] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3 [10/01/2017 18:37:46] - |D| - [5203] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016 [26/11/2016 01:56:35] - |A| - [2479] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk [26/11/2016 01:56:35] - |A| - [2516] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk [18/03/2017 22:58:04] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [26/11/2016 01:56:35] - |A| - [2439] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk [26/11/2016 03:04:44] - |A| - [190] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealSense Apps.url [06/01/2017 19:29:21] - |D| - [862] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [18/03/2017 23:03:29] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [06/01/2017 18:45:29] - |D| - [1112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [18/03/2017 23:03:29] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [30/05/2017 18:03:33] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [26/11/2016 01:56:35] - |A| - [2499] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [26/11/2016 03:01:02] - |D| - [497252310] - C:\Program Files (x86)\Acer [06/01/2017 18:43:44] - |AD| - [535480202] - C:\Program Files (x86)\Battle.net [26/11/2016 02:22:54] - |AD| - [1630357] - C:\Program Files (x86)\Bluetooth Suite [18/03/2017 23:03:28] - |D| - [127674928] - C:\Program Files (x86)\Common Files [18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [22/01/2017 20:16:55] - |D| - [405127894] - C:\Program Files (x86)\Google [29/05/2017 19:44:19] - |D| - [1847024887] - C:\Program Files (x86)\Image-Line [26/11/2016 02:27:38] - |HD| - [66587288] - C:\Program Files (x86)\InstallShield Installation Information [30/05/2017 17:51:44] - |D| - [200901613] - C:\Program Files (x86)\Intel [18/03/2017 23:03:28] - |D| - [2018187] - C:\Program Files (x86)\Internet Explorer [26/11/2016 03:08:33] - |D| - [1754] - C:\Program Files (x86)\McAfee [26/11/2016 01:53:58] - |AD| - [2209194854] - C:\Program Files (x86)\Microsoft Office [18/03/2017 23:03:28] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [12/01/2017 19:17:33] - |AD| - [95756960] - C:\Program Files (x86)\Mozilla Firefox [26/11/2016 03:05:21] - |D| - [306364] - C:\Program Files (x86)\Mozilla Maintenance Service [30/05/2017 18:36:28] - |D| - [25757] - C:\Program Files (x86)\MSBuild [26/11/2016 02:49:41] - |D| - [276194566] - C:\Program Files (x86)\NVIDIA Corporation [09/01/2017 19:05:55] - |AD| - [326647949] - C:\Program Files (x86)\OpenOffice 4 [26/11/2016 02:43:02] - |AD| - [6456052] - C:\Program Files (x86)\Qualcomm Atheros [30/05/2017 17:52:28] - |D| - [52598631] - C:\Program Files (x86)\Realtek [30/05/2017 18:36:28] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies [06/01/2017 18:46:57] - |AD| - [24291043241] - C:\Program Files (x86)\StarCraft II [06/01/2017 18:45:29] - |D| - [113364509880] - C:\Program Files (x86)\Steam [26/11/2016 02:27:37] - |HD| - [0] - C:\Program Files (x86)\Temp [29/05/2017 19:52:29] - |D| - [4722304] - C:\Program Files (x86)\VstPlugins [31/05/2017 23:37:20] - |D| - [1099146] - C:\Program Files (x86)\VulkanRT [18/03/2017 23:03:28] - |D| - [2001344] - C:\Program Files (x86)\Windows Defender [18/03/2017 23:03:28] - |D| - [5924864] - C:\Program Files (x86)\Windows Mail [20/03/2017 07:10:55] - |D| - [3254425] - C:\Program Files (x86)\Windows Media Player [18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform [18/03/2017 23:03:28] - |D| - [7569090] - C:\Program Files (x86)\Windows NT [18/03/2017 23:03:28] - |D| - [5365568] - C:\Program Files (x86)\Windows Photo Viewer [18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices [18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [18/03/2017 23:03:28] - |D| - [2184102] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [26/11/2016 03:00:47] - |D| - [32983318] - C:\Program Files\Acer [22/01/2017 20:12:41] - |D| - [1451539320] - C:\Program Files\AVAST Software [15/06/2017 11:50:09] - |AD| - [21315776] - C:\Program Files\CCleaner [18/03/2017 23:03:28] - |D| - [158673262] - C:\Program Files\Common Files [18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files\desktop.ini [11/07/2017 11:09:34] - |D| - [29332073] - C:\Program Files\Dolby [26/11/2016 02:18:32] - |D| - [1883121] - C:\Program Files\DriverSetupUtility [07/01/2017 01:19:50] - |SHD| - [158673262] - C:\Program Files\Fichiers communs [29/05/2017 19:51:16] - |D| - [6320083] - C:\Program Files\Image-Line [30/05/2017 17:51:21] - |D| - [59995719] - C:\Program Files\Intel [18/03/2017 23:03:28] - |D| - [2644854] - C:\Program Files\Internet Explorer [26/11/2016 01:53:58] - |D| - [8836480] - C:\Program Files\Microsoft Office 15 [30/05/2017 18:36:28] - |D| - [25757] - C:\Program Files\MSBuild [30/05/2017 17:52:48] - |D| - [1520401035] - C:\Program Files\NVIDIA Corporation [30/05/2017 17:52:01] - |D| - [60818527] - C:\Program Files\Realtek [30/05/2017 18:36:28] - |D| - [36854953] - C:\Program Files\Reference Assemblies [23/05/2017 22:44:32] - |D| - [0] - C:\Program Files\TrueKey [30/05/2017 17:52:16] - |HD| - [0] - C:\Program Files\Uninstall Information [12/05/2017 22:32:44] - |AD| - [9600051] - C:\Program Files\UNP [18/03/2017 23:03:28] - |RD| - [16330682] - C:\Program Files\Windows Defender [18/03/2017 23:03:28] - |D| - [6145536] - C:\Program Files\Windows Mail [20/03/2017 07:10:55] - |D| - [4781757] - C:\Program Files\Windows Media Player [18/03/2017 23:03:28] - |D| - [49688] - C:\Program Files\Windows Multimedia Platform [18/03/2017 23:03:28] - |D| - [7835330] - C:\Program Files\Windows NT [18/03/2017 23:03:28] - |D| - [6169408] - C:\Program Files\Windows Photo Viewer [18/03/2017 23:03:28] - |D| - [49696] - C:\Program Files\Windows Portable Devices [18/03/2017 23:03:28] - |D| - [95352] - C:\Program Files\Windows Security [18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files\Windows Sidebar [18/03/2017 23:03:28] - |HD| - [2533530504] - C:\Program Files\WindowsApps [18/03/2017 23:03:28] - |D| - [2433872] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [26/11/2016 02:22:53] - |D| - [14617] - C:\Program Files (x86)\Common Files\Atheros [09/02/2017 18:35:56] - |D| - [5637] - C:\Program Files (x86)\Common Files\AV [18/07/2017 03:51:57] - |AD| - [23232] - C:\Program Files (x86)\Common Files\DESIGNER [30/05/2017 17:51:16] - |D| - [92236871] - C:\Program Files (x86)\Common Files\Intel [18/03/2017 23:03:28] - |AD| - [20321027] - C:\Program Files (x86)\Common Files\Microsoft Shared [26/11/2016 02:26:31] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent [29/05/2017 19:52:28] - |D| - [1435256] - C:\Program Files (x86)\Common Files\Propellerhead Software [26/11/2016 02:42:58] - |D| - [61499] - C:\Program Files (x86)\Common Files\Qualcomm Atheros [18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [06/01/2017 18:45:30] - |D| - [3772480] - C:\Program Files (x86)\Common Files\Steam [18/03/2017 23:03:28] - |D| - [9596811] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [26/11/2016 03:08:33] - |D| - [5637] - C:\Program Files\Common files\AV [30/05/2017 17:54:50] - |AD| - [25630782] - C:\Program Files\Common files\Intel [18/03/2017 23:03:28] - |D| - [113198983] - C:\Program Files\Common files\microsoft shared [29/05/2017 19:52:28] - |D| - [2193016] - C:\Program Files\Common files\Propellerhead Software [26/11/2016 02:22:54] - |D| - [204563] - C:\Program Files\Common files\QCA_Bluetooth [18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files\Common files\Services [18/03/2017 23:03:28] - |D| - [10317707] - C:\Program Files\Common files\System [29/05/2017 19:52:29] - |D| - [7119872] - C:\Program Files\Common files\VST2 ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [30/05/2017 18:14:31] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.E3DE98994097D8A322300068873A650B] - [30/05/2017 18:14:28] - |A| - [3778] - C:\WINDOWS\System32\Tasks\ACC : C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [MD5.EC744B5A44C5FA5E69148BC89CA184AF] - [30/05/2017 18:14:28] - |A| - [3852] - C:\WINDOWS\System32\Tasks\ACCAgent : C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [MD5.717354C59DB2B247322081A1DBEFC902] - [30/05/2017 18:14:28] - |A| - [3060] - C:\WINDOWS\System32\Tasks\ACCBackgroundApplication : C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [MD5.32F0336DE3235A4D3209CCAEBCB44A40] - [30/05/2017 18:14:28] - |A| - [2596] - C:\WINDOWS\System32\Tasks\Acer Collection Application : C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [MD5.3710A6518697DB0B88C812E4E6F4A149] - [30/05/2017 18:14:28] - |A| - [2630] - C:\WINDOWS\System32\Tasks\Acer Collection Monitor Application : C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [MD5.11ED8A92028E995089F3980A66A2224E] - [30/05/2017 18:14:28] - |A| - [2534] - C:\WINDOWS\System32\Tasks\AcerCloud : C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [MD5.EBFE5C5CEAAD9AB05144AA9E8F1DB97D] - [30/05/2017 18:14:28] - |A| - [3692] - C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258 : "C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe" [MD5.D7584CBD300AD807D48C57DEF87404D7] - [30/05/2017 18:14:28] - |A| - [4594] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.351B855067A5E48069A9E4A9D221F773] - [30/05/2017 18:14:28] - |A| - [2408] - C:\WINDOWS\System32\Tasks\App Explorer : %LOCALAPPDATA%\Host App Service\Engine\HostAppServiceUpdater.exe [MD5.1BC5054B91B7672AF026E87361AB7CFC] - [30/05/2017 18:14:28] - |A| - [3994] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.00000000000000000000000000000000] - [30/05/2017 18:14:28] - |D| - [3968] - C:\WINDOWS\System32\Tasks\AVAST Software [MD5.E69DD40E31CC21253FBF357649A55BC0] - [30/05/2017 18:14:28] - |A| - [2762] - C:\WINDOWS\System32\Tasks\BacKGroundAgent : C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [MD5.42EB5D93E046C711B001C6DC5FCAEE0A] - [15/06/2017 11:50:12] - |A| - [2872] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.562AE941755DC07F2950CAB936552FA5] - [30/05/2017 18:14:28] - |A| - [2042] - C:\WINDOWS\System32\Tasks\FubToolByPLD : "C:\OEM\Preload\FubTool\FubTool.exe" [MD5.B6F528E1E786706FF6AD44273E5D5DAC] - [30/05/2017 18:14:28] - |A| - [3290] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.D3DCDDCD27698D9513201B0F296946BD] - [30/05/2017 18:14:28] - |A| - [3514] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [30/05/2017 18:14:28] - |D| - [11100] - C:\WINDOWS\System32\Tasks\Intel [MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [537762] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.769F1AFA3C0BCBA20438C20D4F157139] - [20/07/2017 18:05:43] - |A| - [3378] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2851040129-3181136865-233656314-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.21BDBADAB1A18ED3812A9A2190871CAA] - [30/05/2017 18:14:31] - |A| - [2256] - C:\WINDOWS\System32\Tasks\Power Button : "C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe" [MD5.760C30966D3054340AADAAA5A9DCE46B] - [30/05/2017 18:14:31] - |A| - [2180] - C:\WINDOWS\System32\Tasks\Quick Access : "C:\Program Files\Acer\Acer Quick Access\QALauncher.exe" [MD5.5985C3DA170184A47A4E12A5E207308D] - [30/05/2017 18:14:31] - |A| - [4048] - C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1485109088 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe [MD5.DC91E8D5DC346AC3076E592B8618D8F1] - [30/05/2017 18:14:31] - |A| - [5404] - C:\WINDOWS\System32\Tasks\Software Update Application : "C:\ProgramData\OEM\UpgradeTool\ListCheck.exe" [MD5.3CC16E8F3168983BB825AF5B93FCF37B] - [30/05/2017 18:14:31] - |A| - [2706] - C:\WINDOWS\System32\Tasks\UbtFrameworkService : "C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe" [MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "MDNS-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "{81F8A5CD-F6F9-4E0F-9FD6-07822562F679}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Drawboard PDF|Desc=Drawboard PDF|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-322285978-2192210518-103585702-1010742177-1469442655-3072196753-4112280351|EmbedCtxt=Drawboard PDF|Platform=2:6:2|Platform2=GTEQ| "{5AF37858-4310-4DB6-9359-879BB4A3353C}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Drawboard PDF|Desc=Drawboard PDF|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-322285978-2192210518-103585702-1010742177-1469442655-3072196753-4112280351|EmbedCtxt=Drawboard PDF|Platform=2:6:2|Platform2=GTEQ| "{E36DC7B0-34D9-4937-B230-63E726130179}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{2669CD79-35C3-4895-BE54-4BDC5D4BE38B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{ECBC1BFC-A901-469D-A0D8-12BEE2EF398E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Name=Acer Collection|Desc=Acer Collection|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-2808968437-3465455977-1376809423-1034576450-261180976-3493196605-1086951068|EmbedCtxt=Acer Collection|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{33794C5C-4D98-4B05-85C0-C2CD5242E690}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Acer Collection|Desc=Acer Collection|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-2808968437-3465455977-1376809423-1034576450-261180976-3493196605-1086951068|EmbedCtxt=Acer Collection|Platform=2:6:2|Platform2=GTEQ| "UDP Query User{53E5A159-7CD0-4503-89D4-C3E117ACB3BC}C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II| "TCP Query User{C7898BDC-86DE-4D28-B32A-BED220789FD8}C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\starcraft ii\versions\base52910\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II| "UDP Query User{8372573B-BD78-47DA-B9BB-C06704C6B0DB}C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II| "TCP Query User{D9635023-743D-4916-BAC3-30CD70D7D06B}C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\starcraft ii\versions\base51702\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II| "{0E0E5BB9-1AA0-4C61-B0AA-A340FCF215F2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe|Name=abPhotoWindowsUpnp| "{00FB3618-51F9-4E7F-B12E-AB7569878148}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe|Name=abPhotoWindowsUpnp| "{28F2F2E9-DA3B-4507-896E-6DEDF27ACDE1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe|Name=abPhotoDMCDaemon| "{FC63B357-08BD-49CF-9AFA-7E4F23F2F0A6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe|Name=abPhotoDMCDaemon| "{7A4EEFE2-2AE3-455A-AA90-DBD91714EDFC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe|Name=AcerPortalccd| "{063BE614-627D-4CB6-BF30-1BA74FE416A4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe|Name=AcerPortalccd| "{D808E6DB-412C-441C-B4F3-E0299C7C1908}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{20AC878F-6B3B-4783-B3DC-52D996C718C9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{2626BBA0-574C-4E80-A147-9474682F55AE}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47995|LPort=47998|LPort=47999|LPort=48000|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer UDP Exception|Desc=UDP exceptions for SHIELD Streaming NvStreamer (RTSP/RI/A/V)| "{5243B8A0-AFF2-456E-90FA-DC55AD819570}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=35043|LPort=47995|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer TCP Exception|Desc=TCP exceptions for SHIELD Streaming NvStreamer (RTSP/RI)| "{3E9579AA-60AC-4A73-86D1-044E6372A910}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47998|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe|Name=SHIELD Streaming SSAU UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAU (NWT)| "{F51CDF54-F373-4A98-B8B2-8EBD8AB454D4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe|Name=SHIELD Streaming NSS UDP Exception|Desc=UDP exceptions for SHIELD Streaming NSS (mDNS)| "{63475022-4254-49F0-8408-679E4076A400}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47984|LPort=47989|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe|Name=SHIELD Streaming NSS TCP Exception|Desc=TCP exceptions for SHIELD Streaming NSS (HTTP)| "{09A7BB80-3C15-4828-9D14-E93DCC038A3B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=443|App=C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe|Name=NVIDIA Network Service TCP Exception (HTTPS)|Desc=TCP exceptions for NVIDIA Network Service| "{39C2017E-B2F5-4040-82B1-DEAFE3C33976}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|App=C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe|Name=NVIDIA Network Service TCP Exception (HTTP)|Desc=TCP exceptions for NVIDIA Network Service| "{1D43850B-5F8D-4F78-BF63-EA9BA60171A8}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-2851040129-3181136865-233656314-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{2D76C7FD-D508-495F-99CB-B412E17C22E8}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{98D11D21-2400-47A6-BF54-D414F915C471}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Holographic Item Player|Desc=Holographic Item Player|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-2848169271-1944770290-2690789639-3499139168-2840136067-3338101526-125811250|EmbedCtxt=Holographic Item Player|Platform=2:6:2|Platform2=GTEQ| "{1C7B136E-0EAC-44FB-BA14-192AB245708A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Desc=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/Description}|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-968169919-1126953557-685195956-86120492-1320233397-643893155-1374718203|EmbedCtxt=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{DE2B9DBD-D8B2-4406-9E45-2048A5ADE94F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Wallet|Desc=Wallet|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Wallet|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{F579D50D-B1F1-4EDC-91C3-3C92C14EB964}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II| "UDP Query User{BD71DBD4-A54E-4ABB-A1C7-F64568394EB2}C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\starcraft ii\versions\base53644\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II| "{4E569C22-6456-4A6A-ABEB-57691C6E5A1D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ| "{0EEC6AF8-096C-46B4-8F7C-5EEC0DD82057}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "TCP Query User{7E290717-E5CB-42BF-AE3B-25883E3BC13F}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe|Name=Total War: WARHAMMER|Desc=Total War: WARHAMMER|Defer=User| "UDP Query User{AFDD6E9D-9A49-419E-B92B-C8533423B0C5}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe|Name=Total War: WARHAMMER|Desc=Total War: WARHAMMER|Defer=User| "{91ABDF7A-E40A-46FD-9A6E-CB4F73721303}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Facebook|Desc=Facebook|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-3324467646-4197585051-1359281946-1224535466-457027138-2879639353-3757999841|EmbedCtxt=Facebook|Platform=2:6:2|Platform2=GTEQ| "{7195961A-CDF0-41DB-9648-67DF6E3AF3B8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{31C6641B-A8B9-4305-BC7B-A4B621763785}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{7F8725E7-CDE0-4F11-B4A6-A3154E5CDF7E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{1E203E29-E2DB-41B5-A110-BDB96773C6BF}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=WildTangent Games|Desc=WildTangent Games|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-2020458108-3121542460-4114555256-2426173656-3149777993-1233942418-2099583436|EmbedCtxt=WildTangent Games|Platform=2:6:2|Platform2=GTEQ| "{0CF249E3-007F-4DB2-AACA-84CE89E459D6}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{8CD60B3D-9357-4225-88B8-179D7F41C7C7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| "TCP Query User{D914E02E-D6FE-4950-A266-FD73FFFB8530}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe|Name=Orcs Must Die 2|Desc=Orcs Must Die 2| "UDP Query User{3A7D1792-F71E-4D9B-B195-FEDFA144E661}C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe|Name=Orcs Must Die 2|Desc=Orcs Must Die 2| "{B036D83F-F90D-455C-B39A-35CDD3B9B994}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{35F0DABA-DCFC-4906-BA65-A5A448FC928A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{E084B567-7AB0-4082-BE37-CEFE9274462E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| "{4321AECB-BCBA-4DCD-A0F0-77593FBAC119}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition|Platform=2:6:2|Platform2=GTEQ| "{8047915A-54D1-4522-B6D5-DB2488F15E18}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9414F2DE-03D4-4056-A3A1-6BE3197FCB9B}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{D9BD080A-AD9E-42F0-88E0-C52F6EBD6CD8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{9D010E47-6A27-4D7E-974B-EC540674ED37}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{6A0CF73F-7C2E-45C7-8BD4-0E798B5A8A23}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-2851040129-3181136865-233656314-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{20B07EE8-477E-414E-84D2-2BD918F7035A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem31.inf,%WDC_SAM_ClassName%;WD Drive Management devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [06/06/2017 22:19:16] - (8.0.4624.2183) - ( -) - C:\WINDOWS\System32\Drivers\lpsport.SYS [18/05/2017 07:54:04] - (22.21.13.8205) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 382.05) - C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9d2734742a07f3cf\nvlddmkm.sys [18/03/2017 22:56:28] - (4.0.2.262) - (Qualcomm Atheros, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\Qcamain10x64.sys [26/11/2016 02:48:34] - (1.2.40.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys [29/07/2016 11:57:04] - (8.0.0.1) - (Acer Incorporated - LMDriver) - C:\WINDOWS\System32\drivers\LMDriver.sys [29/07/2016 11:57:04] - (8.0.0.1) - (Acer Incorporated - RadioShim) - C:\WINDOWS\System32\drivers\RadioShim.sys [09/03/2016 15:34:32] - (19.0.25.5) - (Synaptics Incorporated - Synaptics I2C Driver) - C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [04/08/2016 07:24:50] - (10.0.0.270) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys [26/11/2016 02:54:11] - (10.0.10586.31225) - (Realsil Semiconductor Corporation - RTS USB READER Driver) - C:\WINDOWS\system32\Drivers\RtsUer.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> \SystemRoot\system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswKbd (aswKbd) -> \SystemRoot\system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True S2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: False R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall [HKU\S-1-5-21-2851040129-3181136865-233656314-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Host App Service] : (App Explorer.-.SweetLabs) -> "C:\Users\defaultuser0\AppData\Local\Host App Service\Uninstall.exe" [HKU\S-1-5-21-2851040129-3181136865-233656314-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Host App Service] : (App Explorer.-.SweetLabs) -> "C:\Users\arthur\AppData\Local\Host App Service\Uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 201790] : (Orcs Must Die! 2.-.Robot Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/201790 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 221380] : (Age of Empires II: HD Edition.-.Skybox Labs) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/221380 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 231430] : (Company of Heroes 2.-.Relic Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/231430 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 232890] : (Stronghold Crusader 2.-.FireFly Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/232890 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 236850] : (Europa Universalis IV.-.Paradox Development Studio) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/236850 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 249050] : (Dungeon of the Endless.-.AMPLITUDE Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/249050 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 289130] : (Endless Legend.-.AMPLITUDE Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/289130 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 294100] : (RimWorld.-.Ludeon Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/294100 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 324680] : (Impossible Creatures.-.Relic Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/324680 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 364360] : (Total War: WARHAMMER.-.Creative Assembly) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/364360 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 374040] : (Portal Knights.-.Keen Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/374040 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 392110] : (Endless Space 2.-.AMPLITUDE Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/392110 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.42.1] : (Vulkan Run Time Libraries 1.0.42.1.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.42.1\UninstallVulkanRT.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}] : (Acer UEIP Framework.-.Acer Incorporated) -> MsiExec.exe /i {12A718F2-2357-4D41-9E1F-18583A4745F7} PRODUCTNAME="Acer UEIP Framework" BRANDNAME="Acer" BOOTSTRATOR=1 ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{168D8B51-42CE-11E6-9DA6-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager Gold (x64): Intel® RealSense™ 3D camera ACPI driver.-.Intel Corporation) -> MsiExec.exe /X{168D8B51-42CE-11E6-9DA6-2C44FD873B55} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1699722E-42CE-11E6-BC68-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Depth Camera Manager Service.-.Intel Corporation) -> MsiExec.exe /X{1699722E-42CE-11E6-BC68-2C44FD873B55} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{192DD8B0-42CE-11E6-84DD-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera SR300 Source Provider.-.Intel Corporation) -> MsiExec.exe /X{192DD8B0-42CE-11E6-84DD-2C44FD873B55} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1AF41E84-3408-499A-8C93-8891F0612719}] : (Acer Care Center.-.Acer Incorporated) -> Msiexec.exe /i {1AF41E84-3408-499A-8C93-8891F0612719} ACER=1 PRODUCTNAME="Acer Care Center" REMOVEUSEC=1 BOOTSTRATOR=1 ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1B67C321-42CE-11E6-B787-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera SR300 Virtual Driver.-.Intel Corporation) -> MsiExec.exe /X{1B67C321-42CE-11E6-B787-2C44FD873B55} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1C53D0CF-42CE-11E6-B3F3-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ 3D camera SR300 IO module.-.Intel Corporation) -> MsiExec.exe /X{1C53D0CF-42CE-11E6-B3F3-2C44FD873B55} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2046B5E1-42CE-11E6-ADBD-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera Virtual Bus Enumerator.-.Intel Corporation) -> MsiExec.exe /X{2046B5E1-42CE-11E6-ADBD-2C44FD873B55} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{20CA507E-24AA-4741-87CF-CC1B250790B7}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{244F1EC0-42CE-11E6-867B-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager Gold (x64): dptf_com.-.Intel Corporation) -> MsiExec.exe /X{244F1EC0-42CE-11E6-867B-2C44FD873B55} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}] : (Dolby Audio X2 Windows API SDK.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}] : ( DriverSetupUtility.-.Acer Incorporated) -> Msiexec.exe /i {2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6} ACER=1 PRODUCTNAME=" DriverSetupUtility" REMOVEUSEC=1 BOOTSTRATOR=1 ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{61955A92-F53E-41AC-BD4A-19E2C1BFE1EE}] : (Intel® RealSense™ SDK 2014 Runtime (x64): Core.-.Intel Corporation) -> MsiExec.exe /X{61955A92-F53E-41AC-BD4A-19E2C1BFE1EE} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}] : (Qualcomm Atheros Bluetooth Installer (64).-.Qualcomm Atheros) -> MsiExec.exe /X{628988B4-3FA5-4EA6-BAA3-DA640F6718BD} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7D84E343-A23D-451C-B123-0195B2D903A6}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{7D84E343-A23D-451C-B123-0195B2D903A6} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7EEC6C54-5441-472A-8792-A5185CC17DF1}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{7EEC6C54-5441-472A-8792-A5185CC17DF1} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{846DE3C3-F079-4E2D-AE25-74D2B62B1D9F}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{846DE3C3-F079-4E2D-AE25-74D2B62B1D9F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}] : (Acer Quick Access.-.Acer Incorporated) -> MsiExec.exe /i {8BBF04F1-C68A-441C-B5EF-446EE9960EAF} BOOTSTRATOR=1 GPRODUCTNAME="Acer Quick Access" BRANDNAME="Acer" ISDT=0 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}] : (Intel(R) Serial IO.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}\Setup.exe" -uninstall ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A6AD1804-600C-4440-8121-F59A883DFCD3}] : (Intel(R) Serial IO.-.Intel Corporation) -> MsiExec.exe /I{A6AD1804-600C-4440-8121-F59A883DFCD3} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 382.05.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 382.05.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 2.11.4.0.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 2.11.4.0.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.16.0318.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 2.11.4.0.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer] : (NVIDIA LED Visualizer 1.0.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] : (NVIDIA GeForce Experience Service.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service] : (NVIDIA Network Service.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 2.11.4.0.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.40.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D622E3AC-0583-4CEC-9455-8B9139C7B4A2}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{D622E3AC-0583-4CEC-9455-8B9139C7B4A2} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}] : (Dolby Audio X2 Windows APP.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{D765CF7F-14F9-4C80-B06C-10E68F10EBCC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 26 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ARP_for_prd_dcm_runtime_sr300_3.2.26.6137] : (Gestionnaire de caméra à détection de profondeur Intel® RealSense™ SR300.-.Intel Corporation) -> "C:\ProgramData\Intel\installer\rs_sdk_2014\cache\8b5887f0-42ce-11e6-a603-2c44fd873b55\setup.exe" --product="dcm_runtime_sr300_3.2.26.6137" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ARP_for_prd_rs_sdk_runtime_core_v4_4.0.2.171617] : (Exécution du SDK Intel® RealSense™ 2014.-.Intel Corporation) -> "C:\ProgramData\Intel\installer\rs_sdk_2014\cache\f6931ea6-034a-4e42-b30d-008efe1c27cb\setup.exe" --product="rs_sdk_runtime_core_v4_4.0.2.171617" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Avast Antivirus] : (Avast Antivirus Gratuit.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Battle.net] : (Battle.net.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=battle.net --displayname="Battle.net" ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FL Studio 12] : (FL Studio 12.-.Image-Line) -> C:\Program Files (x86)\Image-Line\FL Studio 12\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FL Studio ASIO] : (FL Studio ASIO.-.Image-Line) -> C:\Program Files (x86)\Image-Line\FL Studio ASIO\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\setup.exe" --uninstall --system-level --verbose-logging [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IL Download Manager] : (IL Download Manager.-.Image-Line) -> C:\Program Files (x86)\Image-Line\Downloader\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 54.0.1 (x86 en-US)] : (Mozilla Firefox 54.0.1 (x86 en-US).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SafeZone 3.55.2393.609] : (SafeZone Stable 3.55.2393.609.-.Avast Software) -> "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" /uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\StarCraft II] : (StarCraft II.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=s2_frfr --displayname="StarCraft II" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Welcome to Intel RealSense 3D Camera] : (Welcome to Intel RealSense 3D Camera.-.Intel) -> C:\Program Files (x86)\Intel\Welcome to Intel RealSense 3D Camera\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{13885028-098C-4799-9B71-27DAC96502D5}] : (abFiles.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\abFiles\abFilesSetup.exe -uninstall ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1699722E-42CE-11E6-B0D9-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager Gold (x86): dptf_com.-.Intel Corporation) -> MsiExec.exe /X{1699722E-42CE-11E6-B0D9-2C44FD873B55} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{19A0498F-42CE-11E6-B1BB-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ Depth Camera Manager Service.-.Intel Corporation) -> MsiExec.exe /X{19A0498F-42CE-11E6-B1BB-2C44FD873B55} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1F644521-42CE-11E6-B7B9-2C44FD873B55}] : (Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ 3D camera SR300 IO module.-.Intel Corporation) -> MsiExec.exe /X{1F644521-42CE-11E6-B7B9-2C44FD873B55} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{20CA507E-24AA-4741-87CF-CC1B250790B7}] : (Qualcomm Atheros 11ac Wireless LAN Installer.-.Qualcomm Atheros) -> "C:\Program Files (x86)\InstallShield Installation Information\{20CA507E-24AA-4741-87CF-CC1B250790B7}\setup.exe" -runfromtemp -l0x040c -removeonly ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2753F08D-D7B1-4EA8-8281-9195852470CE}] : (Intel® RealSense™ SDK 2014 Runtime (x86): Core.-.Intel Corporation) -> MsiExec.exe /X{2753F08D-D7B1-4EA8-8281-9195852470CE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{414D554E-4453-454E-0201-000000016258}] : (Acer Configuration Manager.-.Acer) -> MsiExec.exe /I{414D554E-4453-454E-0201-000000016258} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{418491FB-C405-444A-A8CC-DD1CFD9D6528}] : (Intel® RealSense™ SDK 2014 Runtime (x86): Dummy Core.-.Intel Corporation) -> MsiExec.exe /X{418491FB-C405-444A-A8CC-DD1CFD9D6528} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A37A114-702F-4055-A4B6-16571D4A5353}] : (AOP Framework.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\AOP Framework\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4B230374-6475-4A73-BA6E-41015E9C5013}] : (Intel® Security Assist.-.Intel Corporation) -> MsiExec.exe /I{4B230374-6475-4A73-BA6E-41015E9C5013} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83A4BF20-6745-437C-98D8-3C4B94D174EB}] : (Freedome VPN (source).-.Acer) -> MsiExec.exe /I{83A4BF20-6745-437C-98D8-3C4B94D174EB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver.-.Realtek) -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}] : (Acer Collection.-.Acer Incorporated) -> Msiexec.exe /i {8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2} ACER=1 PRODUCTNAME="Acer Collection" REMOVEUSEC=1 BOOTSTRATOR=1 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A26EA9EF-0420-4657-AD7F-A4C9D67B63B6}] : (.-.) -> C:\ProgramData\{ED8D8B70-196F-4C4E-B1B5-3FDE44B8E688}\DashlaneUpgradeInstaller.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}] : (Acer Portal.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\Acer Portal\uninstall.exe ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B5AD89F2-03D3-4206-8487-018298007DD0}] : (abPhoto.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\abPhoto\abPhotoSetup.exe -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{fb610cea-ba50-4d4b-a717-cf025419035c}] : (Logiciel pour périphérique à chipset Intel®.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{fb610cea-ba50-4d4b-a717-cf025419035c}\SetupChipset.exe" /uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FBD934F4-FC23-4044-8392-3551DC8D972F}] : (Logiciel Thunderbolt(TM).-.Intel Corporation) -> MsiExec.exe /X{FBD934F4-FC23-4044-8392-3551DC8D972F} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration [HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\02FB4A385476C734898DC3B4491D47BE] : Freedome VPN (source) -> C:\Windows\Installer\{83A4BF20-6745-437C-98D8-3C4B94D174EB}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\0B8DD291EC246E1148DDC244DF78B355] : Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera SR300 Source Provider -> C:\WINDOWS\Installer\{192DD8B0-42CE-11E6-84DD-2C44FD873B55}\arp.ico [HKCR\Installer\Products\0CE1F442EC246E1168B7C244DF78B355] : Intel® RealSense™ Depth Camera Manager Gold (x64): dptf_com -> C:\WINDOWS\Installer\{244F1EC0-42CE-11E6-867B-2C44FD873B55}\arp.ico [HKCR\Installer\Products\123C76B1EC246E117B78C244DF78B355] : Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera SR300 Virtual Driver -> C:\WINDOWS\Installer\{1B67C321-42CE-11E6-B787-2C44FD873B55}\arp.ico [HKCR\Installer\Products\125446F1EC246E117B9BC244DF78B355] : Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ 3D camera SR300 IO module -> C:\WINDOWS\Installer\{1F644521-42CE-11E6-B7B9-2C44FD873B55}\arp.ico [HKCR\Installer\Products\15B8D861EC246E11D96AC244DF78B355] : Intel® RealSense™ Depth Camera Manager Gold (x64): Intel® RealSense™ 3D camera ACPI driver -> C:\WINDOWS\Installer\{168D8B51-42CE-11E6-9DA6-2C44FD873B55}\arp.ico [HKCR\Installer\Products\1CB6BC2117E40984AAE062EC6DDAE7DD] : Intel(R) Chipset Device Software [HKCR\Installer\Products\1E5B6402EC246E11DADBC244DF78B355] : Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Camera Virtual Bus Enumerator -> C:\WINDOWS\Installer\{2046B5E1-42CE-11E6-ADBD-2C44FD873B55}\arp.ico [HKCR\Installer\Products\1F40FBB8A86CC1445BFE44E69E69E0FA] : Acer Quick Access [HKCR\Installer\Products\29A55916E35FCA14DBA4912E1CFB1EEE] : Intel® RealSense™ SDK 2014 Runtime (x64): Core -> C:\Windows\Installer\{61955A92-F53E-41AC-BD4A-19E2C1BFE1EE}\arp.ico [HKCR\Installer\Products\2F817A21753214D4E9F18185A374547F] : Acer UEIP Framework -> C:\Windows\Installer\{12A718F2-2357-4D41-9E1F-18583A4745F7}\ProductIconIco [HKCR\Installer\Products\2F98DA5B3D306024487810288900D70D] : abPhoto -> C:\Windows\Installer\{B5AD89F2-03D3-4206-8487-018298007DD0}\icon.ico [HKCR\Installer\Products\343E48D7D32AC1541B3210592B9D306A] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\3C3ED648970FD2E4EA52472D6BB2D1F9] : Intel(R) Management Engine Components [HKCR\Installer\Products\4081DA6AC006044418125FA988D3CF3D] : Intel(R) Serial IO [HKCR\Installer\Products\411A73A4F20755044A6B6175D1A43535] : AOP Framework -> C:\Windows\Installer\{4A37A114-702F-4055-A4B6-16571D4A5353}\icon.ico [HKCR\Installer\Products\45C6CEE71445A27478295A81C51CD71F] : Intel(R) Management Engine Components [HKCR\Installer\Products\473032B4574637A4ABE61410E5C90531] : Intel® Security Assist -> C:\Windows\Installer\{4B230374-6475-4A73-BA6E-41015E9C5013}\isa.ico [HKCR\Installer\Products\48E14FA18043A994C83988190F167291] : Care Center -> C:\Windows\Installer\{1AF41E84-3408-499A-8C93-8891F0612719}\icon.ico [HKCR\Installer\Products\4B8898265AF36AE4AB3AAD46F07681DB] : Qualcomm Atheros Bluetooth Installer (64) -> C:\Windows\Installer\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4F439DBF32CF440438295315CDD879F2] : Logiciel Thunderbolt(TM) -> C:\Windows\Installer\{FBD934F4-FC23-4044-8392-3551DC8D972F}\MainIcon [HKCR\Installer\Products\71B0DA5AD43FEB941A758C3B5DA2DC31] : Acer Portal -> C:\Windows\Installer\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}\icon.ico [HKCR\Installer\Products\73A720A2B90BBF441B9CD26DAB00418E] : Dolby Audio X2 Windows API SDK -> C:\WINDOWS\Installer\{2A027A37-B09B-44FB-B1C9-2DD6BA0014E8}\DolbyBlue.exe [HKCR\Installer\Products\75B373813CF4A1B4593B7A5ECD5A777F] : Qualcomm Atheros Setup -> C:\Windows\Installer\{18373B57-4FC3-4B1A-95B3-A7E5DCA577F7}\ARPPRODUCTICON.exe [HKCR\Installer\Products\82058831C8909974B91772AD9C56205D] : abFiles -> C:\Windows\Installer\{13885028-098C-4799-9B71-27DAC96502D5}\icon.ico [HKCR\Installer\Products\9002F3925410B0544BAA60D334BF63C8] : Windows 10 Update and Privacy Settings [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C] : DriverSetupUtility -> C:\Windows\Installer\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}\Bitmaps\Registration.ico [HKCR\Installer\Products\AD9761E31805AA444B2CFBE87E1E700E] : OpenOffice 4.1.3 -> C:\Windows\Installer\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}\soffice.ico [HKCR\Installer\Products\AE944DC80ABBF774FA9FA96F8E5CE02F] : Acer Collection -> C:\Windows\Installer\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}\Bitmaps\Registration.ico [HKCR\Installer\Products\BF194814504CA4448ACCDDC1DFD95682] : Intel® RealSense™ SDK 2014 Runtime (x86): Dummy Core -> C:\Windows\Installer\{418491FB-C405-444A-A8CC-DD1CFD9D6528}\arp.ico [HKCR\Installer\Products\CA3E226D3850CEC44955B819937C4B2A] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\D80F35721B7D8AE428181959584207EC] : Intel® RealSense™ SDK 2014 Runtime (x86): Core -> C:\Windows\Installer\{2753F08D-D7B1-4EA8-8281-9195852470CE}\arp.ico [HKCR\Installer\Products\E2279961EC246E110B9DC244DF78B355] : Intel® RealSense™ Depth Camera Manager Gold (x86): dptf_com -> C:\WINDOWS\Installer\{1699722E-42CE-11E6-B0D9-2C44FD873B55}\arp.ico [HKCR\Installer\Products\E2279961EC246E11CB86C244DF78B355] : Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ Depth Camera Manager Service -> C:\WINDOWS\Installer\{1699722E-42CE-11E6-BC68-2C44FD873B55}\arp.ico [HKCR\Installer\Products\E455D4143544E4542010000000102685] : Acer Configuration Manager -> C:\Windows\Installer\{414D554E-4453-454E-0201-000000016258}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\F7FC567D9F4108C40BC6016EF801BECC] : Dolby Audio X2 Windows APP -> C:\WINDOWS\Installer\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}\DolbyBlue.exe [HKCR\Installer\Products\F8940A91EC246E111BBBC244DF78B355] : Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ Depth Camera Manager Service -> C:\WINDOWS\Installer\{19A0498F-42CE-11E6-B1BB-2C44FD873B55}\arp.ico [HKCR\Installer\Products\FC0D35C1EC246E113B3FC244DF78B355] : Intel® RealSense™ Depth Camera Manager SR300 Gold (x64): Intel® RealSense™ 3D camera SR300 IO module -> C:\WINDOWS\Installer\{1C53D0CF-42CE-11E6-B3F3-2C44FD873B55}\arp.ico ---------- | ADS ---------- | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Windows Information: (build 9200), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: Insyde Corp. System Manufacturer: Acer System Product Name: Aspire VN7-592G Logical Drives Mask: 0x00000004 Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de l’écriture d’un paramètre d’application pour le package Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe. Code d’erreur : 5 ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante Warhammer.exe, version : 1.6.0.0, horodatage : 0x58cf5216 Nom du module défaillant : Warhammer.exe, version : 1.6.0.0, horodatage : 0x58cf5216 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000556f3b8 ID du processus défaillant : 0x2fd8 Heure de début de l’application défaillante : 0x01d2ff57a1637bc2 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\Warhammer.exe Chemin d’accès du module défaillant: C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\Warhammer.exe ID de rapport : 236a14fd-5fa2-4994-9c35-29309dc308d8 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante LogonUI.exe, version : 10.0.15063.0, horodatage : 0xccf07184 Nom du module défaillant : credprovhost.dll, version : 10.0.15063.0, horodatage : 0x827168e8 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000016810 ID du processus défaillant : 0x30f8 Heure de début de l’application défaillante : 0x01d2ff71fe5f68b8 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\LogonUI.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\credprovhost.dll ID de rapport : 6ee5e546-0db6-49e7-9873-47f10b9403b4 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, Descripteur non valide . Opération : Opération asynchrone en cours d’exécution Contexte : État actuel: DoSnapshotSet ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante SensorDataService.exe, version : 10.0.15063.0, horodatage : 0x4a884587 Nom du module défaillant : SensorDataService.exe, version : 10.0.15063.0, horodatage : 0x4a884587 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000000cc4c ID du processus défaillant : 0x11a4 Heure de début de l’application défaillante : 0x01d2fbd909253636 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\SensorDataService.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\SensorDataService.exe ID de rapport : 122462c4-f73d-4087-96d1-d8a61bdc6bca Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Le package Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe+Microsoft.ZuneVideo a été interrompu, car sa suspension a été trop longue. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante UBTService.exe, version : 3.2.3001.0, horodatage : 0x5747e1d5 Nom du module défaillant : KERNELBASE.dll, version : 10.0.15063.296, horodatage : 0xa0527b0c Code d’exception : 0xe0434352 Décalage d’erreur : 0x0000000000069e08 ID du processus défaillant : 0x1114 Heure de début de l’application défaillante : 0x01d2fa25b3eef2d2 Chemin d’accès de l’application défaillante : C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 5a5e7763-7ed2-4df4-a682-42c4cace74d0 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Application : UBTService.exe Version du Framework : v4.0.30319 Description : le processus a été arrêté en raison d'une exception non gérée. Informations sur l'exception : System.Collections.Generic.KeyNotFoundException à System.ThrowHelper.ThrowKeyNotFoundException() à System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Item(System.__Canon) à UBTService.Monitor_USB..ctor(System.String) à UBTService.Monitor_USB.get_Instance() à UBTService.WinMessagePump..ctor() à UBTService.UBTService.b__0() à System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) à System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) à System.Threading.ThreadHelper.ThreadStart() ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante Warhammer.exe, version : 1.6.0.0, horodatage : 0x58cf5216 Nom du module défaillant : Warhammer.exe, version : 1.6.0.0, horodatage : 0x58cf5216 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000003e96fbd ID du processus défaillant : 0x3340 Heure de début de l’application défaillante : 0x01d2f35ea6fb5c8b Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\Warhammer.exe Chemin d’accès du module défaillant: C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\Warhammer.exe ID de rapport : db3fc8be-c245-4be7-b5f3-fffcb5cb1869 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante Warhammer.exe, version : 1.6.0.0, horodatage : 0x58cf5216 Nom du module défaillant : Warhammer.exe, version : 1.6.0.0, horodatage : 0x58cf5216 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000003e96fbd ID du processus défaillant : 0x1858 Heure de début de l’application défaillante : 0x01d2f34e67ebd2f1 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\Warhammer.exe Chemin d’accès du module défaillant: C:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\Warhammer.exe ID de rapport : 34321a84-56c4-4c94-a9f7-bb76a25a2ffc Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ ----------( EOF)---------- - 3935 | 19:41:38