--------------- QuickDiag | g3n-h@ckm@n | V3_19.10.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 20/10/2017 13:45:42 Updated 19/10/2017 | 18.05 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [brousseau isabelle (Administrator)] - [PC-PORTABLE] (S-1-5-21-955818268-471735480-1976523364-1001) System: Microsoft Windows 10 Famille - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition4 Boot : Normal boot PC: Inspiron 3521 - Dell Inc. - IdNumber: 9MF2FW1 - UUID: 4C4C4544-004D-4610-8032-B9C04F465731 Processor : X64 - 1397 Mhz - Intel(R) Core(TM) i3-2365M CPU @ 1.40GHz A02 - en|US|iso8859-1 - Dell Inc. - S/N: 9MF2FW1 - A02 - DELL - 1 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice Périphérique High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000\4&2AF4EA01&0&0301 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0282&SUBSYS_10280597&REV_1000\4&2AF4EA01&0&0001 ---------- | Video Intel(R) HD Graphics 3000 - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumd32,igd10umd32,igd10umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0116&SUBSYS_05971028&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1876572160 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 3000 - DriverVersion: 9.17.10.4459 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84992 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42488 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35208 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:0 % ---------- | Network Contrôleur Realtek PCIe FE Family : SENT:0 bytes/sec / RECVD:0 bytes/sec Dell Wireless 1703 802.11b_g_n [2,4 GHz] : SENT:0 bytes/sec / RECVD:0 bytes/sec Connexion au réseau local* 13 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Dell Wireless 1703 802.11b/g/n (2,4 GHz) - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0032&SUBSYS_02091028&REV_01\4&94546EF&0&00E1 Contrôleur Realtek PCIe FE Family - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_05971028&REV_05\4&6521971&0&00E0 Microsoft Wi-Fi Direct Virtual Adapter - - - Status: - PnPID : Carte virtuelle directe Wi-Fi Microsoft - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&11EACB8&0&01 Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE WAN Miniport (SSTP) - - - Status: - PnPID : WAN Miniport (IKEv2) - - - Status: - PnPID : WAN Miniport (L2TP) - - - Status: - PnPID : WAN Miniport (PPTP) - - - Status: - PnPID : WAN Miniport (PPPOE) - - - Status: - PnPID : WAN Miniport (IP) - - - Status: - PnPID : WAN Miniport (IPv6) - - - Status: - PnPID : WAN Miniport (Network Monitor) - - - Status: - PnPID : RAS Async Adapter - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 4058 | Free (MB) : 2160 Pagefile = Total (MB) : 4779 | Free (MB) : 2548 Virtual = Total (MB) : 4194 | Free (MB) : 3912 Physical Memory 1 : Capacity: 4294967296 - DIMM1 - Posit.: 2 - Manufacturer: Hynix/Hyundai - PartNumber: HMT351S6CFR8C-PB - S/N: 103FFE6B ---------- | SID Users Administrateur : [S-1-5-21-955818268-471735480-1976523364-500] brousseau isabelle : [S-1-5-21-955818268-471735480-1976523364-1001] DefaultAccount : [S-1-5-21-955818268-471735480-1976523364-503] HomeGroupUser$ : [S-1-5-21-955818268-471735480-1976523364-1003] Invité : [S-1-5-21-955818268-471735480-1976523364-501] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-955818268-471735480-1976523364-1002] WinRMRemoteWMIUsers__ : [S-1-5-21-955818268-471735480-1976523364-1000] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 464.81 Go | Free : 383.74 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST500LT012-1DG14\4&178BB2E7&0&000000 ---------- | Windows updates Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.15063.608 (© Microsoft Corporation. Tous droits réservés.) GC : 61.0.3163.100 (Copyright 2016 Google Inc.) Default : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "" ---------- | FlashPlayer FlashPlayer ActiveX : 27.0.0.170 ---------- | Security AV : Malwarebytes Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 452 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.15063.0) = C:\Windows\System32\smss.exe [18/03/2017 22:57:38] CPU Usage:0 % --> Command Line : 660 | [Owner : Système | Parent : 604() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 22:57:38] CPU Usage:0 % --> Command Line : 748 | [Owner : Système | Parent : 604() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.15063.502) = C:\Windows\System32\wininit.exe [09/08/2017 20:54:56] CPU Usage:0 % --> Command Line : 876 | [Owner : Système | Parent : 748(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.15063.502) = C:\Windows\System32\services.exe [09/08/2017 20:54:26] CPU Usage:0 % --> Command Line : 908 | [Owner : Système | Parent : 748(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.15063.674) = C:\Windows\System32\lsass.exe [11/10/2017 10:46:26] CPU Usage:0 % --> Command Line : 1004 | [Owner : Système | Parent : 876(services.exe) | 0.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 72 | [Owner : UMFD-0 | Parent : 748(wininit.exe) | 0.9 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.608) = C:\Windows\System32\fontdrvhost.exe [13/09/2017 22:13:10] CPU Usage:0 % --> Command Line : 352 | [Owner : Système | Parent : 876(services.exe) | 19.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 608 | [Owner : SERVICE RÉSEAU | Parent : 876(services.exe) | 9.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 820 | [Owner : Système | Parent : 876(services.exe) | 4.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1252 | [Owner : Système | Parent : 876(services.exe) | 5.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1260 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 18.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1268 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 4.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1276 | [Owner : Système | Parent : 876(services.exe) | 8.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1400 | [Owner : Système | Parent : 876(services.exe) | 6.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1464 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 9.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1548 | [Owner : Système | Parent : 876(services.exe) | 6.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1588 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 5.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1672 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 4.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1736 | [Owner : Système | Parent : 876(services.exe) | 10.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1788 | [Owner : SERVICE RÉSEAU | Parent : 876(services.exe) | 8.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1832 | [Owner : Système | Parent : 876(services.exe) | 1.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1840 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 3.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1904 | [Owner : Système | Parent : 876(services.exe) | 5.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1912 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 5.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1964 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 6.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1972 | [Owner : Système | Parent : 876(services.exe) | 2.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 652 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 8.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2128 | [Owner : Système | Parent : 876(services.exe) | 2.64 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.66) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [04/08/2015 00:21:48] CPU Usage:0 % --> Command Line : 2204 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 2.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2212 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 7.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2224 | [Owner : SERVICE RÉSEAU | Parent : 876(services.exe) | 5.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2380 | [Owner : Système | Parent : 876(services.exe) | 9.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2528 | [Owner : Système | Parent : 876(services.exe) | 8.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2552 | [Owner : Système | Parent : 876(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [11/10/2017 22:07:42] CPU Usage:0 % --> Command Line : 2832 | [Owner : Système | Parent : 876(services.exe) | 25.6 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe [17/07/2017 10:17:02] CPU Usage:0 % --> Command Line : 2992 | [Owner : Système | Parent : 876(services.exe) | 3.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3044 | [Owner : SERVICE LOCAL | Parent : 2992(svchost.exe) | 15.54 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe [18/03/2017 22:57:46] CPU Usage:0 % --> Command Line : 2060 | [Owner : Système | Parent : 876(services.exe) | 6.38 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe [13/09/2017 22:13:40] CPU Usage:0 % --> Command Line : 2480 | [Owner : SERVICE RÉSEAU | Parent : 876(services.exe) | 3.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2748 | [Owner : SERVICE RÉSEAU | Parent : 876(services.exe) | 12.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2760 | [Owner : Système | Parent : 876(services.exe) | 19.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2772 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 18.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2984 | [Owner : Système | Parent : 876(services.exe) | 13.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3084 | [Owner : Système | Parent : 876(services.exe) | 59.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3148 | [Owner : SERVICE RÉSEAU | Parent : 876(services.exe) | 5.74 Mo] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.15063.0) = C:\Program Files\Windows Media Player\wmpnetwk.exe [20/03/2017 07:10:51] CPU Usage:0 % --> Command Line : 3156 | [Owner : Système | Parent : 876(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe [11/10/2017 10:47:05] CPU Usage:0 % --> Command Line : 3172 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 4.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3180 | [Owner : Système | Parent : 876(services.exe) | 1.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3196 | [Owner : Système | Parent : 876(services.exe) | 5.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3204 | [Owner : Système | Parent : 876(services.exe) | 13.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3212 | [Owner : Système | Parent : 876(services.exe) | 13.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3304 | [Owner : Système | Parent : 876(services.exe) | 31.49 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.556) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [08/10/2017 12:25:23] CPU Usage:0 % --> Command Line : 3344 | [Owner : Système | Parent : 876(services.exe) | 4.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3500 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 5.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3516 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 1.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3800 | [Owner : Système | Parent : 876(services.exe) | 12.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 4164 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 10.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 4208 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 5.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 4460 | [Owner : SERVICE RÉSEAU | Parent : 876(services.exe) | 4.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 4520 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 6.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 4636 | [Owner : Système | Parent : 876(services.exe) | 1.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 4680 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 6.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 5252 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 9.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 5900 | [Owner : Système | Parent : 876(services.exe) | 3.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 5956 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 5.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 928 | [Owner : Système | Parent : 876(services.exe) | 11.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1112 | [Owner : Système | Parent : 876(services.exe) | 24.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1936 | [Owner : Système | Parent : 876(services.exe) | 11.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 4896 | [Owner : Système | Parent : 876(services.exe) | 7.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 5704 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 3.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 1116 | [Owner : Système | Parent : 876(services.exe) | 10.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2008 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 11.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 8560 | [Owner : Système | Parent : 876(services.exe) | 3.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 7056 | [Owner : Système | Parent : 876(services.exe) | 3.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2288 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 9.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2248 | [Owner : Système | Parent : 1616() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 22:57:38] CPU Usage:0 % --> Command Line : 5064 | [Owner : Système | Parent : 1616() | 8.05 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.15063.608) = C:\Windows\System32\winlogon.exe [13/09/2017 22:13:07] CPU Usage:0 % --> Command Line : 6316 | [Owner : UMFD-2 | Parent : 5064(winlogon.exe) | 9.65 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.608) = C:\Windows\System32\fontdrvhost.exe [13/09/2017 22:13:10] CPU Usage:0 % --> Command Line : 7268 | [Owner : DWM-2 | Parent : 5064(winlogon.exe) | 41.68 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.15063.0) = C:\Windows\System32\dwm.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 6728 | [Owner : Système | Parent : 2128(RtkAudioService64.exe) | 11.85 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.220) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [04/08/2015 00:21:48] CPU Usage:0 % --> Command Line : 5188 | [Owner : Système | Parent : 2128(RtkAudioService64.exe) | 11.2 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.220) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [04/08/2015 00:21:48] CPU Usage:0 % --> Command Line : 3040 | [Owner : brousseau isabelle | Parent : 3304(MBAMService.exe) | 26.72 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1208) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [08/10/2017 12:25:19] CPU Usage:0 % --> Command Line : 6828 | [Owner : brousseau isabelle | Parent : 1548(svchost.exe) | 25.77 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe [18/03/2017 22:58:10] CPU Usage:0 % --> Command Line : 4832 | [Owner : brousseau isabelle | Parent : 876(services.exe) | 13.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2260 | [Owner : brousseau isabelle | Parent : 876(services.exe) | 27.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2112 | [Owner : brousseau isabelle | Parent : 1276(svchost.exe) | 20.38 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe [18/03/2017 22:57:57] CPU Usage:0 % --> Command Line : 6420 | [Owner : brousseau isabelle | Parent : 6212() | 98.95 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe [11/10/2017 10:45:45] CPU Usage:0 % --> Command Line : 9212 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 61.96 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [17/07/2017 10:17:13] CPU Usage:0 % --> Command Line : 3840 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 79.77 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [18/03/2017 22:56:41] CPU Usage:0 % --> Command Line : 2176 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 44.21 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe [18/03/2017 22:58:01] CPU Usage:0 % --> Command Line : 9108 | [Owner : Système | Parent : 876(services.exe) | 21.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 3680 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 9.62 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.15063.0) = C:\Windows\System32\dllhost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 5084 | [Owner : brousseau isabelle | Parent : 6420(explorer.exe) | 9.6 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe [18/03/2017 22:56:44] CPU Usage:0 % --> Command Line : 6768 | [Owner : brousseau isabelle | Parent : 6420(explorer.exe) | 8.99 Mo] - (.Intel Corporation - igfxTray Module.) - (8.15.10.4459) = C:\Windows\System32\igfxtray.exe [09/03/2017 02:16:10] CPU Usage:0 % --> Command Line : 7208 | [Owner : brousseau isabelle | Parent : 6420(explorer.exe) | 8.61 Mo] - (.Intel Corporation - hkcmd Module.) - (8.15.10.4459) = C:\Windows\System32\hkcmd.exe [09/03/2017 02:16:04] CPU Usage:0 % --> Command Line : 9064 | [Owner : brousseau isabelle | Parent : 6420(explorer.exe) | 9.81 Mo] - (.Intel Corporation - persistence Module.) - (8.15.10.4459) = C:\Windows\System32\igfxpers.exe [09/03/2017 02:16:08] CPU Usage:0 % --> Command Line : 1296 | [Owner : brousseau isabelle | Parent : 6420(explorer.exe) | 13.46 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.484.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [04/08/2015 00:21:50] CPU Usage:0 % --> Command Line : 9692 | [Owner : brousseau isabelle | Parent : 6420(explorer.exe) | 11.52 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.220) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [04/08/2015 00:21:48] CPU Usage:0 % --> Command Line : 6676 | [Owner : brousseau isabelle | Parent : 6420(explorer.exe) | 17.44 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.0.9.4) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [19/08/2016 00:59:34] CPU Usage:0 % --> Command Line : 1016 | [Owner : brousseau isabelle | Parent : 7960() | 54.61 Mo] - (.AVAST Software - Avast Antivirus.) - (17.7.3660.226) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [11/10/2017 22:08:04] CPU Usage:0 % --> Command Line : 8968 | [Owner : brousseau isabelle | Parent : 6420(explorer.exe) | 29.49 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6998.830) = C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\OneDrive.exe [22/05/2016 12:21:09] CPU Usage:0 % --> Command Line : 2340 | [Owner : brousseau isabelle | Parent : 3012() | 4.65 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.0.9.4) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [19/08/2016 00:59:36] CPU Usage:0 % --> Command Line : 368 | [Owner : brousseau isabelle | Parent : 9016() | 6.18 Mo] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [30/05/2013 15:50:10] CPU Usage:0 % --> Command Line : 9448 | [Owner : brousseau isabelle | Parent : 9016() | 19.62 Mo] - (.Citrix Systems, Inc. - Citrix Connection Center.) - (14.4.1000.16) = C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [25/04/2016 06:30:56] CPU Usage:0 % --> Command Line : 4576 | [Owner : brousseau isabelle | Parent : 9016() | 8.88 Mo] - (.Citrix Systems, Inc. - Citrix FTA, URL Redirector.) - (14.4.1000.16) = C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [25/04/2016 06:29:06] CPU Usage:0 % --> Command Line : 1924 | [Owner : brousseau isabelle | Parent : 9448(concentr.exe) | 19.95 Mo] - (.Citrix Systems, Inc. - Citrix Receiver Application.) - (4.4.1000.16) = C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe [25/04/2016 03:42:40] CPU Usage:0 % --> Command Line : 8904 | [Owner : brousseau isabelle | Parent : 1924(Receiver.exe) | 26.26 Mo] - (.Citrix Systems, Inc. - Citrix Receiver.) - (4.4.1000.13058) = C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe [25/04/2016 07:25:58] CPU Usage:0 % --> Command Line : 3424 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 14.88 Mo] - (.Citrix Systems, Inc. - Citrix Connection Manager.) - (14.4.1000.16) = C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe [25/04/2016 06:30:06] CPU Usage:0 % --> Command Line : 6160 | [Owner : brousseau isabelle | Parent : 876(services.exe) | 19.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 5264 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 3.25 Mo] - (.-.) - (11.19.856.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe [22/08/2017 22:16:26] CPU Usage:0 % --> Command Line : 4100 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 31.76 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe [18/03/2017 22:58:23] CPU Usage:0 % --> Command Line : 11164 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 79.69 Mo] - (.-.) - (2017.39081.15820.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [04/10/2017 08:58:19] CPU Usage:0 % --> Command Line : 8132 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 44.65 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.15063.502) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [09/08/2017 20:53:40] CPU Usage:0 % --> Command Line : 4944 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 7.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 10828 | [Owner : Système | Parent : 876(services.exe) | 16.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 6644 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 6.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 11772 | [Owner : Système | Parent : 876(services.exe) | 5.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 12120 | [Owner : SERVICE LOCAL | Parent : 876(services.exe) | 9.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 11080 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 61.45 Mo] - (.Microsoft Corporation - Microsoft Outlook.) - (16.0.8600.4052) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40525.0_x64__8wekyb3d8bbwe\HxOutlook.exe [10/10/2017 10:50:41] CPU Usage:0 % --> Command Line : 1536 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 35.73 Mo] - (.Microsoft Corporation - Microsoft Outlook Communications.) - (16.0.8600.4052) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8600.40525.0_x64__8wekyb3d8bbwe\HxTsr.exe [10/10/2017 10:50:41] CPU Usage:0 % --> Command Line : 4596 | [Owner : SERVICE LOCAL | Parent : 652(svchost.exe) | 18.76 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.15063.447) = C:\Windows\System32\audiodg.exe [17/07/2017 10:30:13] CPU Usage:0 % --> Command Line : 6376 | [Owner : Système | Parent : 876(services.exe) | 6.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 22:58:21] CPU Usage:0 % --> Command Line : 2980 | [Owner : brousseau isabelle | Parent : 1016(AvastUI.exe) | 7.16 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.15063.0) = C:\Windows\SysWOW64\ctfmon.exe [18/03/2017 22:58:59] CPU Usage:0 % --> Command Line : 2184 | [Owner : brousseau isabelle | Parent : 352(svchost.exe) | 37 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe [11/10/2017 10:45:43] CPU Usage:0 % --> Command Line : 3524 | [Owner : brousseau isabelle | Parent : 6420(explorer.exe) | 42.91 Mo] - (.SosVirus - QuickDiag.) - (19.10.17.1) = C:\Users\brousseau isabelle\Desktop\QuickDiag.exe [20/10/2017 13:43:27] CPU Usage:0 % --> Command Line : 7104 | [Owner : Système | Parent : 352(svchost.exe) | 8.8 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 22:58:01] CPU Usage:0 % --> Command Line : 12072 | [Owner : SERVICE RÉSEAU | Parent : 352(svchost.exe) | 9.48 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [18/03/2017 22:58:50] CPU Usage:0 % --> Command Line : ---------- | MD5 [MD5.01078D46C77CE0D7DC584A29062A799D] - [11/10/2017 10:45:45] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4735.3 Ko] - (10.0.15063.674) : C:\WINDOWS\Explorer.exe [MD5.94912C1D73ADE68F2486ED4D8EA82DE6] - [18/03/2017 22:57:50] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [265.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\cmd.exe [MD5.31E45CAA8E7035ECD47E96A7377BE975] - [18/03/2017 22:57:38] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.28 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\csrss.exe [MD5.2D29C0AFCC8225AFF6637F7362C22960] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - COM Surrogate.) - [20.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\dllhost.exe [MD5.90224339656D3CFEC43150209B4CD38E] - [17/07/2017 10:17:02] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [692.1 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\Kernel32.dll [MD5.BA909DA3D184EF80F9293AB9E12FF30F] - [11/10/2017 10:46:26] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.62 Ko] - (10.0.15063.674) : C:\WINDOWS\System32\lsass.exe [MD5.AA7F1C36F5BC779964CFA4F98D224D9F] - [13/09/2017 22:13:06] - (.© Microsoft Corporation. - Distributed COM Services.) - [1060 Ko] - (10.0.15063.608) : C:\WINDOWS\System32\rpcss.dll [MD5.ECB702B8C5650381C0784F1EEABB97BC] - [18/03/2017 22:58:29] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [67 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\rundll32.exe [MD5.C81F9707DEA008EED4071B5A39B7C76E] - [09/08/2017 20:54:26] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [515.6 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\services.exe [MD5.3120B24060924F9B94182A1432B2D7F9] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [46.55 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\svchost.exe [MD5.15D557EC51DA2B814D885F0ED6089A6B] - [11/10/2017 10:45:33] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1314.56 Ko] - (10.0.15063.674) : C:\WINDOWS\System32\user32.dll [MD5.46B72E05D0B9F489CA60DBD7361039B0] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\userinit.exe [MD5.0242626678C83AE788C655C1990A3CC3] - [09/08/2017 20:54:56] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [310.77 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\Wininit.exe [MD5.9CDA170849A4F66F4D68B3DBB3AC8394] - [13/09/2017 22:13:07] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [690 Ko] - (10.0.15063.608) : C:\WINDOWS\System32\Winlogon.exe [MD5.5A6D591D56791BA63CE73FCAD60D89A1] - [13/09/2017 22:13:43] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [596.41 Ko] - (10.0.15063.608) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.01733BEEE02E51F712330D5909BD701C] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [28.41 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.71CCAFFF7D5E64E3D07BD96F2B2898EF] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.ABE77AD954BC3D72F559CF0C381E50BC] - [18/03/2017 22:56:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.185A4519B7764F4DEF714D890A7A9FD2] - [18/03/2017 22:57:47] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - [17/07/2017 10:30:09] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84.5 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.C6C8315E3262FAE460529C6DA2951682] - [18/03/2017 22:56:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.DCC05E5EAA580C97F13B434FAFACED85] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - [18/03/2017 22:57:54] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [456.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.64BB1D5A6A8711C980D2ABAB0ADFFF8E] - [13/09/2017 22:13:53] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1213.41 Ko] - (10.0.15063.608) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.BAD3C424788BC071C3EC82CFCDA954D2] - [13/09/2017 22:13:23] - (.© Microsoft Corporation. - MBT Transport driver.) - [298 Ko] - (10.0.15063.608) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.CDB804F3EA333459FE3C21D61767CBB1] - [11/10/2017 10:46:10] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2272.9 Ko] - (10.0.15063.674) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.2CC6C325B271C7CA60F374F8F868CB45] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.5279EC98F6218D29EADDFECCC0D80E9A] - [18/03/2017 22:58:07] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - [18/03/2017 22:59:55] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [179 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.9360DA9E370C1E1483967351C0CB7245] - [11/10/2017 10:46:53] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2609.4 Ko] - (10.0.15063.674) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.D74756DD1518D28A09CDA99696273FA4] - [09/08/2017 20:54:40] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.91 Ko] - (10.0.15063.540) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.E3429DBBEA3965BB96E24B16EF4A2551] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [387.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.AVAST Software s.r.o..-.Hook Library.) - (17.7.3.15075) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll (.Intel Corporation.-.LDDM User Mode Driver for Intel(R) Graphics Technology.) - (9.17.10.4459) -- C:\WINDOWS\SYSTEM32\igd10umd64.dll (.AVAST Software.-.Avast Shell Extension.) - (17.7.3660.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.© Copyright 2010 Hewlett-Packard Company.-.Hewlett-Packard WIA 2.0 scanner driver.) - (30.0.411.0) -- C:\WINDOWS\system32\HPWia2_DJ2540.dll (.Copyright (C) Hewlett-Packard Co. 2011.-.HPScanTRDrv Module.) - (30.0.1044.40289) -- C:\WINDOWS\system32\HPScanTRDrv_DJ2540.dll (.http://www.sqlite.org/copyright.html.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.15.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.Copyright (C) 2014 AVAST Software s.r.o..-.Hook Library.) - (17.7.3.15075) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Chromium - ("c:\users\brousseau isabelle\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\...\Run]) - User: pc-portable\brousseau isabelle OneDrive - ("C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\...\Run]) - User: pc-portable\brousseau isabelle SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public IgfxTray - ("C:\WINDOWS\system32\igfxtray.exe" [HKLM\SOFTWARE\...\Run]) - User: Public HotKeysCmds - ("C:\WINDOWS\system32\hkcmd.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Persistence - ("C:\WINDOWS\system32\igfxpers.exe" [HKLM\SOFTWARE\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public RtHDVBg - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 [HKLM\SOFTWARE\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public SynTPEnh - (%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Chromium"="c:\users\brousseau isabelle\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session "OneDrive"="C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "uTorrent"=0x03000000168627EEC1A2D101 "OneDrive"=0x020000000000000000000000 "CCleaner Monitoring"=0x020000000000000000000000 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=chkdsk g: /f\1 "MRUList"=dcba "b"=chkdsk c: /f\1 "c"=cmd\1 "d"=cmd.exe\1 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP Deskjet 2540 series (réseau),winspool,Ne02: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4 "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui "SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x040000000000000000000000 "SynTPEnh"=0x060000000000000000000000 "RTHDVCPL"=0x060000000000000000000000 "RtHDVBg"=0x060000000000000000000000 "HotKeysCmds"=0x020000000000000000000000 "IgfxTray"=0x020000000000000000000000 "Persistence"=0x020000000000000000000000 "AvastUI.exe"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "AvastUI.exe"=0x020000000000000000000000 "HP Software Update"=0x020000000000000000000000 "ConnectionCenter"=0x020000000000000000000000 "Redirector"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D325FFA9F5E74C [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [30/05/2013 15:50:10] "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "EnableMitInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Avast Emergency Update GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA HPCustParticipation HP Deskjet 2540 series OneDrive Standalone Update Task-S-1-5-21-955818268-471735480-1976523364-1001 Optimize Start Menu Cache Files-S-1-5-21-955818268-471735480-1976523364-1001 SafeZone scheduled Autoupdate 1466255871 User_Feed_Synchronization-{D384A262-C528-4475-A572-E9288625BDD3} ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc DeviceInstall gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=1 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [12/02/2016 00:35:59] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=908 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=15b3ead2-7c06-4362-b2a7-b3b49e8 "GlassSessionId"=2 ---------- | .LNK with Arguments c:\users\brousseau isabelle\desktop\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\WINDOWS\web\wallpaper\Windows\img0.jpg [18/03/2017 22:56:56] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "MouseMonitorEscapeSpeed"=0 "Win8DpiScaling"=0 "UserPreferencesMask"=0x9E1E078012000000 "AutoColorization"=1 "MaxVirtualDesktopDimension"=1366 "MaxMonitorDimension"=1366 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC3010090CA0100560500000003000008258A2D2AA0D20143003A005C00570049004E0044004F00570053005C007700650062005C00770061006C006C00700061007000650072005C00570069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ImageColor"=2952184650 "DpiScalingVer"=4096 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0xFB9A790967ADD111ABCD00C04FC30936E10C0000B083204722C5CF11876300608CC02F24720700005A67B13AFFCCD2118B2000A0C93CB1F4EF070000BD0E0C47735D584D9CEDE91E22E23282490600000114020000000000C000000000000046290E0000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=2 "GlobalAssocChangedCounter"=86 "AppReadinessLogonComplete"=1 "FirstRunTelemetryComplete"=1 "ShowRecent"=0 "ShowFrequent"=0 "ShowDriveLettersFirst"=2 "link"=0x1A000000 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "StoreAppsOnTaskbar"=1 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=0 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=0 "ShowStatusBar"=0 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "RTStartMenuNotificationDisplayCount"=0 "EnableStartMenu"=1 "TaskbarStateLastRun"=0x14C6E05900000000 "NavPaneShowAllFolders"=0 "ShowPreviewHandlers"=0 "FolderContentsInfoTip"=0 "ShowSyncProviderNotifications"=0 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x020000000100000000000000FFFFFFFF "0"=0x61006C006900620069000000 "1"=0x62006C00610073006F000000 "2"=0x6100640073006600690078000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "SoftwareSASGeneration"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "SoftwareSASGeneration"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=6 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=15063 "FirstLogon"=0 "PUUActive"=0x3A3934BC010001002F0035015ED40600E4BB070002053700D100000002000F00A81B5A6E0DD37D0007971E00E212030016BB02009567000000000000B68B1E002B1B0000DC0400008E1680AD9149D3015ED40600000000000100000000000000 "DP"=0xCE005800A50001002F0000003A3934BC0000000000000000AC716F537C49D301AC716F537C49D301000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "LastLogOffEndTimePerfCounter"=251166568496 "ShutdownFlags"=2147483687 "Userinit"=C:\Windows\system32\userinit.exe, "AutoAdminLogon"=0 "DefaultUserName"=brousseau isabelle "ShutdownWithoutLogon"=0 "scremoveoption"=0 "DisableCad"=1 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [13/09/2017 22:13:24] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [13/09/2017 22:13:24] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser ---------- | AppcompatFlags [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "SIGN.IE=0EE9B0 ChromeSetup.exe"=0x5341435001000000000000000700000028000000B0E90E00F653AD9401000000000000000000020600010000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000002C339600000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\setup.exe"=0x534143500100000000000000070000002800000048A31000C316110001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000001D030000000000000100000001000000 "SIGN.IE=04D4D78 avast_free_antivirus_setup_online.exe"=0x5341435001000000000000000700000028000000784D4D000000000001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000D9530400000000000100000001000000 "C:\Users\brousseau isabelle\AppData\Local\Chromium\Application\chrome.exe"=0x534143500100000000000000070000002800000000EC0F007F35100001000000000000000000030600210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B603340F000000001800000018000000 "C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\562C4DD5\22.5.4.24\InstStub.exe"=0x53414350010000000000000007000000280000003859160060D3160003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000047C0700000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\CitrixReceiver.exe"=0x53414350010000000000000007000000280000003009DA02BC33DA0201000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000041640800000000000100000001000000 "C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe"=0x534143500100000000000000070000002800000030354900222E4A0001000000000000000000030680210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000CB000000000000000100000001000000 "C:\ProgramData\Citrix\Citrix Receiver\TrolleyExpress.exe"=0x534143500100000000000000070000002800000038E91900964C1A0003000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E2F10000000000000100000001000000 "C:\Program Files (x86)\WinZip Driver Updater\unins000.exe"=0x5341435001000000000000000700000028000000A8361200BDF3120003000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A8130000000000000100000001000000 "C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe"=0x534143500100000000000000070000002800000038010F00776E0F0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000080380100000000000100000001000000 "C:\Program Files (x86)\baidu\Baidu Browser\uninst.exe"=0x534143500100000000000000070000002800000080F21C00A1FB1C0003000000000000000000020671000000975FD891C99ECE01000000000000000002000000280000000000000000080000000000000000000000000000000000008D4E0000000000000100000001000000 "SIGN.MEDIA=4676E700 Setup.exe"=0x534143500100000000000000070000002800000008541A0051C61A0001000000000000000000010600010000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000002F2B0500000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\wrar530fr.exe"=0x534143500100000000000000070000002800000020A81C0090DF1C0001000000000000000000030600210000975FD891C99ECE010000008000000000020000002800000000000000800000400000000000000000000000000000000019FB0000000000000100000001000000 "C:\Program Files (x86)\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000F8910200FED7020003000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000003A200000000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\rar_password_unlocker_trial-5.0.exe"=0x5341435001000000000000000700000028000000A185CB000000000001000000000000000000020600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000182A0100000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\uTorrent (1).exe"=0x5341435001000000000000000700000028000000006A1D00E54E1E0001000000000000000000030600210000975FD891C99ECE010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000061160100000000000100000001000000 "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000008EA610097B0620001000000000000000000030673220000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000001BB21819000000003100000031000000 "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\delegate_execute.exe"=0x534143500100000000000000070000002800000098320B00D8180C0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000040340300000000000100000001000000 "C:\Users\brousseau isabelle\AppData\Local\Temp\HpUpdate\27428\FWUpdateEDO2_2136_40758_USB_VR2.exe"=0x534143500100000000000000070000002800000068FE1800C1F0190001000000000000000000010600010000975FD891C99ECE01000000800000000002000000280000000000000000000000000000000000000000000000000000000B130000000000000100000001000000 "C:\Users\brousseau isabelle\AppData\Local\Temp\HpUpdate\28039\434179_DiagnosticAlert_000_000_019_000.exe"=0x534143500100000000000000070000002800000010D50900D39C0A0001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000BB080000000000000100000001000000 "C:\Program Files\AVAST Software\Avast\avastui.exe"=0x5341435001000000000000000700000028000000B8EF6C000DF26C000100000000000000000003060021000019B4C529E312D1010000000000000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\brousseau isabelle\Downloads\vlc-2.2.4-win32.exe"=0x534143500100000000000000070000002800000038E8D1015414D2010100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000007D140100000000000100000001000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C01702001B81020001000000000000000000000A6122000033504C2B57DFD10100000000000000000200000050000000000000000000001000000000000000000000000000000000B7D6550A000000003E000000020000000000000080000010000000000000000000000000000000008BC9E600000000000F00000000000000 "C:\Users\brousseau isabelle\Downloads\adwcleaner_5.201.exe"=0x534143500100000000000000070000002800000040A438006BC9380001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000CE8F0300000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\ccsetup519.exe"=0x534143500100000000000000070000002800000068F179008EE87A000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000B9A10100000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\ccsetup_519.exe"=0x534143500100000000000000070000002800000020C16A00E0BC6B000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000053DCF00A000000000100000001000000 "C:\Windows\WinSxS\wow64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.10586.0_none_c494bbde4b9d79ed\wordpad.exe"=0x534143500100000000000000070000002800000000B041008449420001000000010000000000000A7122000019B4C529E312D1010000000000000000 "C:\Windows\WinSxS\wow64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.10586.494_none_a4e3d243007457c2\wordpad.exe"=0x534143500100000000000000070000002800000000B0410041E4410001000000010000000000000A7122000019B4C529E312D1010000000000000000 "C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.10586.0_none_ba40118c173cb7f2\wordpad.exe"=0x534143500100000000000000070000002800000000F04400851F450001000000010000000000000A7322000059193B14E312D1010000000000000000 "C:\Users\brousseau isabelle\Downloads\CitrixReceiver (1).exe"=0x534143500100000000000000070000002800000070D8E302A979E40201000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000088E80400000000000100000001000000 "C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe"=0x534143500100000000000000070000002800000080081200EB72120001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A0020000000000000100000001000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0740C001DB20C0001000000010000000000000A0021000059193B14E312D1010000000000000000 "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000C056030059BA030001000000000000000000030600010000E78E163C2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000007C9EDE83000000008A0000008A000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe"=0x5341435001000000000000000700000028000000033D04005414D2010300000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000052650000000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\vlc-2.2.4-win64.exe"=0x534143500100000000000000070000002800000098F6E301F152E4010100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000005E770100000000000100000001000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D8A4860035F3860001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BC050000000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe"=0x534143500100000000000000070000002800000090AF5C017A9F5D0101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000002C7E1300000000000100000001000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "SIGN.MEDIA=F861A92 Programmes installations\Windows\Apache_OpenOffice_4.1.2_Win_x86_install_fr.exe"=0x53414350010000000000000007000000280000008364E307000000000100000000000000000001067100000033504C2B57DFD10100000000000000000200000028000000000000000008004000000000000000000000000000000000DB480B00000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601001759020001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000345F2506000000004600000046000000 "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe"=0x534143500100000000000000070000002800000000960100491B020001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A8680100000000000F0000000F000000 "C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe"=0x534143500100000000000000070000002800000088091300F7AC130001000000000000000000000A7120000033504C2B57DFD1010000000000000000020000002800000000000000800000000000000000000000000000000000000008D60100000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\wrar540fr.exe"=0x5341435001000000000000000700000028000000A0941F00732C200001000000000000000000000A0021000033504C2B57DFD10100000080000000000200000028000000000000000000004000000000000000000000000000000000571D0100000000000100000001000000 "C:\Program Files (x86)\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000090E316006B2B170001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000464D0D00000000000A0000000A000000 "C:\Program Files\CCleaner\uninst.exe"=0x53414350010000000000000007000000280000008085020062E302000300000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BC340000000000000100000001000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000E0759700E487970001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000008D1AC505000000000500000005000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600AE40960001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000100000000000000000000000000000000053D34B01000000000600000006000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Users\brousseau isabelle\Downloads\adwcleaner_6.047.exe"=0x5341435001000000000000000700000028000000C8B73E0077C63E0001000000000000000000000A0021000033504C2B57DFD1010000000000000000 "F:\Program Files\CyberLink\YouCam\YouCam.exe"=0x5341435001000000000000000700000028000000602C030013EC03000100000000000000000001067122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009CAF0600000000000100000001000000 "C:\Program Files\Windows Media Player\wmpconfig.exe"=0x534143500100000000000000070000002800000000940100498F020001000000010000000000000A73220000D5B3B31A57DFD1010000000000000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000B04702002B28030001000000000000000000000600010000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000532CDF00000000003600000036000000 "C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100D7A3010001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000AB000000000000000300000003000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6917.0607_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000864400D0C0440001000000010000000000000A63220000E78E163C2AA0D2010000000000000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D0F2A6017F93A70101000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "SIGN.MEDIA=4A077269 LaunchU3.exe"=0x534143500100000000000000070000002800000038651400F5AB140001000000000000000000000671200000E63F486B2AA0D201000000000000000002000000280000000000000080000000001000000000000000000000000000006A310800000000000100000001000000 "C:\Program Files (x86)\OpenOffice 4\program\simpress.exe"=0x5341435001000000000000000700000028000000009601000EC7010001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000EEBA0100000000000200000002000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C0200FD5A030001000000010000000000000A61220000E63F486B2AA0D2010000000000000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D0A474012679750101000000000000000000000A00210000E63F486B2AA0D2010000000100000000 "C:\Users\brousseau isabelle\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x53414350010000000000000007000000280000005825160072B5160001000000000000000000000A00210000E78E163C2AA0D2010000000100000000 "C:\Users\brousseau isabelle\Downloads\adwcleaner_7.0.3.1.exe"=0x5341435001000000000000000700000028000000D0E57D0082347E0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D7980600000000000200000002000000 "C:\Users\brousseau isabelle\Downloads\AdsFix.exe"=0x5341435001000000000000000700000028000000A8F95A003A115B0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B8E00400000000000A0000000A000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D07591001008920001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000164F5D00000000000400000004000000 "C:\Program Files\HP\HP Deskjet 2540 series\Bin\hpqDTSS.exe"=0x534143500100000000000000070000002800000008AC60009B73610001000000000000000000030673220000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A4110000000000000100000001000000 "C:\Users\brousseau isabelle\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000C0C02000FFC0200001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000047380000000000000100000001000000 "C:\Users\brousseau isabelle\Downloads\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080FB2C00C8C62D0001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000CB791C00000000000100000001000000 "C:\Users\brousseau isabelle\Desktop\AdsFix.exe"=0x5341435001000000000000000700000028000000A8035B00D9F45B0001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000008BCFE500000000000100000001000000 "C:\Users\brousseau isabelle\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000000B23C0083113D0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"=32 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{0068808f-72a4-11e7-8285-e0db55d92aac}] : "E:\LaunchU3.exe" -a (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131447527827239382 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0xDC0392971965D101 "DisableAntiVirus"=1 "InstallLocation"=C:\Program Files\Windows Defender\ "LastEnabledTime"=0x1340BE5A852DD301 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:816::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:816::200e?: temps=15 ms R?ponse de 2a00:1450:4007:816::200e?: temps=13 ms R?ponse de 2a00:1450:4007:816::200e?: temps=18 ms R?ponse de 2a00:1450:4007:816::200e?: temps=19 ms Statistiques Ping pour 2a00:1450:4007:816::200e: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 13ms, Maximum = 19ms, Moyenne = 16ms ---------- | @ [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Cache_Update_Frequency"=Once_Per_Session "Local Page"=C:\Windows\system32\blank.htm "NoUpdateCheck"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3E0000003E0000009303000096020000 "ImageStoreRandomFolder"=6qa5rhp "Start Page Redirect Cache"=http://www.msn.com/fr-fr/?ocid=iehp "Start Page Redirect Cache_TIMESTAMP"=0x5487506C9868D101 "Start Page Redirect Cache AcceptLangs"=fr-FR "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x1625E984C298D101 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3B01000054000000BB03000034020000 "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "EdgeSwitchingOSBuildNumber"=10586.th2_release.160802-1857 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x492F0BB48F2DD301 "EmailName"=User@ "AutoConfigProxy"=wininet.dll "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "WarnOnPost"=0x01000000 "UseSchannelDirectly"=0x01000000 "EnableHttp1_1"=1 "UrlEncoding"=0 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ProxyHttp1.1"=1 "ProxyOverride"=*.local "WarNonBadCertReceving"=1 "WarNonHTTPSToHTTPRedirect"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Start Page"=http://www.google.com "DoNotTrack"=1 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\WINDOWS\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | Execution FileExts [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm] "Progid"=BaiduSparkHTML [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html] "Progid"=BaiduSparkHTML [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht] "Progid"=BaiduSparkHTML [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml] "Progid"=BaiduSparkHTML ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [11/10/2017 22:08:11] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [11/10/2017 22:08:11] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [18/03/2017 22:57:23] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "KnownProvidersUpgradeTime"=0x9C2DED79C298D101 "Version"=4 "UpgradeTime"=0x40E9487EC298D101 "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) - [] ---------- | SearchScopes [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects ---------- | Chrome C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\daanglpcpkjjlkhcbladppjphglbigam = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security (BETA) - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\brousseau isabelle\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\daanglpcpkjjlkhcbladppjphglbigam] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Citrix.com/npican] - (Citrix ICA Client Plugin) : C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{cfeb8dcf-969a-4cac-85b0-8e7679f14c03}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{cfeb8dcf-969a-4cac-85b0-8e7679f14c03}] "DhcpNameServer"=192.168.1.254 ---------- | Applications [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Classes\Applications\wmpconfig.exe] : "C:\Program Files\Windows Media Player\wmpconfig.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "Camera"=FrameS "DevicesFlow"=DevicesFlowUserSvc "smbsvcs"=lanmanserver browser [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DcomLaunch DeviceInstall "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) TokenBroker - %SystemRoot%\System32\TokenBroker.dll : %SystemRoot%\system32\svchost.exe -k netsvcs ---------- | Software [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\AppDataLow] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\AVAST Software] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Baidu] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Chromium] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Citrix] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Clients] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\CyberLink] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Google] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\HP] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Intel] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Macromedia] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Malwarebytes] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Mine] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\MozillaPlugins] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Norton] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\OpenOffice] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Policies] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Realtek] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\RegisteredApplications] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Synaptics] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\sysinternals] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Visan] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\WinRAR] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\WinRAR SFX] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Wow6432Node] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\ZHP] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AdsFix] [HKLM\Software\AVAST Software] [HKLM\Software\Clients] [HKLM\Software\Creative Tech] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\GEAR Software] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\HP] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Norton] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SRS Labs] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\Waves Audio] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Baidu] [HKLM\Software\WOW6432Node\Citrix] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\HP] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\RocketLife] [HKLM\Software\WOW6432Node\Visan] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\Waves Audio] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | Drives ---------- | C: [14/10/2017 20:01:32] - |SHD| - [258] - C:\$RECYCLE.BIN [26/11/2016 18:35:14] - |D| - [2380220109] - C:\AdsFix [MD5.3733B364DB209D47363E0CA44DC0B322] - [03/02/2017 21:54:40] - |A| - (.-.) - [16613] - (0.0.0.0) - C:\AdsFix_04_02_2017_00_42_13.txt [MD5.305FB27F8CBD3289D6C1EC986431D63C] - [14/10/2017 15:56:36] - |A| - (.-.) - [18237] - (0.0.0.0) - C:\AdsFix_14_10_2017_20_00_32.txt [MD5.863E3F93332635F4EC4989CC64A882D2] - [26/11/2016 18:38:43] - |A| - (.-.) - [16869] - (0.0.0.0) - C:\AdsFix_26_11_2016_20_28_47.txt [11/07/2016 20:42:05] - |D| - [10431550] - C:\AdwCleaner [MD5.0B17239B2E03F5AEA96929003CA22337] - [22/08/2013 17:44:03] - |RASH| - (.-.) - [404250] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [22/08/2013 17:44:04] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [22/08/2013 16:45:52] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [14/10/2017 20:00:32] - |ASH| - (.-.) - [1662316544] - (0.0.0.0) - C:\hiberfil.sys [12/02/2016 00:47:19] - |D| - [80148] - C:\Intel [13/02/2016 15:18:25] - |D| - [16355328] - C:\Logs [MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/02/2016 00:14:01] - |ASH| - (.-.) - [738197504] - (0.0.0.0) - C:\pagefile.sys [18/03/2017 23:03:28] - |D| - [0] - C:\PerfLogs [18/03/2017 23:03:28] - |RD| - [4991083335] - C:\Program Files [18/03/2017 23:03:28] - |RD| - [1168840870] - C:\Program Files (x86) [18/03/2017 23:03:29] - |HD| - [1344929118] - C:\ProgramData [20/10/2017 13:45:23] - |D| - [68696] - C:\QuickDiag [MD5.46D5349322E6AAFC4C3E163740369E9A] - [20/10/2017 13:45:42] - |A| - (.-.) - [155427] - (0.0.0.0) - C:\QuickDiag.txt [12/02/2016 00:17:34] - |SHD| - [257078712] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/02/2016 00:14:02] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [12/02/2016 00:14:00] - |SHD| - [0] - C:\System Volume Information [18/03/2017 13:40:20] - |RD| - [58067569934] - C:\Users [18/03/2017 13:40:20] - |D| - [20052251681] - C:\Windows ---------- | C:\WINDOWS [18/03/2017 23:03:29] - |D| - [802] - C:\WINDOWS\addins [18/03/2017 23:03:29] - |D| - [10017833] - C:\WINDOWS\appcompat [18/03/2017 23:03:29] - |D| - [12471860] - C:\WINDOWS\AppPatch [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\AppReadiness [18/03/2017 23:03:28] - |RD| - [434582882] - C:\WINDOWS\assembly [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [10/09/2016 18:07:42] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [18/03/2017 23:03:29] - |D| - [639657] - C:\WINDOWS\bcastdvr [MD5.293283CF350E00AF8C4A2770BDBF4D50] - [17/07/2017 10:17:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [64512] - (10.0.15063.413) - C:\WINDOWS\bfsvc.exe [18/03/2017 23:03:29] - |D| - [38059409] - C:\WINDOWS\Boot [MD5.CF1A4F409B5EFA67A3D090FB89A85C50] - [17/07/2017 09:41:59] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [18/03/2017 23:03:29] - |D| - [2447960] - C:\WINDOWS\Branding [18/03/2017 22:51:24] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.34F555FF470DF7EF9BCCD019F98F8DD2] - [17/07/2017 09:58:09] - |A| - (.-.) - [7125] - (0.0.0.0) - C:\WINDOWS\comsetup.log [MD5.F471CF70EE6D49C5650A4D5295531435] - [20/03/2017 07:12:07] - |A| - (.-.) - [34390] - (0.0.0.0) - C:\WINDOWS\Core.xml [18/03/2017 23:03:29] - |D| - [8970858] - C:\WINDOWS\Cursors [18/03/2017 23:03:29] - |D| - [15563607] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [17/07/2017 10:11:15] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [18/03/2017 23:03:29] - |D| - [4451066] - C:\WINDOWS\diagnostics [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [17/07/2017 10:11:15] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [20/03/2017 07:10:26] - |D| - [0] - C:\WINDOWS\DigitalLocker [18/03/2017 23:03:29] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [MD5.B6117E9640CD77E87C18F2468DFF6E8D] - [18/03/2017 23:05:44] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log [18/03/2017 23:03:29] - |HD| - [44632] - C:\WINDOWS\ELAMBKUP [20/03/2017 07:10:26] - |D| - [0] - C:\WINDOWS\en-US [MD5.01078D46C77CE0D7DC584A29062A799D] - [11/10/2017 10:45:45] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4848952] - (10.0.15063.674) - C:\WINDOWS\explorer.exe [18/03/2017 23:03:29] - |RSD| - [371818902] - C:\WINDOWS\Fonts [20/03/2017 07:10:26] - |D| - [109056] - C:\WINDOWS\fr-FR [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [18/03/2017 23:03:29] - |D| - [45967119] - C:\WINDOWS\Globalization [18/03/2017 23:03:29] - |D| - [1598646] - C:\WINDOWS\Help [MD5.E064A38A807C83ADC8AD9E1B54C85CF9] - [17/07/2017 10:17:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975360] - (10.0.15063.413) - C:\WINDOWS\HelpPane.exe [MD5.40CBB6FF53388188A2CDA538D5F26A59] - [18/03/2017 22:57:33] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.15063.0) - C:\WINDOWS\hh.exe [20/03/2017 07:11:49] - |D| - [14071088] - C:\WINDOWS\HoloShell [18/03/2017 23:03:29] - |D| - [173056880] - C:\WINDOWS\IME [18/03/2017 23:03:29] - |RD| - [8336344] - C:\WINDOWS\ImmersiveControlPanel [18/03/2017 23:01:21] - |D| - [59751715] - C:\WINDOWS\INF [18/03/2017 23:03:29] - |D| - [1362818487] - C:\WINDOWS\InfusedApps [18/03/2017 23:03:29] - |D| - [38340109] - C:\WINDOWS\InputMethod [18/03/2017 23:03:29] - |HD| - [77051791] - C:\WINDOWS\Installer [18/03/2017 23:03:29] - |D| - [94096] - C:\WINDOWS\L2Schemas [18/03/2017 23:03:29] - |D| - [1796165452] - C:\WINDOWS\LiveKernelReports [18/03/2017 13:40:24] - |D| - [55379446] - C:\WINDOWS\Logs [18/03/2017 23:03:29] - |RSD| - [20316123] - C:\WINDOWS\Media [22/08/2013 17:36:31] - |D| - [1619968] - C:\WINDOWS\MediaViewer [MD5.23AF90D2355D8C83AA4567EF1763B467] - [18/03/2017 22:57:03] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [18/03/2017 23:03:28] - |RD| - [599544790] - C:\WINDOWS\Microsoft.NET [18/03/2017 23:03:29] - |D| - [2938] - C:\WINDOWS\Migration [18/03/2017 23:03:29] - |RD| - [487308] - C:\WINDOWS\MiracastView [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.F60A9D3A9461F68DE0FCCEBB0C6CB31A] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [246784] - (10.0.15063.0) - C:\WINDOWS\notepad.exe [20/03/2017 07:11:22] - |D| - [199472] - C:\WINDOWS\OCR [18/03/2017 23:03:29] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [16/07/2017 21:17:52] - |DC| - [226662070] - C:\WINDOWS\Panther [18/03/2017 23:03:29] - |D| - [29358347] - C:\WINDOWS\Performance [MD5.6FAA98CED94FD2A768250AAD592ED7C5] - [07/12/2016 21:28:18] - |A| - (.-.) - [334574] - (0.0.0.0) - C:\WINDOWS\PFRO.log [18/03/2017 23:03:29] - |D| - [1136442] - C:\WINDOWS\PLA [18/03/2017 23:03:29] - |D| - [2730616] - C:\WINDOWS\PolicyDefinitions [17/07/2017 09:41:23] - |D| - [19927654] - C:\WINDOWS\Prefetch [18/03/2017 23:03:29] - |RD| - [2168600] - C:\WINDOWS\PrintDialog [18/03/2017 23:03:29] - |D| - [2882474] - C:\WINDOWS\Provisioning [MD5.A3B1FC6C72EA944C2E1B359A19CB40AB] - [18/03/2017 22:57:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [321024] - (10.0.15063.0) - C:\WINDOWS\regedit.exe [18/03/2017 23:03:29] - |D| - [1117876] - C:\WINDOWS\Registration [18/03/2017 23:03:29] - |D| - [9540123] - C:\WINDOWS\rescache [18/03/2017 23:03:29] - |D| - [3903988] - C:\WINDOWS\Resources [MD5.D83D4D9099D8A9175F975EE21DFEB164] - [14/03/2016 06:51:42] - |A| - (.TODO: (c) . - RtCRU.) - [4339456] - (1.12.0.0) - C:\WINDOWS\RtCRU64.exe [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\SchCache [18/03/2017 23:03:29] - |D| - [121229] - C:\WINDOWS\schemas [18/03/2017 23:03:29] - |D| - [9752344] - C:\WINDOWS\security [17/07/2017 10:08:38] - |D| - [40757170] - C:\WINDOWS\ServiceProfiles [18/03/2017 13:40:20] - |D| - [109576178] - C:\WINDOWS\servicing [18/03/2017 23:06:43] - |D| - [42] - C:\WINDOWS\Setup [MD5.62CD7997D878E4D4931E88AA247C17F4] - [17/07/2017 09:43:27] - |A| - (.-.) - [29128] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D060131CD55776F1C058590263CFF30E] - [17/07/2017 09:43:27] - |A| - (.-.) - [168] - (0.0.0.0) - C:\WINDOWS\setuperr.log [18/03/2017 23:03:29] - |D| - [41940480] - C:\WINDOWS\ShellExperiences [20/03/2017 07:11:06] - |D| - [3070736] - C:\WINDOWS\SKB [12/02/2016 00:28:31] - |D| - [612981869] - C:\WINDOWS\SoftwareDistribution [18/03/2017 23:03:29] - |D| - [86037185] - C:\WINDOWS\Speech [18/03/2017 23:03:29] - |D| - [58890509] - C:\WINDOWS\Speech_OneCore [MD5.31F324879B791EBF76E0005D1ABDE10E] - [18/03/2017 22:58:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.15063.0) - C:\WINDOWS\splwow64.exe [18/03/2017 23:03:29] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 15:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [18/03/2017 13:40:20] - |D| - [5210623216] - C:\WINDOWS\System32 [18/03/2017 23:03:29] - |D| - [189837972] - C:\WINDOWS\SystemApps [18/03/2017 23:03:29] - |D| - [19464191] - C:\WINDOWS\SystemResources [18/03/2017 13:40:24] - |D| - [1284914960] - C:\WINDOWS\SysWOW64 [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\TAPI [22/08/2013 17:36:30] - |D| - [270] - C:\WINDOWS\Tasks [18/03/2017 23:03:29] - |D| - [35989] - C:\WINDOWS\Temp [22/08/2013 17:36:30] - |RD| - [0] - C:\WINDOWS\ToastData [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\tracing [18/03/2017 23:03:29] - |D| - [5105406] - C:\WINDOWS\twain_32 [MD5.C0792EA1BA08CA6E6420C9BB8E14CB3E] - [18/03/2017 22:58:54] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [17/06/2017 19:17:02] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2 [22/08/2013 17:36:30] - |D| - [0] - C:\WINDOWS\vpnplugins [18/03/2017 23:03:29] - |D| - [12420] - C:\WINDOWS\Vss [18/03/2017 23:03:30] - |D| - [15729830] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [22/08/2013 15:25:43] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [18/03/2017 22:58:27] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [07/12/2016 21:20:33] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.6E6947D6368FA11E9146C4767F31286E] - [18/03/2017 22:58:42] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.15063.0) - C:\WINDOWS\winhlp32.exe [18/03/2017 13:40:20] - |D| - [6898021284] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [18/03/2017 22:56:51] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.ECEB16331FDDE0EBD7BE30BE085AD3D9] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.15063.0) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [MD5.E12324ACF507ACE937B7FEC19E97D9AE] - [16/02/2016 11:02:33] - |A| - (.-.) - [127] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\GPT.INI [16/02/2016 11:02:33] - |D| - [94] - C:\WINDOWS\System32\GroupPolicy\Machine [16/02/2016 11:02:33] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [16/02/2016 11:02:18] - C:\WINDOWS\Installer\16dbdfe8.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/10/2015 17:37:24] - C:\WINDOWS\Installer\238aa8a2.msi : (OpenOffice 4.1.2 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2016 06:08:32] - C:\WINDOWS\Installer\25b36e6b.msi : (Citrix Receiver Inside - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2016 06:08:32] - C:\WINDOWS\Installer\25b36e6e.msi : (Citrix Receiver Inside - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2016 07:09:56] - C:\WINDOWS\Installer\25b36e73.msi : (Online Plug-in - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2016 07:17:32] - C:\WINDOWS\Installer\25b36e77.msi : (Citrix Receiver(USB) - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2016 06:57:52] - C:\WINDOWS\Installer\25b36e7b.msi : (Citrix Desktop Viewer Installer - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2016 06:35:56] - C:\WINDOWS\Installer\25b36e7f.msi : (Citrix Receiver (HDX Flash Redirection) - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2016 07:18:10] - C:\WINDOWS\Installer\25b36e83.msi : (Citrix Receiver(Aero) - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2016 07:29:42] - C:\WINDOWS\Installer\25b36e87.msi : (Citrix Authentication Manager for Windows - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2016 06:08:36] - C:\WINDOWS\Installer\25b36e8b.msi : (Self-service Plug-in - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2016 06:08:36] - C:\WINDOWS\Installer\25b36e8f.msi : (Citrix Web Helper - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/07/2013 10:58:06] - C:\WINDOWS\Installer\4d088031.msi : (HP FWUpdateEDO2 - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/05/2017 13:46:33] - C:\WINDOWS\Installer\5daeb3db.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/03/2014 04:14:11] - C:\WINDOWS\Installer\fe8cb06.msi : (HP Deskjet 2540 series Basic Device Software - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/03/2014 04:17:18] - C:\WINDOWS\Installer\fe8cb0b.msi : (Product Improvement Study for HP Deskjet 2540 series - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/06/2013 21:29:12] - C:\WINDOWS\Installer\fe8cb10.msi : (HP Update - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/12/2012 22:50:58] - C:\WINDOWS\Installer\fe8cb15.msi : (HP Deskjet 2540 series Get product specific help to easily troubleshoot and fix problems. - Hewlett Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [18/03/2017 22:56:50] - [3458] - C:\WINDOWS\System32\ieuinit.inf [17/07/2017 10:02:56] - [2051602] - C:\WINDOWS\System32\PerfStringBackup.INI [18/03/2017 22:58:24] - [60124] - C:\WINDOWS\System32\tcpmon.ini [18/03/2017 22:57:50] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [18/03/2017 22:59:49] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [18/03/2017 22:58:48] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.A681527B9F23DD5F1A6C8D3F621E814E] - |A| - [18/03/2017 22:57:20] - (.-.) - [14.73 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb [MD5.E5D7B16B4C8AECA217E8F5B1CFA5DC97] - |A| - [09/08/2017 20:52:54] - (.-.) - [553.78 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [14/10/2017 16:03:37] - [0 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/10/2017 20:13:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser4.58.2552.909_0SZBrowser_autoupdate.download.lock [MD5.00000000000000000000000000000000] - |D| - [14/10/2017 20:03:33] - [8.17 Ko] - C:\WINDOWS\Temp\HP [MD5.00000000000000000000000000000000] - |D| - [24/07/2017 19:37:44] - [26.98 Ko] - C:\WINDOWS\Temp\SafeZone Installer [MD5.00000000000000000000000000000000] - |D| - [17/07/2017 09:55:43] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:57:42] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [18/03/2017 22:58:18] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [18/03/2017 22:57:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:17] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:21] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [18/03/2017 22:58:18] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [18/03/2017 22:57:53] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [18/03/2017 22:56:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:24] - [2979.4 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.E21E74D118E16FF9BA42A6F87F34E9B0] - |A| - [18/03/2017 22:57:00] - (.-.) - [435.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2480.52 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.E5555B741B28425992E8CC2AE6DFCB37] - |A| - [11/10/2017 22:08:40] - (.Copyright (c) 2014 AVAST Software - Avast start-up scanner.) - [392.08 Ko] - (17.7.3660.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.EFFD0ABB4DDD2CCDD511F903D042AD5B] - |A| - [18/03/2017 22:57:05] - (.-.) - [77.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4547.65 Ko] - C:\WINDOWS\System32\Boot [MD5.3B7D067144F242117B7DE592B9466BC7] - |A| - [13/07/2016 17:47:38] - (.Qualcomm Atheros Communications Inc. - Qualcomm Atheros Bluetooth Driver Coinstaller.) - [262.74 Ko] - (1.0.0.0) - C:\WINDOWS\System32\btcoinst.dll [MD5.62AF8B80DD43C5F6576E68B987BC9217] - |A| - [13/07/2016 17:47:38] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [265.23 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll [MD5.DCC2E4D9E18D28D6B9EA0830418A5FCE] - |A| - [13/07/2016 17:47:38] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [96.24 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll.muien-US [MD5.B13766AFE48C3CF775F53CE90488F7DE] - |A| - [18/03/2017 22:57:03] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [90.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops [MD5.4B307488C9D3D1030DEC61FA4DAC7EE0] - |RA| - [18/03/2017 22:59:10] - (.-.) - [116.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureBrackets.hcp [MD5.DC112F4CFDF23AAF5CB0F46BE92CB1CE] - |RA| - [18/03/2017 22:59:10] - (.-.) - [122.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureCountdown.hcp [MD5.F80C2CB1D5A28528D662B0DDF440F0F3] - |RA| - [18/03/2017 22:59:10] - (.-.) - [17.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureToast.hcp [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [51255.26 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [42615.84 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [3009.91 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [357.5 Ko] - C:\WINDOWS\System32\Com [MD5.4F670FBCB38ADF9C18208E72D48B018F] - |A| - [04/08/2015 00:21:46] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [127.95 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [334396.68 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [295 Ko] - C:\WINDOWS\System32\da-DK [MD5.75BC227ACD70C906785DB11F853165E4] - |A| - [18/03/2017 22:58:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [190.86 Ko] - C:\WINDOWS\System32\DDFs [MD5.7EB011CB243BCB7C406B0614F030879F] - |A| - [04/08/2015 00:24:16] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [277.27 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.6622C412E26D8FD0494D568C6F886CF5] - |A| - [04/08/2015 00:24:16] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1945.1 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.FD5605A96E4AC7BE9F81D8382E16D862] - |A| - [04/08/2015 00:24:16] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [331.19 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.1AED24C4903AF8D4D56DCB04B7CC6382] - |A| - [04/08/2015 00:21:48] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6938.37 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [333 Ko] - C:\WINDOWS\System32\de-DE [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [18/03/2017 22:57:05] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [18/03/2017 23:03:37] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [21/11/2014 00:55:50] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dfpinc.dat [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [870 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.E82380D30048D73E4D4CB8C925F6E721] - |A| - [18/03/2017 22:57:58] - (.-.) - [90.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [7526.04 Ko] - C:\WINDOWS\System32\Dism [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [1126.54 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:02:55] - [107683.45 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [1617590.23 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [159 Ko] - C:\WINDOWS\System32\dsc [MD5.058B517DD0EE6C0913C5F14BCC54BA7B] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [741.41 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll [MD5.2F54C1DAA74E3A0E6824129099AAAFA3] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS Boost COM DLL.) - [1494.99 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll [MD5.58F3D02F053BDF12CDEEB6B1F457610C] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [443.21 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll [MD5.10E62390A2AD87B2FE4E7FFB6EA1117A] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS GFX APO.) - [258.76 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll [MD5.6250ADADF5131D351EADAB6B4306AB2E] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS GFX APO.) - [257.76 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll [MD5.DD2F36194E3149205AAED2FDE78EE79F] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS LFX APO.) - [258.69 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll [MD5.8D7BF9A2EBE56A6A8178F11E7E1511D2] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS Limiter COM DLL.) - [447.28 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll [MD5.DA117AF4A3E443D6145E6FAB4B359B16] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [505.34 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll [MD5.6CC422AEC94E1E7B0176A359841F39AA] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1575.9 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll [MD5.B9979C472DD6640F975F756FFD5ED266] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1762.63 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll [MD5.906427EB752B8D1CCCDA09855995F667] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS Symmetry COM DLL.) - [725.13 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll [MD5.C57683FAA0083A941FE6373D51087D68] - |A| - [04/08/2015 00:24:16] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [706.28 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll [MD5.580440DB5255D163F835FD4EC982C44F] - |A| - [13/09/2017 22:13:25] - (.-.) - [31.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [329.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.F79F9B2EE5D560FE1D9988EDFDD38EE0] - |A| - [22/05/2016 11:31:23] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [242.5 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2162.53 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [322 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [266 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [239 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [28452.16 Ko] - C:\WINDOWS\System32\F12 [MD5.3F17BC60834ADC5A57D420700C306C67] - |A| - [11/10/2017 10:46:45] - (.-.) - [48.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.1EDD61D50B4A20B0249B99E949F38A8A] - |A| - [17/07/2017 09:40:11] - (.-.) - [246.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [3402.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [44651.58 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [18/03/2017 22:57:02] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.E67DA43B4CF8E15291E4F0D5C42EA1A0] - |A| - [19/05/2016 11:44:42] - (.-.) - [162.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ar-SA.resources [MD5.51470B9F0EFCBE5A80A8B501197CA0E2] - |A| - [19/05/2016 11:44:42] - (.-.) - [138.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.cs-CZ.resources [MD5.A2BCCE562367DCDA44797A6431155E9D] - |A| - [19/05/2016 11:44:42] - (.-.) - [133.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.da-DK.resources [MD5.2FC2E0417502F50636DE03818AC83E37] - |A| - [19/05/2016 11:44:42] - (.-.) - [143.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.de-DE.resources [MD5.78C2B4C49F955534DDDFDCA2C46BE843] - |A| - [19/05/2016 11:44:42] - (.-.) - [205.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.el-GR.resources [MD5.EBD3437D5EDB8404E1E86F2552F4E458] - |A| - [19/05/2016 11:44:42] - (.-.) - [129.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.en-US.resources [MD5.1D724422FD031FC348380DF30565F378] - |A| - [19/05/2016 11:44:42] - (.-.) - [143.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.es-ES.resources [MD5.167C2A4CF15A1A6A6192798B0BBA64B5] - |A| - [19/05/2016 11:44:42] - (.-.) - [138.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.fi-FI.resources [MD5.F3EB742B8D75E8BAB4DB0271BEFBFA65] - |A| - [19/05/2016 11:44:42] - (.-.) - [142.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.fr-FR.resources [MD5.1924F5EE8CCA6761850DA2A1FB5E9233] - |A| - [19/05/2016 11:44:42] - (.-.) - [155.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.he-IL.resources [MD5.1AD276140AC09C73466542E197DFFBDC] - |A| - [19/05/2016 11:44:42] - (.-.) - [137.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.hr-HR.resources [MD5.2FFAE506730EF37784F3667CA4EA121E] - |A| - [19/05/2016 11:44:42] - (.-.) - [140.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.hu-HU.resources [MD5.2112A985F703196DB48042E2C3478849] - |A| - [19/05/2016 11:44:42] - (.-.) - [146.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.it-IT.resources [MD5.3D16226F3B3C353C8DED165C93881CD7] - |A| - [19/05/2016 11:44:42] - (.-.) - [159.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ja-JP.resources [MD5.F848E84794792910171CB966CACD5869] - |A| - [19/05/2016 11:44:42] - (.-.) - [144.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ko-KR.resources [MD5.D4F9A73A2D7A53B33B79B25D2C7F54A8] - |A| - [19/05/2016 11:44:42] - (.-.) - [134.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.nb-NO.resources [MD5.2CB895F3DD7239DF6785796E56FFF6EE] - |A| - [19/05/2016 11:44:42] - (.-.) - [140.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.nl-NL.resources [MD5.C22FC0D4D4DA401026C55BCF142E9EAA] - |A| - [19/05/2016 11:44:42] - (.-.) - [139.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.pl-PL.resources [MD5.61884D76B03DE138C45CE6BC826B261A] - |A| - [19/05/2016 11:44:42] - (.-.) - [140.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.pt-BR.resources [MD5.0345103583BA5A28A74297C583D6B72B] - |A| - [19/05/2016 11:44:42] - (.-.) - [139.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.pt-PT.resources [MD5.740CFD4AEDA63ED5A902C4012F634811] - |A| - [19/05/2016 11:44:42] - (.-.) - [142.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ro-RO.resources [MD5.3B98DE17467E57264FB67BAAE9FC99D1] - |A| - [19/05/2016 11:44:42] - (.-.) - [189.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ru-RU.resources [MD5.9AD3600A8802547DCA1395BF01F17D0C] - |A| - [19/05/2016 11:44:42] - (.-.) - [138.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.sk-SK.resources [MD5.ABA254E3CD5D35E6BDC98E21B754E46B] - |A| - [19/05/2016 11:44:42] - (.-.) - [134.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.sl-SI.resources [MD5.077B93A3728B0ED69F752D467EB5C432] - |A| - [19/05/2016 11:44:42] - (.-.) - [139.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.sv-SE.resources [MD5.96AAA779DA7D78893479BD24969E7644] - |A| - [19/05/2016 11:44:42] - (.-.) - [218.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.th-TH.resources [MD5.602AD24EE7F5C071C5F59EC6E510F10D] - |A| - [19/05/2016 11:44:42] - (.-.) - [141.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.tr-TR.resources [MD5.93A5633BA17BBE1726871BD5EA2B15CD] - |A| - [19/05/2016 11:44:42] - (.-.) - [121.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.zh-CN.resources [MD5.E5FC52A12691FB17D790C08E21150AEC] - |A| - [19/05/2016 11:44:42] - (.-.) - [123.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.zh-TW.resources [MD5.12BCB2A86CB2570F3603D68AE695E970] - |A| - [19/05/2016 11:44:42] - (.-.) - [0.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxUI.exe.config [MD5.00000000000000000000000000000000] - |HD| - [22/08/2013 17:36:31] - [0.22 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.762F865F75F21FCB260E7C95404B5110] - |A| - [18/03/2017 22:58:18] - (.-.) - [122.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.7B7859030FF4D38A912A7BCC4A1B3B5E] - |A| - [18/03/2017 22:59:09] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyStub.dll [MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [18/03/2017 22:58:01] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.19A800CAA49DFE29BABC1BAF7723A044] - |A| - [09/03/2017 02:16:04] - (.-.) - [109.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IccLibDll_x64.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.DD6A58ACF58557F6546BED42D7ED0B40] - |A| - [09/03/2017 02:16:06] - (.-.) - [116.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdde64.dll [MD5.925C5390A68D279D9E84101D82D1969A] - |A| - [09/03/2017 02:16:06] - (.Copyright (C) 2012 - CM Runtime Dynamic Link Library (DX11).) - [579.63 Ko] - (2.4.0.1020) - C:\WINDOWS\System32\igfx11cmrt64.dll [MD5.47E704080C9F891AA2F176E8F31CAF91] - |A| - [09/03/2017 02:16:08] - (.Copyright (C) 2010 - 2011 - CM JIT Dynamic Link Library.) - [3446.63 Ko] - (2.4.0.1020) - C:\WINDOWS\System32\igfxcmjit64.dll [MD5.E0C1A56B986E2B0E7C9F59C7FD2522A1] - |A| - [09/03/2017 02:17:06] - (.Copyright (C) 2010 - 2012 - CM Runtime Dynamic Link Library.) - [1060.95 Ko] - (2.4.0.1020) - C:\WINDOWS\System32\igfxcmrt64.dll [MD5.F5490A23C96AC4C6C825B5392F7FAA40] - |A| - [01/06/2015 21:00:38] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [122 Ko] - (1.2.30.0) - C:\WINDOWS\System32\igfxCoIn_v4229.dll [MD5.63AB75BD87466A6CFE6B18DC308C478D] - |A| - [09/03/2017 02:16:10] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [131.13 Ko] - (1.2.30.0) - C:\WINDOWS\System32\igfxCoIn_v4459.dll [MD5.8935F0C8CD09D0520AF28A0E63D5BB00] - |A| - [09/03/2017 02:16:08] - (.-.) - [27.13 Ko] - (1.0.0.0) - C:\WINDOWS\System32\IGFXDEVLib.dll [MD5.40DFD4CFB98AB5E4666B0F607CB64921] - |A| - [19/05/2016 11:41:40] - (.-.) - [1935.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa [MD5.828C46F74BB7248FF401471D072BB751] - |A| - [19/05/2016 11:41:40] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp [MD5.55632EAD6A6C6708C6671D4622454EDB] - |A| - [19/05/2016 11:41:40] - (.-.) - [57.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp [MD5.555B90CAEC4AE1D3140338CF2D16A11B] - |A| - [19/05/2016 11:41:40] - (.-.) - [57.72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp [MD5.6FBF733E8ACB2F13407DD9582217F720] - |A| - [19/05/2016 11:41:40] - (.-.) - [58.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp [MD5.ECE7DBF87A6E24AC8A680064FFAE5A58] - |A| - [19/05/2016 11:41:40] - (.-.) - [57.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp [MD5.48434EAFE70409D261DAF5AD244F03CA] - |A| - [19/05/2016 11:41:40] - (.-.) - [58.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp [MD5.9D068CF01FC9A74EF3ACAEC779962B0C] - |A| - [19/05/2016 11:41:40] - (.-.) - [56.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp [MD5.40EA0A3BBDBAE952D47B433090B0F031] - |A| - [19/05/2016 11:58:18] - (.-.) - [16.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp [MD5.6DF9BA3AD0CD866EE939C4C49CEA7B30] - |A| - [18/03/2017 22:57:35] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [25851.17 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.479B7966309A411BF4FC34898AC96557] - |A| - [18/03/2017 22:58:10] - (.-.) - [134.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6541 Ko] - C:\WINDOWS\System32\InputMethod [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [326.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [236 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [233.5 Ko] - C:\WINDOWS\System32\ko-KR [MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [18/03/2017 22:57:05] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [79.18 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [18872.42 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [244.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [246.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [29989.69 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.75BF511287538F1155D1577C8D0333EF] - |A| - [04/08/2015 00:24:18] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [334.26 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.9FAE061B7A12D062991780812EB6B615] - |A| - [04/08/2015 00:24:18] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [676.79 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.D242764A692D7011AE904D915A18C54A] - |A| - [04/08/2015 00:24:18] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1155.62 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll [MD5.F28E8BD57773DA4942C7C1AFFF1787F3] - |A| - [04/08/2015 00:24:18] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1202.39 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll [MD5.6B60DFE00F6864081EC29C8A1D3D96BC] - |A| - [04/08/2015 00:24:18] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1383.63 Ko] - (6.1.12.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll [MD5.B96274E10EDB3CA0F1E7F6D7F391A5AF] - |A| - [04/08/2015 00:21:48] - (.Copyright © 1996-2014 -.) - [2010.63 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.D58BC0F71762B576B1D2CEFC485A5FB6] - |A| - [04/08/2015 00:21:48] - (.(c) Waves Audio Ltd. -.) - [3622.13 Ko] - (4.1.6.0) - C:\WINDOWS\System32\MaxxAudioMeters64.exe [MD5.B4102FE6B68EC61E9E71FBC4B7C79DB8] - |A| - [04/08/2015 00:21:48] - (.Copyright (C) 2013 - MaxxAudioVienna2.) - [207.28 Ko] - (1.0.7.0) - C:\WINDOWS\System32\MaxxAudioVienna264.dll [MD5.041177A6CC86570ADB4F51CB82ED552A] - |A| - [04/08/2015 00:24:18] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [991.8 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll [MD5.7F8ADC12A84D7C872017F1B32F3F938B] - |A| - [04/08/2015 00:24:18] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12932.5 Ko] - (3.1.13.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll [MD5.FC06E7B353B32712E71C7AAC2C733A83] - |A| - [04/08/2015 00:24:18] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [676.29 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll [MD5.CA9ECB75AF510B30C5BC86FEDC640C8A] - |A| - [04/08/2015 00:24:18] - (.Copyright (c) 2006-2013 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [1954.16 Ko] - (1.2.16.81) - C:\WINDOWS\System32\MBAPO264.dll [MD5.2AE0CDDF411CA15DBE47E3A359FAC39B] - |A| - [04/08/2015 00:24:18] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [909.03 Ko] - (1.0.62.0) - C:\WINDOWS\System32\MBAPO64.dll [MD5.F9EDBA29BC133222B92AE179A49F4DC4] - |A| - [04/08/2015 00:24:18] - (.Copyright (c) 2006-2008 Creative Technology Ltd. - Creative Chaining Property Page Loader Module.) - [77.44 Ko] - (1.0.0.110) - C:\WINDOWS\System32\MBPPCn64.dll [MD5.39515D07688AD1A5ACD2B146A89D9A09] - |A| - [04/08/2015 00:24:18] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Property Page Loader Module.) - [82.08 Ko] - (1.0.58.0) - C:\WINDOWS\System32\MBppld64.dll [MD5.FFED99DB5805637345A0FCF68BB0F99F] - |A| - [09/08/2017 20:54:36] - (.-.) - [760 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.3879C23FA0D3A5281EEB12194442E59D] - |A| - [04/08/2015 00:24:18] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [641.9 Ko] - (1.0.15.175) - C:\WINDOWS\System32\MBTHX64.dll [MD5.7F60F79717479FCAA56C551B9AF721AB] - |A| - [04/08/2015 00:24:18] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [412.53 Ko] - (1.0.0.270) - C:\WINDOWS\System32\MBWrp64.dll [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [18/03/2017 22:57:05] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [17/07/2017 10:08:38] - [11.04 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5497.13 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [47457.12 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [16/02/2016 15:12:05] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4228.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [640 Ko] - C:\WINDOWS\System32\NDF [MD5.7AD110A6AC8DDAF2672BB52E69BA2B54] - |A| - [17/07/2017 09:40:27] - (.-.) - [31.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [18/03/2017 22:57:02] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [16570.66 Ko] - C:\WINDOWS\System32\Nui [MD5.C9246EF96F14CB2F0C393F73A20590D8] - |A| - [18/03/2017 23:03:38] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [11/10/2017 10:46:38] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [11/10/2017 10:46:38] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [11/10/2017 10:46:38] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.2901049544FDF863362FABA2363EB647] - |A| - [18/03/2017 22:57:12] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [13396.42 Ko] - C:\WINDOWS\System32\oobe [MD5.42D2360079B1DF3230024AE920737367] - |A| - [18/03/2017 22:57:05] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.8D97CFBC87F06E4D544FA8692016CA98] - |A| - [18/03/2017 23:05:34] - (.-.) - [166.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.FBEED8DDFE6B739623A27E3EAB709A81] - |A| - [20/03/2017 07:10:29] - (.-.) - [187.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [18/03/2017 23:05:34] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [20/03/2017 07:10:29] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.E7C107D85843619FF2A44614FD0D3CD8] - |A| - [18/03/2017 23:05:34] - (.-.) - [728.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.1DC8284E1334B245D13EB3458D120051] - |A| - [20/03/2017 07:10:29] - (.-.) - [922.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.D2D83595D6D739A50B5420839115AB5B] - |A| - [17/07/2017 10:02:56] - (.-.) - [2003.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [310 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [634.5 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [18/03/2017 22:57:54] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311.5 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [307 Ko] - C:\WINDOWS\System32\pt-PT [MD5.42516A3156BADBF03D5ADECAAFD6A85B] - |A| - [04/08/2015 00:24:18] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [140.8 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.CF5DE40D23D46CB8DE4E51ED13AB24B8] - |A| - [04/08/2015 00:24:18] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [449.65 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.56AB869A5CCF01290FBBD43518D5E4B7] - |A| - [04/08/2015 00:24:18] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [91.96 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.F65B296395303FC47F898BD0919AC9E4] - |A| - [04/08/2015 00:24:18] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [158.16 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.4BDE19772FD3EEF42B4455470AC43EBD] - |A| - [04/08/2015 00:21:48] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7013.3 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof [MD5.D9DF00023703568AE6B4303E3C5C90BB] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.99C7924C7268BABB5C4E3CFD2EE03331] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [11/10/2017 10:46:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [11/10/2017 10:46:39] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [11/10/2017 10:46:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.A5C241E09F28CD949410C598DB3733C8] - |A| - [04/08/2015 00:24:18] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [325.48 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.EDE434CD0A6CDE4FB38DD777DD580BD5] - |A| - [04/08/2015 00:24:18] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [325.48 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.BE80F318D5722C52B08FB150299C04E5] - |A| - [14/03/2016 06:51:44] - (.Copyright (C) 2014 - RtCRX.) - [89.75 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll [MD5.57AB299130B2AA8AD7A2AFC1F114BEAA] - |A| - [04/08/2015 00:24:18] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [220.22 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.99153C3BA37648A92D57F8C8D5AE905C] - |A| - [04/08/2015 00:24:18] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [95.68 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.EAD62F2BDBA154861F5501AC05EA020C] - |A| - [04/08/2015 00:24:18] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [117.89 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.86FC3DA55EDBC0116B750FFFDB85D6A1] - |A| - [04/08/2015 00:24:18] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [390.1 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [18/03/2017 22:59:52] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [11/10/2017 10:46:38] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [11/10/2017 10:46:38] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [11/10/2017 10:46:38] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [18/03/2017 22:58:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [253 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [249 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [17/07/2017 09:40:17] - [39260.1 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [18/03/2017 22:57:05] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [11/10/2017 10:46:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [11/10/2017 10:46:39] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [11/10/2017 10:46:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.76F8BDA4D4AA4AA4C4D84C2E2660E6FF] - |A| - [18/03/2017 22:57:05] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7504.91 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [11677.73 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [91162.92 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4554.74 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [31.88 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [367.23 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.5128BC123224124D67397A1BE698431C] - |A| - [18/03/2017 22:57:16] - (.-.) - [56.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.83355A91F58A6CE21306A8EB3700989C] - |A| - [04/08/2015 00:24:20] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [214.98 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.00000000000000000000000000000000] - |D| - [17/07/2017 09:44:22] - [2390.59 Ko] - C:\WINDOWS\System32\SRSLabs [MD5.EB87A6767DD0FA015B12D2794A8AFAD9] - |A| - [04/08/2015 00:24:20] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [227.26 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.6C897FCD7572FB61E9E05ADB2FF92B92] - |A| - [04/08/2015 00:24:20] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [533.03 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.9285E398676D7F0844FAC985D6CAE0D9] - |A| - [04/08/2015 00:24:20] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [172.34 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [17624 Ko] - C:\WINDOWS\System32\sru [MD5.E042A078EDE878E1F489D08F045D2205] - |A| - [18/03/2017 22:57:05] - (.-.) - [368.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [296 Ko] - C:\WINDOWS\System32\sv-SE [MD5.1B54EE6C27169170CDAADF43F7121871] - |A| - [19/08/2016 00:59:32] - (.Copyright (C) Synaptics Incorporated 1996-2015 - SynCOM.) - [755.19 Ko] - (19.0.9.4) - C:\WINDOWS\System32\SynCOM.dll [MD5.9819843420E01DCE568ADE8CF6EDDDBD] - |A| - [19/08/2016 00:59:32] - (.Copyright (C) Synaptics Incorporated 1996-2015 - SynTPAPI.) - [270.19 Ko] - (19.0.9.4) - C:\WINDOWS\System32\SynTPAPI.dll [MD5.285FC9095FA9721AE42E8DEEA60D930A] - |A| - [19/08/2016 00:59:32] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics Pointing Device Driver Co-Installer.) - [257.69 Ko] - (19.0.9.4) - C:\WINDOWS\System32\SynTPCo29.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [1595.21 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [906.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [566.31 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [537.24 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [18/03/2017 22:58:24] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [234 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [293 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [18/03/2017 22:58:18] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [18/03/2017 22:58:18] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [247 Ko] - C:\WINDOWS\System32\uk-UA [MD5.00000000000000000000000000000000] - |D| - [09/07/2017 21:27:33] - [2199.72 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [85200.05 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [97050.28 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [18/03/2017 22:57:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [0 Ko] - C:\WINDOWS\System32\wfp [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [76166.45 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.558D9282D5CEA82B2253B88017552F33] - |A| - [18/03/2017 22:58:18] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [14.53 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Media.Shared [MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [27.59 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Shared [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [9310.21 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [132836 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4753.58 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [18/03/2017 22:58:17] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.19820EEC2D1A4D264F051B789F79D51A] - |A| - [17/07/2017 10:17:02] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [208 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [203 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:58:44] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:54] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:51] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:24] - [1998.91 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [234 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [314 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5.35 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [275 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.FF408DBB606ED4D1F94E2FB610F268FD] - |A| - [20/06/2016 20:04:52] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\debug.log [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [201.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5929.02 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1077.55 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [3395.65 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [306.5 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [223 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1550.03 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [244.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [220 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [24159.66 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [3149 Ko] - C:\WINDOWS\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [250.5 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [37324.12 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.4057880778B8EEC99C4FDB493C8FDF8F] - |A| - [20/02/2016 13:20:57] - (.-.) - [4.62 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\generic_uninstaller.log [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.01 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [243 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.2927ADFC93821B344BA524BCF9889A51] - |A| - [18/03/2017 22:58:54] - (.-.) - [109.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [229 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [283 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.24E1434E899B3EC4E3CD4CA56AA63BC6] - |A| - [18/03/2017 22:58:54] - (.-.) - [114.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [221.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [305 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [222.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [220.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [79.18 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [224.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [24467.63 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.3454EBB2B716D769D752D02690D50B00] - |A| - [04/08/2015 00:24:18] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [11842.73 Ko] - (3.1.13.0) - C:\WINDOWS\SysWOW64\MaxxVoiceAPO30.dll [MD5.609C0C35A038430CACCC1C414FA258AF] - |A| - [04/08/2015 00:24:18] - (.Copyright (c) 2006-2013 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [1723.08 Ko] - (1.2.16.81) - C:\WINDOWS\SysWOW64\MBAPO232.dll [MD5.B81E11533A94ACB118CF0E09099E5BC2] - |A| - [04/08/2015 00:24:18] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [765.93 Ko] - (1.0.62.0) - C:\WINDOWS\SysWOW64\MBAPO32.dll [MD5.208F948C25CBEE7D9E395A5B31238764] - |A| - [04/08/2015 00:24:18] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [577.77 Ko] - (1.0.15.175) - C:\WINDOWS\SysWOW64\MBTHX32.dll [MD5.00000000000000000000000000000000] - |SD| - [19/07/2017 12:50:00] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [3042.39 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [814.41 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [271 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [635.23 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [288 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [420.42 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [285.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [230.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.1291A61F0F4A49E5F4C869E677F67C57] - |A| - [18/03/2017 22:58:39] - (.-.) - [300 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [276.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.D1152B8BEBE2ACD6813FFBAF29DFAB49] - |A| - [19/08/2016 00:59:32] - (.Copyright (C) Synaptics Incorporated 1996-2015 - SynCOM.) - [418.19 Ko] - (19.0.9.4) - C:\WINDOWS\SysWOW64\SynCom.dll [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [215 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [15552.85 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.D676BC75BD566BC91BFEC3D4EDA42655] - |A| - [18/03/2017 22:58:54] - (.-.) - [84.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7477.85 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4753.59 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.B6F89F4C37052969C0E5A8CF47C103D5] - |A| - [17/07/2017 10:17:28] - (.-.) - [58.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [197.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [192 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\brousseau isabelle\AppData\Roaming [17/07/2017 09:45:30] "Local AppData"=C:\Users\brousseau isabelle\AppData\Local [17/07/2017 09:45:30] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Libraries [12/02/2016 00:36:29] "My Video"=C:\Users\brousseau isabelle\Videos [12/02/2016 00:35:59] "My Pictures"=C:\Users\brousseau isabelle\Pictures [12/02/2016 00:35:59] "Desktop"=C:\Users\brousseau isabelle\Desktop [12/02/2016 00:35:59] "History"=C:\Users\brousseau isabelle\AppData\Local\Microsoft\Windows\History [12/02/2016 00:35:59] "NetHood"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Network Shortcuts [17/07/2017 09:45:30] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\brousseau isabelle\Contacts [12/02/2016 00:36:29] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\brousseau isabelle\AppData\Local\Microsoft\Windows\RoamingTiles [12/02/2016 00:36:09] "Cookies"=C:\Users\brousseau isabelle\AppData\Local\Microsoft\Windows\INetCookies [12/02/2016 00:35:59] "Favorites"=C:\Users\brousseau isabelle\Favorites [12/02/2016 00:35:59] "SendTo"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\SendTo [28/09/2016 17:58:25] "Start Menu"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu [28/09/2016 17:58:25] "My Music"=C:\Users\brousseau isabelle\Music [12/02/2016 00:35:59] "Programs"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [28/09/2016 17:58:25] "Recent"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Recent [12/02/2016 00:35:59] "CD Burning"=C:\Users\brousseau isabelle\AppData\Local\Microsoft\Windows\Burn\Burn [17/07/2017 10:29:52] "PrintHood"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [17/07/2017 09:45:30] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\brousseau isabelle\Searches [12/02/2016 00:36:30] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\brousseau isabelle\Downloads [12/02/2016 00:35:59] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\brousseau isabelle\AppData\LocalLow [12/02/2016 00:36:00] "Startup"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [12/02/2016 00:36:30] "Administrative Tools"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/02/2016 00:36:30] "Personal"=C:\Users\brousseau isabelle\Documents [12/02/2016 00:35:59] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\brousseau isabelle\Links [12/02/2016 00:35:59] "Cache"=C:\Users\brousseau isabelle\AppData\Local\Microsoft\Windows\INetCache [17/07/2017 09:45:30] "Templates"=C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Templates [17/07/2017 09:45:30] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\brousseau isabelle\Saved Games [12/02/2016 00:35:59] "Fonts"=C:\WINDOWS\Fonts [18/03/2017 23:03:29] [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache "Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 23:03:29] "Common AppData"=C:\ProgramData [18/03/2017 23:03:29] "Common Desktop"=C:\Users\Public\Desktop [22/08/2013 17:36:30] "Common Documents"=C:\Users\Public\Documents [22/08/2013 17:36:30] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 23:03:29] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 23:03:29] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:29] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [22/08/2013 17:36:30] "CommonMusic"=C:\Users\Public\Music [22/08/2013 17:36:30] "CommonPictures"=C:\Users\Public\Pictures [22/08/2013 17:36:30] "CommonVideo"=C:\Users\Public\Videos [22/08/2013 17:36:30] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 23:03:29] "Common AppData"=C:\ProgramData [18/03/2017 23:03:29] "Common Desktop"=C:\Users\Public\Desktop [22/08/2013 17:36:30] "Common Documents"=C:\Users\Public\Documents [22/08/2013 17:36:30] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 23:03:29] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 23:03:29] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:29] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [22/08/2013 17:36:30] "CommonMusic"=C:\Users\Public\Music [22/08/2013 17:36:30] "CommonPictures"=C:\Users\Public\Pictures [22/08/2013 17:36:30] "CommonVideo"=C:\Users\Public\Videos [22/08/2013 17:36:30] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads ---------- | [Administrateur] [13/02/2016 15:14:31] - |D| - [1434580180] - C:\Users\Administrateur\AppData\Local [13/02/2016 15:14:32] - |D| - [0] - C:\Users\Administrateur\AppData\LocalLow [13/02/2016 15:14:31] - |D| - [158913] - C:\Users\Administrateur\AppData\Roaming [13/02/2016 15:16:50] - |D| - [0] - C:\Users\Administrateur\AppData\Local\ActiveSync [13/02/2016 15:14:32] - |SHD| - [1307243404] - C:\Users\Administrateur\AppData\Local\Application Data [13/02/2016 15:14:32] - |SHD| - [130] - C:\Users\Administrateur\AppData\Local\Historique [13/02/2016 15:21:05] - |AH| - [3368] - C:\Users\Administrateur\AppData\Local\IconCache.db [13/02/2016 15:14:31] - |D| - [112978172] - C:\Users\Administrateur\AppData\Local\Microsoft [13/02/2016 15:14:37] - |D| - [3271330] - C:\Users\Administrateur\AppData\Local\Packages [13/02/2016 15:14:31] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Temp [13/02/2016 15:14:32] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files [13/02/2016 15:14:36] - |D| - [11083776] - C:\Users\Administrateur\AppData\Local\TileDataLayer [13/02/2016 15:18:33] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\Adobe [13/02/2016 15:14:31] - |SD| - [158913] - C:\Users\Administrateur\AppData\Roaming\Microsoft [13/02/2016 15:18:35] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [13/02/2016 15:14:32] - |SHD| - [22466] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [13/02/2016 15:14:31] - |RD| - [22466] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [13/02/2016 15:14:31] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [13/02/2016 15:14:31] - |RD| - [2925] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [13/02/2016 15:18:35] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [13/02/2016 15:18:35] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [13/02/2016 15:14:31] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [13/02/2016 15:19:52] - |A| - [2405] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [13/02/2016 15:18:35] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [13/02/2016 15:14:31] - |RD| - [5318] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [13/02/2016 15:14:31] - |RSD| - [7238] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [13/02/2016 15:18:35] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [brousseau isabelle] [17/07/2017 09:45:30] - |D| - [2710647069] - C:\Users\brousseau isabelle\AppData\Local [12/02/2016 00:36:00] - |D| - [5591090] - C:\Users\brousseau isabelle\AppData\LocalLow [17/07/2017 09:45:30] - |D| - [261815072] - C:\Users\brousseau isabelle\AppData\Roaming [22/05/2016 12:19:33] - |D| - [0] - C:\Users\brousseau isabelle\AppData\Local\ActiveSync [17/07/2017 09:45:30] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\Local\Application Data [03/07/2016 19:56:45] - |D| - [0] - C:\Users\brousseau isabelle\AppData\Local\CEF [16/02/2016 16:49:37] - |D| - [3977335] - C:\Users\brousseau isabelle\AppData\Local\Citrix [22/05/2016 12:17:52] - |D| - [26959896] - C:\Users\brousseau isabelle\AppData\Local\Comms [28/09/2016 20:03:27] - |D| - [1460113] - C:\Users\brousseau isabelle\AppData\Local\ConnectedDevicesPlatform [30/06/2017 18:16:50] - |D| - [4925] - C:\Users\brousseau isabelle\AppData\Local\CyberLink [17/07/2017 10:46:47] - |D| - [0] - C:\Users\brousseau isabelle\AppData\Local\DBG [16/09/2016 22:27:56] - |D| - [606718] - C:\Users\brousseau isabelle\AppData\Local\Diagnostics [16/02/2016 11:00:06] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\Local\EmieBrowserModeList [16/02/2016 11:00:06] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\Local\EmieSiteList [16/02/2016 11:00:06] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\Local\EmieUserList [16/02/2016 11:02:21] - |D| - [1192159229] - C:\Users\brousseau isabelle\AppData\Local\Google [12/02/2016 00:47:07] - |D| - [71] - C:\Users\brousseau isabelle\AppData\Local\GWX [17/07/2017 09:45:30] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\Local\Historique [20/02/2016 12:03:34] - |D| - [109335] - C:\Users\brousseau isabelle\AppData\Local\HP [20/07/2017 07:12:51] - |AH| - [327019] - C:\Users\brousseau isabelle\AppData\Local\IconCache.db [17/07/2017 09:45:30] - |D| - [1247243706] - C:\Users\brousseau isabelle\AppData\Local\Microsoft [02/06/2016 20:31:58] - |D| - [79107] - C:\Users\brousseau isabelle\AppData\Local\MicrosoftEdge [31/05/2016 23:26:14] - |D| - [0] - C:\Users\brousseau isabelle\AppData\Local\NetworkTiles [12/02/2016 00:36:15] - |D| - [214772433] - C:\Users\brousseau isabelle\AppData\Local\Packages [21/02/2016 17:46:35] - |D| - [0] - C:\Users\brousseau isabelle\AppData\Local\Programs [22/05/2016 12:18:34] - |D| - [162274] - C:\Users\brousseau isabelle\AppData\Local\Publishers [02/01/2017 17:32:05] - |A| - [7598] - C:\Users\brousseau isabelle\AppData\Local\Resmon.ResmonCfg [17/07/2017 09:45:30] - |D| - [8019029] - C:\Users\brousseau isabelle\AppData\Local\Temp [17/07/2017 09:45:30] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\Local\Temporary Internet Files [22/05/2016 12:17:37] - |D| - [13918208] - C:\Users\brousseau isabelle\AppData\Local\TileDataLayer [09/07/2017 22:25:15] - |D| - [0] - C:\Users\brousseau isabelle\AppData\Local\UNP [12/02/2016 00:36:19] - |D| - [579] - C:\Users\brousseau isabelle\AppData\Local\VirtualStore [13/10/2017 15:21:03] - |D| - [158397] - C:\Users\brousseau isabelle\AppData\Local\ZHP [16/02/2016 11:02:28] - |D| - [681097] - C:\Users\brousseau isabelle\AppData\Local\{1A3F2C63-3E97-40DB-530F-6533776799AB} [16/02/2016 11:00:12] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\LocalLow\EmieBrowserModeList [16/02/2016 11:00:02] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\LocalLow\EmieSiteList [16/02/2016 11:00:12] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\LocalLow\EmieUserList [12/02/2016 00:37:18] - |SD| - [5558322] - C:\Users\brousseau isabelle\AppData\LocalLow\Microsoft [04/07/2017 00:34:34] - |D| - [32768] - C:\Users\brousseau isabelle\AppData\LocalLow\uTorrent [29/12/2016 18:19:29] - |D| - [154028107] - C:\Users\brousseau isabelle\AppData\Roaming\.minecraft [12/02/2016 00:36:22] - |D| - [0] - C:\Users\brousseau isabelle\AppData\Roaming\Adobe [16/02/2016 11:24:45] - |D| - [24831345] - C:\Users\brousseau isabelle\AppData\Roaming\AVAST Software [16/02/2016 11:06:16] - |D| - [40304158] - C:\Users\brousseau isabelle\AppData\Roaming\Baidu [30/06/2017 18:16:51] - |D| - [0] - C:\Users\brousseau isabelle\AppData\Roaming\CyberLink [25/07/2016 09:16:55] - |D| - [543] - C:\Users\brousseau isabelle\AppData\Roaming\dvdcss [21/06/2017 14:14:01] - |D| - [91258] - C:\Users\brousseau isabelle\AppData\Roaming\HPPSDr [20/02/2016 12:06:20] - |D| - [28927] - C:\Users\brousseau isabelle\AppData\Roaming\HpUpdate [16/02/2016 16:50:00] - |D| - [2613] - C:\Users\brousseau isabelle\AppData\Roaming\ICAClient [29/12/2016 18:19:33] - |D| - [0] - C:\Users\brousseau isabelle\AppData\Roaming\java [16/02/2016 13:16:22] - |D| - [492] - C:\Users\brousseau isabelle\AppData\Roaming\Macromedia [17/07/2017 09:45:30] - |SD| - [3607390] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft [29/12/2016 18:12:05] - |D| - [13362892] - C:\Users\brousseau isabelle\AppData\Roaming\OpenOffice [26/08/2016 12:42:58] - |D| - [76] - C:\Users\brousseau isabelle\AppData\Roaming\Skype [30/07/2017 23:55:02] - |D| - [3604480] - C:\Users\brousseau isabelle\AppData\Roaming\U3 [21/02/2016 18:13:21] - |D| - [18699967] - C:\Users\brousseau isabelle\AppData\Roaming\uTorrent [03/07/2016 17:33:17] - |D| - [88218] - C:\Users\brousseau isabelle\AppData\Roaming\vlc [16/02/2016 14:02:02] - |A| - [135] - C:\Users\brousseau isabelle\AppData\Roaming\WB.CFG [21/02/2016 17:19:49] - |D| - [12] - C:\Users\brousseau isabelle\AppData\Roaming\WinRAR [13/10/2017 15:21:03] - |D| - [3164459] - C:\Users\brousseau isabelle\AppData\Roaming\ZHP [12/02/2016 00:36:29] - |SH| - [174] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [17/07/2017 09:45:30] - |SHD| - [0] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [28/09/2016 17:58:25] - |RD| - [20726] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [17/07/2017 09:45:30] - |RD| - [3888] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [17/07/2017 09:45:30] - |RD| - [2925] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [12/02/2016 00:36:30] - |RD| - [174] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [17/07/2017 10:27:54] - |SH| - [174] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [17/07/2017 09:45:30] - |D| - [170] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [23/06/2017 23:05:35] - |A| - [2487] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [12/02/2016 00:36:30] - |RD| - [174] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [17/07/2017 09:45:30] - |RD| - [3496] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [17/07/2017 09:45:30] - |RD| - [7238] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [12/02/2016 00:36:30] - |SH| - [174] - C:\Users\brousseau isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] ---------- | C:\ProgramData [20/02/2016 12:04:46] - |A| - [57] - C:\ProgramData\Ament.ini [17/07/2017 10:13:56] - |SHD| - [0] - C:\ProgramData\Application Data [16/02/2016 11:19:53] - |D| - [183105979] - C:\ProgramData\AVAST Software [16/02/2016 11:06:27] - |D| - [159261] - C:\ProgramData\Baidu [12/02/2016 00:18:58] - |SHD| - [16896] - C:\ProgramData\Bureau [21/07/2016 07:46:57] - |D| - [61370862] - C:\ProgramData\Citrix [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms [30/06/2017 18:17:08] - |D| - [21440] - C:\ProgramData\CyberLink [17/07/2017 10:13:56] - |SHD| - [0] - C:\ProgramData\Documents [17/07/2017 09:44:30] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [20/02/2016 12:05:40] - |AD| - [8751280] - C:\ProgramData\HP [20/02/2016 12:06:35] - |AD| - [2888316] - C:\ProgramData\HP Photo Creations [27/11/2016 09:35:52] - |D| - [181993369] - C:\ProgramData\Malwarebytes [08/10/2017 12:25:05] - |D| - [51928] - C:\ProgramData\MB2Migration [12/02/2016 00:18:58] - |SHD| - [158178] - C:\ProgramData\Menu Démarrer [18/03/2017 23:03:29] - |SD| - [878651976] - C:\ProgramData\Microsoft [17/07/2017 10:30:29] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [12/02/2016 00:18:58] - |SHD| - [31386] - C:\ProgramData\Modèles [16/02/2016 11:08:10] - |D| - [25601] - C:\ProgramData\Norton [16/02/2016 11:08:02] - |D| - [25994570] - C:\ProgramData\NortonInstaller [16/02/2016 11:02:34] - |RASH| - [290] - C:\ProgramData\ntuser.pol [18/03/2017 23:03:29] - |D| - [999] - C:\ProgramData\regid.1991-06.com.microsoft [18/03/2017 23:03:29] - |D| - [0] - C:\ProgramData\SoftwareDistribution [15/10/2017 19:44:12] - |D| - [0] - C:\ProgramData\SWCUTemp [18/03/2017 23:03:29] - |D| - [6066] - C:\ProgramData\USOPrivate [17/07/2017 09:51:28] - |D| - [1613824] - C:\ProgramData\USOShared [20/02/2016 12:06:35] - |D| - [95268] - C:\ProgramData\Visan [20/03/2017 07:11:49] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [12/02/2016 00:18:58] - |SHD| - [79002] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [18/03/2017 23:03:29] - |RD| - [79002] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 23:03:29] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [18/03/2017 23:03:29] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [18/03/2017 23:03:29] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/06/2016 09:57:54] - |A| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [18/06/2016 15:17:54] - |A| - [1088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk [21/07/2016 07:47:31] - |A| - [1631] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk [18/03/2017 23:03:33] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [16/02/2016 11:07:06] - |A| - [2270] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [20/02/2016 12:06:08] - |D| - [7554] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [18/03/2017 22:59:54] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [18/03/2017 23:03:29] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [08/10/2017 12:25:32] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [18/03/2017 22:57:42] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [29/12/2016 18:07:26] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 [18/03/2017 22:58:04] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [18/03/2017 23:03:29] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:29] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [09/10/2016 09:26:23] - |D| - [5850] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [17/07/2017 09:52:23] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [16/02/2016 11:06:14] - |D| - [0] - C:\Program Files (x86)\baidu [21/07/2016 07:46:24] - |AD| - [144061404] - C:\Program Files (x86)\Citrix [18/03/2017 23:03:28] - |D| - [53006485] - C:\Program Files (x86)\Common Files [18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [16/02/2016 11:02:21] - |D| - [396872430] - C:\Program Files (x86)\Google [20/02/2016 12:06:38] - |D| - [1771958] - C:\Program Files (x86)\Hewlett-Packard [20/02/2016 12:05:39] - |AD| - [24474173] - C:\Program Files (x86)\HP [20/02/2016 12:06:35] - |D| - [451059] - C:\Program Files (x86)\HP Photo Creations [12/02/2016 00:47:21] - |D| - [35277045] - C:\Program Files (x86)\Intel [18/03/2017 23:03:28] - |D| - [2017907] - C:\Program Files (x86)\Internet Explorer [18/03/2017 23:03:28] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [29/12/2016 18:18:16] - |D| - [152183114] - C:\Program Files (x86)\Minecraft [29/12/2016 18:06:44] - |AD| - [327181151] - C:\Program Files (x86)\OpenOffice 4 [28/09/2016 18:07:30] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [03/07/2016 17:32:46] - |D| - [0] - C:\Program Files (x86)\VideoLAN [18/03/2017 23:03:28] - |D| - [2001344] - C:\Program Files (x86)\Windows Defender [18/03/2017 23:03:28] - |D| - [5924864] - C:\Program Files (x86)\Windows Mail [20/03/2017 07:10:55] - |D| - [3254425] - C:\Program Files (x86)\Windows Media Player [18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform [18/03/2017 23:03:28] - |D| - [7569090] - C:\Program Files (x86)\Windows NT [18/03/2017 23:03:28] - |D| - [5365568] - C:\Program Files (x86)\Windows Photo Viewer [18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices [18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [18/03/2017 23:03:28] - |D| - [2184102] - C:\Program Files (x86)\WindowsPowerShell [21/02/2016 17:18:28] - |AD| - [5134722] - C:\Program Files (x86)\WinRAR ---------- | C:\Program Files [16/02/2016 11:20:46] - |D| - [1741183565] - C:\Program Files\AVAST Software [18/03/2017 23:03:28] - |D| - [77828956] - C:\Program Files\Common Files [18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files\desktop.ini [12/02/2016 00:18:58] - |SHD| - [77828956] - C:\Program Files\Fichiers communs [20/02/2016 12:05:38] - |D| - [139888668] - C:\Program Files\HP [18/03/2017 23:03:28] - |D| - [2645086] - C:\Program Files\Internet Explorer [08/10/2017 12:25:18] - |D| - [148814680] - C:\Program Files\Malwarebytes [17/07/2017 09:44:11] - |D| - [40113088] - C:\Program Files\Realtek [17/07/2017 09:43:16] - |D| - [86751609] - C:\Program Files\Synaptics [13/02/2016 15:14:31] - |HD| - [0] - C:\Program Files\Uninstall Information [09/07/2017 21:27:33] - |AD| - [10618441] - C:\Program Files\UNP [09/10/2016 09:25:47] - |D| - [137576484] - C:\Program Files\VideoLAN [18/03/2017 23:03:28] - |RD| - [16330682] - C:\Program Files\Windows Defender [18/03/2017 23:03:28] - |D| - [6145536] - C:\Program Files\Windows Mail [20/03/2017 07:10:55] - |D| - [4781757] - C:\Program Files\Windows Media Player [18/03/2017 23:03:28] - |D| - [49688] - C:\Program Files\Windows Multimedia Platform [18/03/2017 23:03:28] - |D| - [7835330] - C:\Program Files\Windows NT [18/03/2017 23:03:28] - |D| - [6169408] - C:\Program Files\Windows Photo Viewer [18/03/2017 23:03:28] - |D| - [49696] - C:\Program Files\Windows Portable Devices [18/03/2017 23:03:28] - |D| - [95352] - C:\Program Files\Windows Security [18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files\Windows Sidebar [18/03/2017 23:03:28] - |HD| - [2483942307] - C:\Program Files\WindowsApps [18/03/2017 23:03:28] - |D| - [2433872] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [16/02/2016 11:23:21] - |D| - [826810] - C:\Program Files (x86)\Common Files\AV [21/07/2016 07:46:28] - |AD| - [42488] - C:\Program Files (x86)\Common Files\Citrix [18/03/2017 23:03:28] - |D| - [42537674] - C:\Program Files (x86)\Common Files\Microsoft Shared [18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [16/02/2016 13:05:34] - |D| - [0] - C:\Program Files (x86)\Common Files\Symantec Shared [18/03/2017 23:03:28] - |D| - [9596811] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [17/07/2017 09:44:37] - |D| - [148] - C:\Program Files\Common files\Atheros [16/02/2016 11:23:21] - |D| - [826810] - C:\Program Files\Common files\AV [18/03/2017 23:03:28] - |D| - [66681589] - C:\Program Files\Common files\microsoft shared [18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files\Common files\Services [18/03/2017 23:03:28] - |D| - [10317707] - C:\Program Files\Common files\System ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [17/07/2017 10:03:04] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.60A1ABA7BFF2D92B8EC2E4D6D54AAD51] - [28/09/2016 17:53:02] - |A| - [264] - C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job [MD5.BF8AE80CE55D320B8ED3F540849F2BBE] - [17/07/2017 10:03:01] - |A| - [3994] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.00000000000000000000000000000000] - [17/07/2017 10:03:01] - |D| - [3968] - C:\WINDOWS\System32\Tasks\AVAST Software [MD5.1CD0CDE0AAE934311672CAE8A742A128] - [17/07/2017 10:03:01] - |A| - [3290] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.9371DB5006DEA7E52D62998103AEF120] - [17/07/2017 10:03:01] - |A| - [3514] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.D719ED4AF4B5F191576FDA6178CADE61] - [17/07/2017 10:03:01] - |A| - [2520] - C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 2540 series : "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" [MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [548244] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.D369BBFFF29A1D7758D5932E93DD7E56] - [27/07/2017 09:07:37] - |A| - [3392] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-955818268-471735480-1976523364-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.4BD5935840D63D575205014EF56E2F5B] - [17/07/2017 10:03:04] - |A| - [2748] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-955818268-471735480-1976523364-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.54C85820DC679E0FE5A212C66A8F748E] - [17/07/2017 10:03:04] - |A| - [4040] - C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1466255871 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe [MD5.8D2BE0A825FF2A7961B948EE14C83080] - [17/07/2017 10:03:04] - |A| - [4192] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D384A262-C528-4475-A572-E9288625BDD3} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [17/07/2017 10:03:04] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD [MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{86B9D254-6A16-479E-A2ED-E44F496DAD16}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{E9345CE7-E095-4E3B-BAF7-4F08CD1AC7DB}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\brousseau isabelle\AppData\Local\Temp\7zS5F69\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{178CA27B-2235-4659-A61C-1E6BD1CAC339}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\brousseau isabelle\AppData\Local\Temp\7zS5F69\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{509994D3-FFFC-4B77-8AF1-0AA1398C3439}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\brousseau isabelle\AppData\Local\Temp\7zS5EF3\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{85BE13A4-6BB2-4EEF-A17E-B98D604F3D97}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\brousseau isabelle\AppData\Local\Temp\7zS5EF3\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{629660C3-7945-439D-93BC-24CE1F79C606}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{01EAE9C8-07C7-4261-90E7-21007C160BAD}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{6EBC3A51-C506-47E1-8C42-B9919A1CEF9D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-955818268-471735480-1976523364-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{2E4F0B95-85E6-4373-9E3E-F4F8F5DA31DE}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\brousseau isabelle\AppData\Local\Temp\7zS398D\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{F2B83AA0-9234-40DD-B1C7-58B9944B2D77}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\brousseau isabelle\AppData\Local\Temp\7zS398D\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{E4BC9F81-CE77-4658-B4BB-4D4B0AFA6C1D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\brousseau isabelle\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-Out) (brousseau isabelle)|Desc=Allow µTorrent network traffic| "{7B645555-0BD7-47FD-82A5-167C4FB137F2}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\brousseau isabelle\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (brousseau isabelle)| "{7FCF31F2-6264-4F14-94A4-E94B1BC87AE0}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\brousseau isabelle\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (brousseau isabelle)| "{0BB57812-9C4D-4361-B57F-F89B0401C711}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\brousseau isabelle\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In) (brousseau isabelle)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{6B74C46F-CAA0-462A-8C81-C0818170D944}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\brousseau isabelle\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-Out) (brousseau isabelle)|Desc=Allow µTorrent network traffic| "{098F1F08-698B-4A30-8DC6-459214C38AEA}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\brousseau isabelle\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In) (brousseau isabelle)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{B723BAC0-B835-4ED0-AAAF-345CEC98F0A5}"=v2.22|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe|Name=Communicateur réseau COM HP (HP Deskjet 2540 series)|Edge=TRUE| "{06495921-6CFA-4AEE-A74B-A3870CAB7F14}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|Name=Port TCP WS-Eventing 5357| "{48CAAF09-D66A-4727-A927-CF4EBE99247B}"=v2.22|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe|Name=Configuration du périphérique HP (HP Deskjet 2540 series)|Edge=TRUE| "{6D5C8277-318F-4263-A0E9-2F4540F0F010}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\brousseau isabelle\AppData\Local\Chromium\Application\chrome.exe|Name=Chromium (mDNS-In)|Desc=Règle de trafic entrant pour Chromium autorisant le trafic mDNS|EmbedCtxt=Chromium| "{84CFB2A4-F915-4ECE-A197-600F6BA2DB3F}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-955818268-471735480-1976523364-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ| "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{9E3D57FC-7C37-4424-9352-4831E97D029D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ| "{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ| "{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ| "{ED8F711F-AC5D-48CC-BF9A-09E8CBDB0A37}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{D8023C0E-F43B-49B3-86AA-214D7EA04F5A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Holographic Item Player|Desc=Holographic Item Player|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-2848169271-1944770290-2690789639-3499139168-2840136067-3338101526-125811250|EmbedCtxt=Holographic Item Player|Platform=2:6:2|Platform2=GTEQ| "{133F23E4-9170-49C5-957A-B36B5D563D06}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Desc=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/Description}|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-968169919-1126953557-685195956-86120492-1320233397-643893155-1374718203|EmbedCtxt=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{6E0ACF37-B1D4-41DF-BEB5-A4DD097FBBB0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Wallet|Desc=Wallet|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Wallet|Platform=2:6:2|Platform2=GTEQ| "{EAC574CA-B815-4590-BD9A-D76AF93355F9}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{3FDEF84C-9743-4F80-970D-59B84FD4FFC0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{A77C16F8-F428-463C-819E-6B7423882AE1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{3906A1FA-7E28-4AB8-8C9F-8A741F6135BE}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{E442F986-268D-43FF-8106-F1107EE24F7A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| "{4B54B3BA-C0E0-4832-9A78-553697F8544F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ| "{F6A44A77-6757-4496-96AC-55CE5259578D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| "{A8FEADCD-6018-48F7-9E09-E157E6370054}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{85886F49-9AB7-4558-ADD8-217F59C19D43}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Mixed Reality Viewer|Desc=Mixed Reality Viewer|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-3739514657-3828455176-2936196785-2025316370-1894713875-3268641221-1640234959|EmbedCtxt=Mixed Reality Viewer|Platform=2:6:2|Platform2=GTEQ| "{5A0A73E1-8DF2-4007-AFF4-DF66DE2CCF8B}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{CF16068E-7052-4838-ADBB-A5F591A7B235}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{94C923BA-4F86-4172-A9F4-7039063F5CF0}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{BCD16352-E5C3-458F-96F4-FBAA5F6EAB5A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{09DFBD71-FBF7-4B6C-A179-DCFAB0AE5120}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{F4C6F617-418E-4557-8805-C23BEE51B4B0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Sway|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "{6E606ED3-CCB2-44C4-B9AB-63ECB731DF2C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-955818268-471735480-1976523364-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem0.inf,%ClassName%;SAMSUNG Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{60d8009b-9ff6-4655-a034-9ca945d817ff}] : (CitrixUSBDevices) [] -> @oem26.inf,%CITRIX_CLASS_NAME%;Citrix USB Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b6a945de-134c-4279-9a66-61a63c6f0dc5}] : (Network Infrastructure Devices) [] -> @oem7.inf,%ClassName%;Network Infrastructure Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CF2A3345-050B-41D0-BAF5-CD558EFAAE3B}] : (ctxusbm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem13.inf,%ClassName%;ADB Interface [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [07/04/2016 00:45:46] - (14.4.1000.11) - (Citrix Systems, Inc. - Citrix USB Filter Driver) - C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [18/03/2017 22:56:19] - (3.0.2.201) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw8x.sys [19/08/2016 00:59:32] - (19.0.9.4) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys [23/08/2016 12:46:34] - (19.0.9.4) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [13/07/2016 17:47:38] - (10.0.1.7) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys [14/03/2016 06:51:46] - (10.0.10586.31222) - (Realsil Semiconductor Corporation - RTS USB READER Driver) - C:\WINDOWS\system32\Drivers\RtsUer.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> \SystemRoot\system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswKbd (aswKbd) -> \SystemRoot\system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ctxusbm (Citrix USB Monitor Driver) -> \SystemRoot\system32\DRIVERS\ctxusbm.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False S2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: False R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Chromium] : (Chromium.-.Chromium) -> "C:\Users\brousseau isabelle\AppData\Local\{1A3F2C63-3E97-40DB-530F-6533776799AB}\uninstall.exe" /Uninstall /s /noun /DelSelfDir [HKU\S-1-5-21-955818268-471735480-1976523364-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\dcd885b6c2fcbba9d4241240a9e6a4d6] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3330B490-86DE-4E57-AE3A-14AECC0ACC52}] : (Logiciel de base du périphérique HP Deskjet 2540 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{3330B490-86DE-4E57-AE3A-14AECC0ACC52} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B01F43B5-AD90-417C-BDF8-4E5A96530476}] : (Étude pour l'amélioration du produit HP Deskjet 2540 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{B01F43B5-AD90-417C-BDF8-4E5A96530476} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Baidu Antivirus] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{16EECB67-42F9-4227-8392-A71BD023082D}] : (Citrix Receiver(Aero).-.Citrix Systems, Inc.) -> MsiExec.exe /X{16EECB67-42F9-4227-8392-A71BD023082D} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2AB290A4-6B1F-4591-AF1B-73153F10D362}] : (Online Plug-in.-.Citrix Systems, Inc.) -> MsiExec.exe /I{2AB290A4-6B1F-4591-AF1B-73153F10D362} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2B335385-EAB0-4272-BDF9-D475AE51297D}] : (Citrix Receiver (DV).-.Citrix Systems, Inc.) -> MsiExec.exe /X{2B335385-EAB0-4272-BDF9-D475AE51297D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2FAD0F16-4309-4D22-AE73-F4CCA737D013}] : (HP Deskjet 2540 series Aide.-.Hewlett Packard) -> MsiExec.exe /I{2FAD0F16-4309-4D22-AE73-F4CCA737D013} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{37C6BFE8-9345-4BE5-A807-9E427562958B}] : (Self-Service Plug-in.-.Citrix Systems, Inc.) -> MsiExec.exe /X{37C6BFE8-9345-4BE5-A807-9E427562958B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}] : (HP FWUpdateEDO2.-.Hewlett-Packard) -> MsiExec.exe /I{415FA9AD-DA10-4ABE-97B6-5051D4795C90} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconduct Corp.) -> C:\WINDOWS\RtCRU64.exe /u ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{69DECF93-9DFB-4227-A5E5-6C4C128CD941}] : (Citrix Receiver (USB).-.Citrix Systems, Inc.) -> MsiExec.exe /I{69DECF93-9DFB-4227-A5E5-6C4C128CD941} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6B8C80BA-B33A-43B1-90BE-DFD82AD0991C}] : (Citrix Authentication Manager.-.Citrix Systems, Inc.) -> MsiExec.exe /X{6B8C80BA-B33A-43B1-90BE-DFD82AD0991C} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{845CB598-34F0-4F49-9526-01290F85781C}] : (Citrix Web Helper.-.Citrix Systems, Inc.) -> MsiExec.exe /X{845CB598-34F0-4F49-9526-01290F85781C} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] : (HP Update.-.Hewlett-Packard) -> MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{92955699-E759-4748-9AF8-AC4D3660750B}] : (Citrix Receiver Inside.-.Citrix Systems, Inc.) -> MsiExec.exe /I{92955699-E759-4748-9AF8-AC4D3660750B} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C9875839-8087-4554-9B5E-346821DF2E6C}] : (Citrix Receiver (Redirection Flash HDX).-.Citrix Systems, Inc.) -> MsiExec.exe /I{C9875839-8087-4554-9B5E-346821DF2E6C} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}] : (OpenOffice 4.1.2.-.Apache Software Foundation) -> MsiExec.exe /I{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\094B0333ED6875E4EAA341EACCA0CC25] : Logiciel de base du périphérique HP Deskjet 2540 series -> C:\Windows\Installer\{3330B490-86DE-4E57-AE3A-14AECC0ACC52}\ARP_Icon [HKCR\Installer\Products\39FCED96BFD972245A5EC6C421C89D14] : Citrix Receiver (USB) -> C:\WINDOWS\Installer\{69DECF93-9DFB-4227-A5E5-6C4C128CD941}\ProductIcon [HKCR\Installer\Products\4A092BA2F1B61954FAB13751F3013D26] : Online Plug-in [HKCR\Installer\Products\583533B20BAE2724DB9F4D57EA1592D7] : Citrix Receiver (DV) [HKCR\Installer\Products\5B34F10B09DAC714DB8FE4A569354067] : Étude pour l'amélioration du produit HP Deskjet 2540 series -> C:\Windows\Installer\{B01F43B5-AD90-417C-BDF8-4E5A96530476}\ARP_Icon [HKCR\Installer\Products\61F0DAF2903422D4EA374FCC7A730D31] : HP Deskjet 2540 series Aide -> C:\Windows\Installer\{2FAD0F16-4309-4D22-AE73-F4CCA737D013}\ARP_Icon [HKCR\Installer\Products\76BCEE619F24722438297AB10D3280D2] : Citrix Receiver(Aero) [HKCR\Installer\Products\818DCFD4A63092246AD7FC71CD64D129] : Windows 10 Update and Privacy Settings [HKCR\Installer\Products\843B1BCDE49CD6D4C80ED7D95AFC66E3] : OpenOffice 4.1.2 -> C:\WINDOWS\Installer\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}\soffice.ico [HKCR\Installer\Products\895BC5480F4394F459621092F05887C1] : Citrix Web Helper -> C:\WINDOWS\Installer\{845CB598-34F0-4F49-9526-01290F85781C}\ARPIcon [HKCR\Installer\Products\8EFB6C7354395EB48A70E924572659B8] : Self-Service Plug-in -> C:\WINDOWS\Installer\{37C6BFE8-9345-4BE5-A807-9E427562958B}\plugin.ico [HKCR\Installer\Products\9385789C78084554B9E5438612FDE2C6] : Citrix Receiver (Redirection Flash HDX) [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\99655929957E8474A98FCAD4630657B0] : Citrix Receiver Inside [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\AB08C8B6A33B1B3409EBFD8DA20D99C1] : Citrix Authentication Manager -> C:\WINDOWS\Installer\{6B8C80BA-B33A-43B1-90BE-DFD82AD0991C}\ARPIcon [HKCR\Installer\Products\FC03D219E93F13B4DAA921C3B697E42E] : HP Update -> C:\Windows\Installer\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Le package Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe+App a été interrompu, car sa suspension a été trop longue. ------------ Nom de l’application défaillante MicrosoftEdgeCP.exe, version : 11.0.15063.608, horodatage : 0x59ae240c Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x2410 Heure de début de l’application défaillante : 0x01d340398303b950 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Chemin d’accès du module défaillant: unknown ID de rapport : 808627a0-792a-48e1-88cf-a0cefc6e46b5 Nom complet du package défaillant : Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : ContentProcess ------------ Échec de l’écriture d’un paramètre d’application pour le package Microsoft.Windows.Photos_8wekyb3d8bbwe. Code d’erreur : 5 ------------ Nom de l’application défaillante svchost.exe, version : 10.0.15063.0, horodatage : 0x02799ef5 Nom du module défaillant : appraiser.dll_unloaded, version : 10.0.15156.1008, horodatage : 0x9e6eb7d4 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000001000 ID du processus défaillant : 0x151c Heure de début de l’application défaillante : 0x01d33ae0327f8b95 Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe Chemin d’accès du module défaillant: appraiser.dll ID de rapport : ca199027-8462-4b62-b720-e24d1e897870 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante Microsoft.Photos.exe, version : 2017.35071.16410.0, horodatage : 0x59aeff2d Nom du module défaillant : combase.dll, version : 10.0.15063.608, horodatage : 0xb66dc19d Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000001ded4 ID du processus défaillant : 0x30bc Heure de début de l’application défaillante : 0x01d33addebb88865 Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\combase.dll ID de rapport : a55c87d0-411d-494f-82db-636f54beab40 Nom complet du package défaillant : Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : App ------------ Le package Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe+App a été interrompu, car sa suspension a été trop longue. ------------ Nom de l’application défaillante svchost.exe_AppReadiness, version : 10.0.15063.0, horodatage : 0x02799ef5 Nom du module défaillant : ntdll.dll, version : 10.0.15063.608, horodatage : 0x8274fd8b Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000f775f ID du processus défaillant : 0x7b8 Heure de début de l’application défaillante : 0x01d32d9a7ba8949b Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 7211c2ab-422d-464b-bc0c-cf08aab66298 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Le programme soffice.bin version 4.0.9782.500 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 348 Heure de début : 01d32b32e3cd5a15 Heure de fin : 23 Chemin d'accès de l'application : C:\Program Files (x86)\OpenOffice 4\program\soffice.bin ID de rapport : 7eaa6e6a-44d3-4c96-b09c-1220e53c3495 Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ L’application Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe+App n’a pas été lancée dans le délai qui lui était imparti. ------------ Nom de l’application défaillante svchost.exe, version : 10.0.15063.0, horodatage : 0x02799ef5 Nom du module défaillant : appraiser.dll_unloaded, version : 10.0.15156.1008, horodatage : 0x9e6eb7d4 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000001000 ID du processus défaillant : 0x5dc Heure de début de l’application défaillante : 0x01d311fcb0942b19 Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe Chemin d’accès du module défaillant: appraiser.dll ID de rapport : 70d0b9f6-5606-4cc7-8f4a-ab5d34eda7cb Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante svchost.exe_AppReadiness, version : 10.0.15063.0, horodatage : 0x02799ef5 Nom du module défaillant : ntdll.dll, version : 10.0.15063.447, horodatage : 0xa329d3a8 Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000f775f ID du processus défaillant : 0x16d0 Heure de début de l’application défaillante : 0x01d311fcf2e447d4 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\svchost.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : a3913b97-61af-4768-a6d5-df2092dc100b Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante svchost.exe, version : 10.0.15063.0, horodatage : 0x02799ef5 Nom du module défaillant : ntdll.dll, version : 10.0.15063.447, horodatage : 0xa329d3a8 Code d’exception : 0xc0000409 Décalage d’erreur : 0x00000000000aa020 ID du processus défaillant : 0xb98 Heure de début de l’application défaillante : 0x01d30b93ac27511c Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 6e4e0c67-1e8a-4c00-8e1c-6eed794154c3 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ L’application Microsoft.ZuneVideo_10.17062.12911.0_x64__8wekyb3d8bbwe+Microsoft.ZuneVideo n’a pas été lancée dans le délai qui lui était imparti. ------------ Nom de l’application défaillante svchost.exe, version : 10.0.15063.0, horodatage : 0x02799ef5 Nom du module défaillant : ntdll.dll, version : 10.0.15063.447, horodatage : 0xa329d3a8 Code d’exception : 0xc0000409 Décalage d’erreur : 0x00000000000aa020 ID du processus défaillant : 0x20dc Heure de début de l’application défaillante : 0x01d3091390528317 Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : b3997ed7-0047-471f-a8bd-32f81858af5e Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Produit : Google Update Helper - La mise à jour ‘{E0D0D2C9-5836-4023-AB1D-54EC3B90AD03}’ n’a pas pu être supprimée. Code d’erreur 1647. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127 ------------ Produit : Google Update Helper - La mise à jour ‘{1CAD0644-2CF1-4EA6-B512-0F59D9EAB13C}’ n’a pas pu être supprimée. Code d’erreur 1647. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127 ------------ ----------( EOF)---------- - 3638 | 13:54:24