--------------- QuickDiag | g3n-h@ckm@n | 2_24.07.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 27/07/2016 23:43:49 Updated 24/07/2016 | 08.15 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Marion (Administrator)] - [MARION-PC] (S-1-5-21-3068805931-2497146629-1372413373-1000) System: Microsoft Windows 7 Professionnel - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Professionnel |C:\Windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: 20DFCTO1WW - LENOVO - IdNumber: PF08RJNJ - UUID: 55E8B281-5463-11CB-B387-95B592789838 Processor : X64 - 2394 Mhz - Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz Phoenix BIOS SC-T v2.1 - en-US - LENOVO - S/N: PF08RJNJ - J5ET44WW (1.15) - LENOVO - 1150 CoreTemp : 47 Celsius ----------| Quick ---------- | SoundDevice Conexant SmartAudio HD - Status: OK - Manufacturer: Conexant - PNPDeviceID: HDAUDIO\FUNC_01&VEN_14F1&DEV_510F&SUBSYS_17AA5021&REV_1001\4&19E3B4F7&0&0001 ---------- | Video Intel(R) HD Graphics 5500 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 50 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igdumdim32,igd10iumd32,igd10iumd32 - PNPDeviceID: PCI\VEN_8086&DEV_1616&SUBSYS_502117AA&REV_09\3&E89B380&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 AMD Radeon R7 M265 Series - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_6604&SUBSYS_502117AA&REV_00\4&753D514&0&00E4 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: -2147483648 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 5500 - DriverVersion: 8.14.01.6505 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | CPU CPU #1 value:6 % CPU #2 value:6 % CPU #3 value:0 % CPU #4 value:0 % Total Overall CPU Usage value:1 % ---------- | Network Intel[R] Ethernet Connection [3] I218-V : SENT:675 bytes/sec / RECVD:675 bytes/sec Intel[R] Dual Band Wireless-AC 3160 : SENT:0 bytes/sec / RECVD:0 bytes/sec Microsoft Virtual WiFi Miniport Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Microsoft Virtual WiFi Miniport Adapter _2 : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{0CC15237-E885-42D4-BDDD-F7B29B9C6225} : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.lan : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{A014E90A-A2D0-433A-9509-FE72017E1E2D} : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:675 bytes/sec, / RECEIVE Maximum:675 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Bluetooth Device (Personal Area Network) - - - Status: - PnPID : WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 RAS Async Adapter - - - Status: - PnPID : Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000 Intel(R) Ethernet Connection (3) I218-V - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_15A3&SUBSYS_502017AA&REV_03\3&E89B380&0&C8 Périphérique compatible NDIS distant - - - Status: - PnPID : Carte Microsoft 6to4 - Tunnel - Microsoft - Status: - PnPID : ROOT\*6TO4MP\0000 Intel(R) Dual Band Wireless-AC 3160 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_08B4&SUBSYS_82708086&REV_93\4&34157C99&0&00E2 Carte Microsoft ISATAP #3 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002 Microsoft Virtual WiFi Miniport Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1B0BE22C&0&01 Microsoft Virtual WiFi Miniport Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1B0BE22C&0&02 Carte Microsoft ISATAP #4 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0003 Carte Microsoft ISATAP #5 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0004 Bluetooth Device (Personal Area Network) - - - Status: - PnPID : Périphérique compatible NDIS distant - - - Status: - PnPID : Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000 ---------- | Memory RAM = Total (MB) : 8116 | Free (MB) : 5652 Pagefile = Total (MB) : 16231 | Free (MB) : 13547 Virtual = Total (MB) : 4194 | Free (MB) : 3991 Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: - Manufacturer: 0467 - PartNumber: RMT3170ME68F9F1600 - S/N: 68018358 Physical Memory 1 : Capacity: 4294967296 - ChannelB-DIMM0 - Posit.: - Manufacturer: 0467 - PartNumber: RMT3170ME68F9F1600 - S/N: 68038358 ---------- | SID Users Administrateur : [S-1-5-21-3068805931-2497146629-1372413373-500] HomeGroupUser$ : [S-1-5-21-3068805931-2497146629-1372413373-1002] Invité : [S-1-5-21-3068805931-2497146629-1372413373-501] Marion : [S-1-5-21-3068805931-2497146629-1372413373-1000] Administrateurs : [S-1-5-32-544] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-3068805931-2497146629-1372413373-1001] ---------- | Drives Q:\ -> [Fixed] | [Lenovo_Recovery] | Total : 18.1 Go | Free : 5.22 Go -> NTFS [SATA] C:\ -> [Fixed] | [Windows7_OS] | Total : 446.2 Go | Free : 161.21 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, Q:] : Read:0 bytes/sec, Written:574,180 bytes/sec Max Read:0 bytes/sec, Max Write:574,180 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:574,180 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_ST500LM0&PROD_00-SSHD-8GB\4&6C073B4&0&000000 ---------- | Windows updates Last detection : 2016-07-27 13:44:04 Downloaded last ones : 2016-07-26 09:40:51 Installed last ones : 2016-07-26 09:41:30 Next search : 2016-07-28 07:25:36 Windows Is Activated ---------- | Browsers IE : 11.0.9600.18283 (© Microsoft Corporation. Tous droits réservés.) GC : 51.0.2704.103 (Copyright 2015 Google Inc.) Default : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" ---------- | FlashPlayer ---------- | Security AM : Malwarebytes' Anti-Malware ( 2.3.173.0) [Update : 21/07/2016 19:45:33] FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 416 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23418) = C:\Windows\System32\smss.exe [11/05/2016 11:24:22] CPU Usage:0 % 668 | [Owner : | Parent : 476() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 01:52:37] CPU Usage:0 % 724 | [Owner : | Parent : 668(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [19/06/2015 03:46:34] CPU Usage:0 % 740 | [Owner : | Parent : 668(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23452) = C:\Windows\System32\lsass.exe [16/06/2016 23:01:03] CPU Usage:0 % 748 | [Owner : | Parent : 668(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [21/11/2010 05:23:53] CPU Usage:0 % 864 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 940 | [Owner : | Parent : 724(services.exe) | ?????] - (.Lenovo. - Lenovo Power Management Service.) - (1.67.9.3) = C:\Windows\System32\ibmpmsvc.exe [11/06/2015 03:59:15] CPU Usage:0 % 1000 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 456 | [Owner : | Parent : 724(services.exe) | ?????] - (.AMD - AMD External Events Service Module.) - (6.14.11.1219) = C:\Windows\System32\atiesrxx.exe [21/03/2016 15:49:32] CPU Usage:0 % 628 | [Owner : | Parent : 676() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [19/06/2015 03:38:52] CPU Usage:0 % 824 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1060 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1088 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1124 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1228 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1300 | [Owner : | Parent : 724(services.exe) | ?????] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4029) = C:\Windows\System32\igfxCUIService.exe [11/06/2015 05:10:51] CPU Usage:0 % 1328 | [Owner : | Parent : 456(atiesrxx.exe) | ?????] - (.AMD - AMD External Events Client Module.) - (6.14.11.1219) = C:\Windows\System32\atieclxx.exe [21/03/2016 15:49:40] CPU Usage:0 % 1352 | [Owner : | Parent : 724(services.exe) | ?????] - (.DisplayLink Corp. - DisplayLinkManager Application.) - (7.5.54609.0) = C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [01/04/2014 03:39:34] CPU Usage:0 % 1492 | [Owner : | Parent : 1352(DisplayLinkManager.exe) | ?????] - (.DisplayLink Corp. - DisplayLinkUserAgent Application.) - (7.5.54609.0) = C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe [01/04/2014 03:39:36] CPU Usage:0 % 1524 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1660 | [Owner : | Parent : 724(services.exe) | ?????] - (.AVAST Software - avast! Service.) - (12.1.3076.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [11/07/2016 23:21:55] CPU Usage:0 % 1668 | [Owner : | Parent : 1060(svchost.exe) | ?????] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (6.1.7600.16385) = C:\Windows\System32\wlanext.exe [14/07/2009 02:07:15] CPU Usage:0 % 1676 | [Owner : | Parent : 564(csrss.exe) | ?????] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23418) = C:\Windows\System32\conhost.exe [11/05/2016 11:24:21] CPU Usage:0 % 1800 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1932 | [Owner : | Parent : 724(services.exe) | ?????] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.19.1728) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [25/06/2016 01:45:12] CPU Usage:0 % 1976 | [Owner : | Parent : 724(services.exe) | ?????] - (.Alps Electric Co., Ltd. - HidMonitorSvc Application.) - (8.1.0.13) = C:\Program Files\Apoint2K\HidMonitorSvc.exe [11/06/2015 05:14:49] CPU Usage:0 % 1996 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Updates Skype Click to Call.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [25/05/2016 10:30:36] CPU Usage:0 % 2032 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [25/05/2016 10:31:20] CPU Usage:0 % 1680 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1096 | [Owner : | Parent : 724(services.exe) | ?????] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - (17.13.11.0) = C:\Program Files\Intel\WiFi\bin\EvtEng.exe [04/12/2014 21:56:50] CPU Usage:0 % 2068 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [21/11/2010 05:24:52] CPU Usage:0 % 2224 | [Owner : | Parent : 724(services.exe) | ?????] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (17.1.1431.1) = C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [17/06/2014 17:42:08] CPU Usage:0 % 2256 | [Owner : | Parent : 724(services.exe) | ?????] - (.Intel(R) Corporation - Intel(R) Technology Access - Service.) - (1.3.2.1030) = C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [24/01/2015 01:58:02] CPU Usage:0 % 2300 | [Owner : | Parent : 724(services.exe) | ?????] - (.Lenovo Group Limited - Auto Scroll Start Service.) - (1.3.0.0) = C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [11/06/2015 05:25:25] CPU Usage:0 % 2368 | [Owner : | Parent : 724(services.exe) | ?????] - (.-.) - (0.0.0.0) = C:\Windows\SysWOW64\PnkBstrA.exe [19/06/2015 23:11:59] CPU Usage:0 % 2424 | [Owner : | Parent : 724(services.exe) | ?????] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - (17.13.11.0) = C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [04/12/2014 21:56:36] CPU Usage:0 % 2444 | [Owner : | Parent : 724(services.exe) | ?????] - (.Conexant Systems, Inc. - SmartAudio Service Application.) - (1.0.4.0) = C:\Windows\SysWOW64\SASrv.exe [11/06/2015 05:19:51] CPU Usage:0 % 2944 | [Owner : Marion | Parent : 724(services.exe) | 15.36 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [13/11/2014 23:54:37] CPU Usage:0 % 3032 | [Owner : Marion | Parent : 1060(svchost.exe) | 32.34 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 01:37:38] CPU Usage:0 % 3068 | [Owner : Marion | Parent : 3016() | 81.56 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23418) = C:\Windows\explorer.exe [16/06/2016 23:00:22] CPU Usage:0 % 188 | [Owner : Marion | Parent : 2124() | 11.9 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4029) = C:\Windows\System32\igfxEM.exe [11/06/2015 05:10:51] CPU Usage:0 % 2560 | [Owner : Marion | Parent : 2124() | 8.21 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4029) = C:\Windows\System32\igfxHK.exe [11/06/2015 05:10:51] CPU Usage:0 % 2284 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 2952 | [Owner : | Parent : 724(services.exe) | ?????] - (.Lenovo Group Limited - On screen display Fn+Fx handler.) - (2.5.1.0) = C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [02/08/2015 11:43:47] CPU Usage:0 % 2900 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 3088 | [Owner : | Parent : 724(services.exe) | ?????] - (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Service.) - (17.13.11.0) = C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [04/12/2014 21:57:18] CPU Usage:0 % 3184 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 3196 | [Owner : | Parent : 2952(TPHKSVC.exe) | ?????] - (.Lenovo Group Limited - NumLock on screen display for ThinkPad.) - (1.5.5.0) = C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe [10/06/2015 11:42:11] CPU Usage:0 % 3240 | [Owner : | Parent : 724(services.exe) | ?????] - (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkPad.) - (1.4.4.0) = C:\Program Files\Lenovo\HOTKEY\micmute.exe [10/06/2015 11:42:10] CPU Usage:0 % 3336 | [Owner : | Parent : 724(services.exe) | ?????] - (.Lenovo Group Limited - ThinkPad Message Client Loader.) - (1.6.1.0) = C:\Program Files\Lenovo\HOTKEY\tphkload.exe [10/06/2015 11:42:11] CPU Usage:0 % 3552 | [Owner : Marion | Parent : 3496() | 0.55 Mo] - (.Microsoft Corporation - GWX.) - (6.3.9600.18409) = C:\Windows\System32\GWX\GWX.exe [20/07/2016 15:21:04] CPU Usage:0 % 3808 | [Owner : | Parent : 3336(tphkload.exe) | ?????] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe [14/07/2009 01:57:20] CPU Usage:0 % 4136 | [Owner : Marion | Parent : 3336(tphkload.exe) | 4.9 Mo] - (.Lenovo Group Limited - On screen display drawer.) - (8.0.7.0) = C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe [10/06/2015 11:42:10] CPU Usage:0 % 4164 | [Owner : | Parent : 3336(tphkload.exe) | ?????] - (.Lenovo Group Limited - ThinkPad Message Receiver for Shortcut Hot Keys.) - (2.5.1.0) = C:\PROGRA~1\Lenovo\HOTKEY\shtctky.exe [02/08/2015 11:43:48] CPU Usage:0 % 4344 | [Owner : Marion | Parent : 1976(HidMonitorSvc.exe) | 10.66 Mo] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) - (8.1.1601.127) = C:\Program Files\Apoint2K\Apoint.exe [11/06/2015 05:14:48] CPU Usage:0 % 4400 | [Owner : | Parent : 2300(lvvsst.exe) | ?????] - (.Lenovo Group Limited - Lenovo Auto Scroll Utility.) - (2.1.5.0) = C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe [02/08/2015 11:45:02] CPU Usage:0 % 4484 | [Owner : Marion | Parent : 3068(explorer.exe) | 7 Mo] - (.Lenovo. - Active Protection System.) - (1.80.5.0) = C:\Windows\System32\TpShocks.exe [07/01/2015 16:33:38] CPU Usage:0 % 4676 | [Owner : Marion | Parent : 4632() | 40.16 Mo] - (.AVAST Software - avast! Antivirus.) - (12.1.3076.6) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [11/07/2016 23:22:03] CPU Usage:0 % 4684 | [Owner : Marion | Parent : 4632() | 4.22 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\SysWOW64\rundll32.exe [14/07/2009 01:41:43] CPU Usage:0 % 4696 | [Owner : Marion | Parent : 4632() | 9.16 Mo] - (.SunplusIT, Inc. - BACK Monitor Application.) - (2.3.2.36) = C:\Program Files (x86)\Integrated Camera\Monitor.exe [01/09/2014 11:16:08] CPU Usage:0 % 4704 | [Owner : Marion | Parent : 4684(rundll32.exe) | 18.38 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe [14/07/2009 01:57:20] CPU Usage:0 % 4844 | [Owner : Marion | Parent : 4704(rundll32.exe) | 6.36 Mo] - (.Lenovo Group Limited - Power Manager Power Agenda.) - (1.0.0.1) = C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE [11/06/2015 05:24:05] CPU Usage:0 % 4100 | [Owner : | Parent : 1328(atieclxx.exe) | ?????] - (.AMD - AMD External Events Client Module.) - (6.14.11.1219) = C:\Program Files\AMD\amdkmpfd_un\atieclxx.exe [25/07/2016 13:11:55] CPU Usage:0 % 4736 | [Owner : Marion | Parent : 1124(svchost.exe) | 6.57 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [21/11/2010 05:24:27] CPU Usage:0 % 4148 | [Owner : Marion | Parent : 4736(taskeng.exe) | 0.75 Mo] - (.CyberLink - CyberLink MediaLibray Service.) - (7.0.0.4124) = C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [07/03/2013 06:49:22] CPU Usage:0 % 5216 | [Owner : Marion | Parent : 864(svchost.exe) | 6.25 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe [14/07/2009 01:47:12] CPU Usage:0 % 5288 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [14/11/2014 00:14:47] CPU Usage:0 % 1988 | [Owner : | Parent : 724(services.exe) | ?????] - (.Lenovo Group Limited - Lenovo QuickControl Service.) - (2.40.0.3) = C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [05/12/2014 22:34:38] CPU Usage:0 % 4108 | [Owner : Marion | Parent : 1988(QuickControlService.exe) | 14.66 Mo] - (.Lenovo Group Limited - Lenovo QuickControl Resident.) - (2.40.0.3) = C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe [05/12/2014 22:34:36] CPU Usage:0 % 5652 | [Owner : Marion | Parent : 4344(Apoint.exe) | 4.15 Mo] - (.Alps Electric Co., Ltd. - ApMsgFwd.) - (8.1.1600.18) = C:\Program Files\Apoint2K\ApMsgFwd.exe [11/06/2015 05:14:48] CPU Usage:0 % 6084 | [Owner : Marion | Parent : 692(csrss.exe) | 3.73 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23418) = C:\Windows\System32\conhost.exe [11/05/2016 11:24:21] CPU Usage:0 % 4652 | [Owner : Marion | Parent : 2784() | 5.64 Mo] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows.) - (8.1.1601.29) = C:\Program Files\Apoint2K\ApntEx.exe [11/06/2015 05:14:48] CPU Usage:0 % 1560 | [Owner : Marion | Parent : 692(csrss.exe) | 5.04 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23418) = C:\Windows\System32\conhost.exe [11/05/2016 11:24:21] CPU Usage:0 % 5848 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe [21/11/2010 05:25:05] CPU Usage:0 % 6716 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 6848 | [Owner : Marion | Parent : 6824() | 0.53 Mo] - (.Lenovo - Lenovo Solution Center Notifications.) - (1.1.0.0) = C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [20/04/2016 16:49:08] CPU Usage:0 % 2860 | [Owner : Marion | Parent : 4736(taskeng.exe) | 0.53 Mo] - (.Lenovo - Message Center Plus Scheduler.) - (3.4.1.0) = C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [23/03/2015 14:00:26] CPU Usage:0 % 2848 | [Owner : Marion | Parent : 6336() | 1.05 Mo] - (.Lenovo - Lenovo Service Bridge.) - (1.6.3.5) = C:\Users\Marion\AppData\Local\Apps\2.0\X48T0BXT.6BC\QEWBK3M3.2MJ\lsb...tion_2d7b41b05b24775e_0001.0006_6c5982beb50abfca\LSB.exe [25/07/2016 12:31:05] CPU Usage:0 % 2464 | [Owner : | Parent : 724(services.exe) | ?????] - (.Lenovo - Power Manager Dynamic Brightness Control Service.) - (1.0.0.1) = C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [11/06/2015 05:24:05] CPU Usage:0 % 2496 | [Owner : | Parent : 724(services.exe) | ?????] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (17.1.1407.474) = C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [17/06/2014 19:49:18] CPU Usage:0 % 6868 | [Owner : | Parent : 724(services.exe) | ?????] - (.Motorola Solutions, Inc. - Bluetooth Media Service.) - (17.1.1407.480) = C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [14/07/2014 20:17:58] CPU Usage:0 % 984 | [Owner : | Parent : 724(services.exe) | ?????] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (17.1.1407.480) = C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [14/07/2014 20:18:08] CPU Usage:0 % 6256 | [Owner : | Parent : 724(services.exe) | ?????] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (10.0.30.1054) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [10/10/2014 18:37:16] CPU Usage:0 % 4516 | [Owner : | Parent : 724(services.exe) | ?????] - (.Intel Corporation - Intel(R) Local Management Service.) - (10.0.30.1054) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [10/10/2014 18:37:18] CPU Usage:0 % 4796 | [Owner : | Parent : 724(services.exe) | ?????] - (.Lenovo - Lenovo Peer Connect Service.) - (1.0.0.0) = C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [11/06/2015 05:24:45] CPU Usage:0 % 5772 | [Owner : Marion | Parent : 5668() | 1.1 Mo] - (.Piriform Ltd - CCleaner.) - (5.19.0.5633) = C:\Program Files\CCleaner\CCleaner64.exe [10/06/2016 18:21:06] CPU Usage:0 % 1788 | [Owner : Marion | Parent : 3068(explorer.exe) | 127.64 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/06/2015 01:19:44] CPU Usage:0 % 6376 | [Owner : Marion | Parent : 1788(chrome.exe) | 4.68 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/06/2015 01:19:44] CPU Usage:0 % 4612 | [Owner : Marion | Parent : 1788(chrome.exe) | 87.38 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/06/2015 01:19:44] CPU Usage:0 % 5048 | [Owner : Marion | Parent : 1788(chrome.exe) | 77.85 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/06/2015 01:19:44] CPU Usage:0 % 6920 | [Owner : Marion | Parent : 1788(chrome.exe) | 59.32 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/06/2015 01:19:44] CPU Usage:0 % 6556 | [Owner : Marion | Parent : 1788(chrome.exe) | 154.83 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/06/2015 01:19:44] CPU Usage:2 % 4960 | [Owner : | Parent : 824(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.1.7601.18741) = C:\Windows\System32\audiodg.exe [19/06/2015 03:45:05] CPU Usage:0 % 2968 | [Owner : Marion | Parent : 3068(explorer.exe) | 50.35 Mo] - (.SosVirus - QuickDiag.) - (24.7.2016.1) = C:\Users\Marion\Desktop\quickdiag_2_24.07.2016.1.exe [27/07/2016 23:42:49] CPU Usage:0 % 4072 | [Owner : | Parent : 724(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [21/11/2010 05:23:56] CPU Usage:0 % ---------- | MD5 [MD5.9DA3B83F80E205B6C601EEE1312FD0A0] - [16/06/2016 23:00:22] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3155.5 Ko] - (6.1.7601.23418) : C:\Windows\Explorer.exe [MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 01:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.ACEDF96749861DB3DA92AE9B9D94FE72] - [11/05/2016 11:24:22] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.23418) : C:\Windows\System32\Kernel32.dll [MD5.C8A7F80DB5C193DD67747A1BA4B1782E] - [16/06/2016 23:01:03] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23452) : C:\Windows\System32\lsass.exe [MD5.622C96AFB07BB82C8650B47172137AC4] - [12/04/2016 22:18:56] - (.© Microsoft Corporation. - Distributed COM Services.) - [499.5 Ko] - (6.1.7601.19143) : C:\Windows\System32\rpcss.dll [MD5.DD81D91FF3B0763C392422865C9AC12E] - [14/07/2009 01:57:20] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [44.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.71C85477DF9347FE8E7BC55768473FCA] - [19/06/2015 03:46:34] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.06BF84D26A05D400F6B3FB3D3DE0B03A] - [18/12/2015 19:56:17] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [985 Ko] - (6.1.7601.19061) : C:\Windows\System32\user32.dll [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [19/06/2015 03:38:52] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe [MD5.9A4A1EEE802BF2F878EE8EAB407B21B7] - [10/11/2015 20:19:51] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [486 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.059F00DEF82BF41E433B7ED465847726] - [14/11/2014 00:40:32] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys [MD5.B8BD2BB284668C84865658C77574381A] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.CF1F6326AC44C42F4615D4BD53188AC5] - [11/06/2015 04:27:37] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [103.5 Ko] - (6.1.7601.18711) : C:\Windows\System32\Drivers\dfsc.sys [MD5.12DED0995AE2BA68EBBE70E14A76EE02] - [11/06/2015 04:40:35] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.18246) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [14/07/2009 01:19:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 02:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.10112D850C844606419C79EE24EE6016] - [16/06/2016 23:01:03] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23452) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.F7309F42555F8AAB7144A51A1F2585B0] - [10/11/2015 20:14:52] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [928.44 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys [MD5.E47D571FEC2C76E867935109AB2A770C] - [16/06/2016 23:00:32] - (.© Microsoft Corporation. - MBT Transport driver.) - [256 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys [MD5.47B2D0B31BDC3EBE6090228E2BA3764D] - [11/03/2016 11:02:37] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1644.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys [MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 02:00:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.471815800AE33E6F1C32FB1B97C490CA] - [21/11/2010 05:24:33] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.1B6163C503398B23FF8B939C67747683] - [21/11/2010 05:25:07] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [162 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 02:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.04ADD18EE5CC9FBEDAEC1DD1CD0CB45E] - [14/11/2014 01:02:21] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1858.94 Ko] - (6.1.7601.18438) : C:\Windows\System32\Drivers\tcpip.sys [MD5.AA77EB517D2F07A947294F260E3ACA83] - [10/11/2015 20:19:51] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.5 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.AVAST Software.-.avast! Shell Extension.) - (12.1.3076.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.Lenovo Group Limited.-.ThinkPad Power Manager Background Monitor and Tray Battery Gauge.) - (1.0.0.0) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (..-..) - (0.0.0.0) -- C:\Program Files (x86)\ThinkPad\Utilities\FR\PWMRT64V.DLL (.Lenovo Group Limited.-.ThinkPad Power Manager Low Level Function DLL.) - (1.0.0.0) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMIF64V.Dll (.Lenovo..-.ThinkVantage Active Protection System - Shock Sensor Module.) - (1.80.1.1) -- C:\Windows\system32\Sensor64.dll (.Lenovo.-.ReachDrive Folder Shell Extension.) - (2.5.2.5) -- C:\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll (.Lenovo.-..) - (2.5.2.5) -- C:\Program Files (x86)\Lenovo\REACHit\webStorage64.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.30.0.0) -- C:\Program Files (x86)\WinRAR\rarext64.dll (.Malwarebytes.-.Malwarebytes Anti-Malware.) - (3.1.1.0) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Dolby Laboratories.-.Dolby PCEE4 LFX APO x64.) - (7.2.8000.17) -- C:\Windows\system32\EEL64A.dll (.Dolby Laboratories.-.Dolby PCEE4 COM DLL x64.) - (7.2.8000.17) -- C:\Windows\system32\EED64A.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU TpShocks - (TpShocks.exe [HKLM\...\Run]) - User: Public [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "TpShocks"=TpShocks.exe [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui "PWMTRV"=rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint] : "C:\Program Files\Apoint2K\Apoint.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BingSvc] : C:\Users\Marion\AppData\Local\Microsoft\BingSvc\BingSvc.exe [03/07/2015 13:06:38] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BTMTrayAgent] : rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAudioFilterAgent] : "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] : "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Integrated Camera_Monitor] : "C:\Program Files (x86)\Integrated Camera\monitor.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr] : "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartAudio] : "C:\Program Files\CONEXANT\SAII\SACpl.exe" /t [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCN] : "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB3MON] : "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=c363a1d9-0d0d-4a5c-aeaa-cbce38e "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=740 "SecureBoot"=1 "ProductType"=6 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Lanceur d'applications Google Chrome.lnk (--show-app-list) C:\Users\Marion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk (/prefetch:1) C:\Users\Marion\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\Marion\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk (/sendto:) C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\REACHit Drive.lnk (/separate,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{2B3256D4-49AA-11D1-8429-0050AE509033}) C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk (/name Microsoft.EaseOfAccessCenter) C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( -extoff) C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Lanceur d'applications Google Chrome.lnk (--show-app-list) C:\ProgramData\Lenovo\LenovoTvtTools\Lenovo PC Experience.lnk (/c) C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk (/name Microsoft.DefaultPrograms) C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk (startmenu) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo PC Experience.lnk (/c) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk (/showgadgets) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk (/open) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk (%SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk (-NoExit -ImportSystemModules) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6\Dedicated Server.lnk (-nomaster -game cstrike -insecure) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Update Manager\Intel(R) Update Manager.lnk (--showui) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo PowerENGAGE\Lenovo PowerENGAGE.lnk (/LSRC=StartMenu) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage\Message Center Plus.lnk (/page=viewall) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Message Center Plus.lnk (/page=viewall) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk (/name Microsoft.BackupAndRestore) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix\mkvinfo GUI.lnk (-g) ---------- | AppCertDlls | AppInit_DLLs ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=1000 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "ScreenSaverIsSecure"=1 "Wallpaper"=C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [18/06/2015 17:26:50] "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "link"=0x17000000 "Browse For Folder Width"=404 "Browse For Folder Height"=360 [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=1 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 "Start_ShowMyGames"=0 "TaskbarSizeMove"=1 "DisablePreviewDesktop"=1 "TaskbarSmallIcons"=0 "TaskbarGlomLevel"=0 "ShowSuperHidden"=1 ""=0 [HKLM\Software\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "DisableTaskMgr"=0 "DisableRegistryTools"=0 "SoftwareSASGeneration"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 "NoRun"=0 "NoFolderOptions"=0 "NoControlPanel"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=35 "AlwaysUnloadDll"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 "HideFileExt"=0 "SuperHidden"=1 "ShowSuperHidden"=1 "Hidden"=1 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "DisableTaskMgr"=0 "DisableRegistryTools"=0 "SoftwareSASGeneration"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 "NoRun"=0 "NoFolderOptions"=0 "NoControlPanel"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=84 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=39 "AutoAdminLogon"=0 "DefaultUserName"=Marion [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultDomainName"= "DefaultUserName"= "Userinit"=userinit.exe "VMApplet"=SystemPropertiesPerformance.exe /pagefile ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2016 22:38:25] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2016 22:38:25] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser ---------- | AppcompatFlags [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\WinRAR\uninstall.exe"=1 "SIGN.MEDIA=727386 setup.exe"=1 "C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe"=1 "C:\Program Files (x86)\Lenovo\System Update\TvsuCommandLauncher.exe"=1 "C:\Users\Marion\Documents\setup.exe"=1 "C:\Users\Marion\Downloads\Setup.X86.fr-FR_O365HomePremRetail_b4948368-8f54-447c-92c3-905c8bdbd703_TX_DB_.exe"=1 "C:\Counter Strike 1.6\Counter Strike 1.6 Final.exe"=1 "C:\Counter Strike 1.6\Counter Strike 1.6 Maps.exe"=1 "C:\Users\Marion\Downloads\Divinity Original Sin - Enhanced Edition by xatab\setup.exe"=1 "C:\Program Files (x86)\Divinity Original Sin Enhanced Edition\language_setup.exe"=1 "C:\Users\Marion\Downloads\DNGCodec_2_0_Installer.exe"=1 "C:\Users\Marion\Downloads\undrtlgogpc\setup_undertale_2.0.0.2.exe"=1 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"=32 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\F] : F:\autorun.exe (AutoRun) [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{36c45acd-1684-11e5-af25-34e6ad65c49d}] : F:\autorun.exe (AutoRun) [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{b34f9c47-0fe3-11e5-ae17-806e6f6e6963}] : Q:\LenovoQDrive.cmd (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920218544262440 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0xB172660AF1A3D001 [HKLM\Software\WOW6432Node\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | @ [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "DisableScriptDebuggerIE"=yes "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "ImageStoreRandomFolder"=gcg66qf "IE10RunOnceLastShown"=0 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD7010000C5000000F70400001D030000 "DefSpellLang"=fr-FR "ScriptDebugger_EnableHiddenTabs"=0 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "StatusBarWeb"=1 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "Check_Associations"=yes "DisableRequiresActiveXPrompt"= "GotoIntranetSiteForSingleWordEntry"=0 "AutoSearch"=1 "SuppressScriptDebuggerDialog"=0 "PredictedViewExpansion"=100 "PredictedViewChangeThreshold"=10 "PredictedViewChangeThresholdPaint"=10 "ContentLayerCacheExpansion"=300 "RenderingLoopMaxTime"=250 "NscSingleExpand"=0 "Error Dlg Displayed On Every Error"=no "NotifyDownloadComplete"=yes "Friendly http errors"=yes "CSS_Compat"=doctype "Expand Alt Text"=no "Display Inline Videos"=1 "Print_Background"=no "Use Stylesheets"=1 "SmoothScroll"=1 "Show image placeholders"=0 "Disable Diagnostics Mode"=no "Move System Caret"=no "Enable AutoImageResize"=yes "UseThemes"=1 "UseHR"=0 "Q300829"=0 "Cleanup HTCs"=0 "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "JScriptProfileCacheEventDelay"=5000 "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "ScrollTimeoutInMS"=6000 "IE10RunOncePerInstallCompleted"=1 "IE10TourNoShow"=0 "IE10TourShown"=0 "IE10RecommendedSettingsNo"=0 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "HangRecovery"=1 "DesktopTransparentCoverWindowTime"=8 "TSEnable"=1 "Isolation"=PMIL "Isolation64Bit"=0 "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "FrameShutdownDelay"=0 "Search Bar"=Preserve "MinIEEnabled"=1 "FormSuggest Passwords"=yes "FormSuggest PW Ask"=yes "RefcountTracker"=0 "TabDragOnSingleProc"=0 "ForceBFCacheCandidacyPass"=0 "Fasterback"=1 "BackForwardInstrumentation"=0 "DisableFirstRunCustomize"=3 "OperationalData"=5 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF46000000460000002206000092030000 "CompatibilityFlags"=0 "DoNotTrack"=0 "IE10RunOnceCompletionTime"=0xB7BBFDC3E4CDD001 "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Start Page Redirect Cache_TIMESTAMP"=0xB2E600C397DBD101 "Start Page Redirect Cache AcceptLangs"=fr-FR "PlaySounds"=0 "UseSWRender"=0 "MixedContentBlockImages"=1 "Start Page_TIMESTAMP"=0x1F7CCE1F6B9DD101 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "Start Page Redirect Cache"=http://www.msn.com/de-de/?ocid=iehp [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=IEUser@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0x22765838DBA9D001 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "EnableAutodial"=0 "NoNetAutodial"=0 "ProxyHttp1.1"=1 "EnableSPDY3_0"=0 "BackgroundConnections"=1 "EnableSSL3Fallback"=1 "EnablePunycode"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "SyncMode5"=4 "DisableIDNPrompt"=0 "EnforceP3PValidity"=0 "WarnOnPostRedirect"=1 "WarnonBadCertRecving"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=about:blank "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=about:blank "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | SSODL | SEH | URLSH | STS ---------- | Toolbar [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "DefaultPackCorrection"=1 "UpgradeTime"=0x368C5FC4E4CDD001 "TopResult"=1 "ShowSearchSuggestionsGlobal"=1 "ShowSearchSuggestionsInAddressGlobal"=1 "KnownProvidersUpgradeTime"=0x9C32E1C3E4CDD001 "Version"=4 "DefaultPackNTCorrection"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] : () - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] : () - [] ---------- | SearchScopes [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA7E07AC-EE8A-4DB8-B3FD-1CBEDDDC7313}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA7E07AC-EE8A-4DB8-B3FD-1CBEDDDC7313}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LNJB : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{CA7E07AC-EE8A-4DB8-B3FD-1CBEDDDC7313}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LNJB : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [11/07/2016 23:21:52] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] -> (Skype Click to Call for Internet Explorer) : C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [25/05/2016 10:30:38] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [11/07/2016 23:21:52] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] -> (Skype Click to Call for Internet Explorer) : C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [25/05/2016 10:30:38] ---------- | Chrome C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - https://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\kmhkepipobnjllejbafajoemahjejdcm = : __MSG_addons_description__ - version_name: 2.0.4 - http://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\oemmndcbldboiebfnladdacbdfmadadm = : Uses HTML5 to display PDF files directly in the browser. - PDF Viewer - permissions:[fileBrowserHandlerwebRequestwebRequestBlocking\u003Call_urls>tabswebNavigationstorage] - https://clients2.google.com/service/update2/crx C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF "sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF "sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\MozillaPlugins\ubisoft.com/uplaypc] - () : C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll ---------- | Active Connections TCP 127.0.0.1:5905 Marion-PC:49155 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49156 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49157 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49158 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49159 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49161 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49162 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49164 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49165 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49166 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49167 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49170 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49171 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49179 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49182 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49186 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49187 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49188 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49189 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49191 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49192 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49193 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49194 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49308 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49309 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49310 ESTABLISHED 2256 TCP 127.0.0.1:5905 Marion-PC:49311 ESTABLISHED 2256 TCP 127.0.0.1:49155 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49156 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49157 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49158 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49159 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49161 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49162 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49164 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49165 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49166 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49167 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49170 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49171 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49179 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49182 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49186 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49187 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49188 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49189 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49191 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49192 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49193 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49194 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49199 Marion-PC:49200 ESTABLISHED 1660 TCP 127.0.0.1:49200 Marion-PC:49199 ESTABLISHED 1660 TCP 127.0.0.1:49202 Marion-PC:49203 ESTABLISHED 1660 TCP 127.0.0.1:49203 Marion-PC:49202 ESTABLISHED 1660 TCP 127.0.0.1:49308 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49309 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49310 Marion-PC:5905 ESTABLISHED 2256 TCP 127.0.0.1:49311 Marion-PC:5905 ESTABLISHED 2256 TCP 192.168.1.3:49207 lon01.ff.avast.com:http ESTABLISHED 1660 TCP 192.168.1.3:53340 104.244.42.8:https ESTABLISHED 1788 TCP 192.168.1.3:53461 wm-in-f188.1e100.net:https ESTABLISHED 1788 TCP 192.168.1.3:53597 par03s15-in-f99.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53598 wb-in-f120.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53599 wo-in-f139.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53600 wk-in-f120.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53601 wo-in-f101.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53604 wb-in-f120.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53605 par10s10-in-f4.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53606 wb-in-f138.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53613 a23-217-244-118.deploy.static.akamaitechnologies.com:http ESTABLISHED 1788 TCP 192.168.1.3:53614 a23-217-244-118.deploy.static.akamaitechnologies.com:https ESTABLISHED 1788 TCP 192.168.1.3:53618 wb-in-f138.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53622 wo-in-f113.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53637 wo-in-f139.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53641 par03s13-in-f2.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53642 par03s15-in-f98.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53645 a23-217-135-228.deploy.static.akamaitechnologies.com:https ESTABLISHED 1788 TCP 192.168.1.3:53647 a23-217-135-228.deploy.static.akamaitechnologies.com:https ESTABLISHED 1788 TCP 192.168.1.3:53648 par03s15-in-f6.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53651 par03s15-in-f6.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53659 par03s15-in-f6.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53660 par10s21-in-f2.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53669 par03s15-in-f97.1e100.net:https TIME_WAIT 0 TCP 192.168.1.3:53683 wb-in-f190.1e100.net:https ESTABLISHED 1788 TCP 192.168.1.3:53701 par10s21-in-f2.1e100.net:http ESTABLISHED 1788 TCP 192.168.1.3:53728 par10s21-in-f2.1e100.net:https ESTABLISHED 1788 TCP 192.168.1.3:53729 185.29.135.48:http ESTABLISHED 1788 TCP 192.168.1.3:53736 wb-in-f95.1e100.net:https ESTABLISHED 1788 TCP 192.168.1.3:53737 wb-in-f102.1e100.net:https ESTABLISHED 1788 TCP 192.168.1.3:53740 wo-in-f94.1e100.net:https ESTABLISHED 1788 TCP 192.168.1.3:53742 par10s10-in-f13.1e100.net:https ESTABLISHED 1788 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{0543126B-273F-455B-90E7-652E7379AC5C}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1F295595-6AC4-4D84-83B3-932087EDBE74}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{0543126B-273F-455B-90E7-652E7379AC5C}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{1F295595-6AC4-4D84-83B3-932087EDBE74}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0543126B-273F-455B-90E7-652E7379AC5C}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1F295595-6AC4-4D84-83B3-932087EDBE74}] "DhcpNameServer"=192.168.1.254 ---------- | Applications [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | Svchost - Netsvcs (Whitelisted) Term - : ---------- | Software [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Adobe] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Alps] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\AMD] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\AppDataLow] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\ATI] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\AVAST Software] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Bevee] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\BitTorrent] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Blizzard Entertainment] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\BugSplat] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\bunkus.org] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Butter] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Clients] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Conexant] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\CyberLink] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Disc Soft] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\GOG.com] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Google] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\IBM] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\IM Providers] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Intel] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Lenovo] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Logitech] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Macromedia] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\MozillaPlugins] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Netscape] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\ODBC] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\OpenOffice] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\PACE Anti-Piracy] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Piriform] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Policies] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\QtProject] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Raptr] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\RegisteredApplications] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Skype] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Steel Crate Games] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Sunplus SPUVCb] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\sysinternals] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\TeamSpeak 3 Client] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Trolltech] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Unity] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Valve] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\VSRevoGroup] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\WinRAR] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\WinRAR SFX] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Wow6432Node] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\{41C5D74D-74B7-2C66-2A26-1AC3F9A035CF}] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\{B906F941-89D6-2447-1F43-F5B911D3994B}] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\ShellNoRoam] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Alps] [HKLM\Software\AMD] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\CBSTEST] [HKLM\Software\Clients] [HKLM\Software\CNXT_UIU_MUTEX] [HKLM\Software\Cnxt_Uiu_Parms] [HKLM\Software\Conexant] [HKLM\Software\DellShared] [HKLM\Software\Disc Soft] [HKLM\Software\DisplayLink] [HKLM\Software\Dolby] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\IBM] [HKLM\Software\IM Providers] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\Intel Corporation] [HKLM\Software\Khronos] [HKLM\Software\Lenovo] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Network Associates] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\Sonic] [HKLM\Software\Sunplus SPUVCb] [HKLM\Software\sysinternals] [HKLM\Software\UIU] [HKLM\Software\Wow6432Node] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\Software\WOW6432Node\activision] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AdwCleaner] [HKLM\Software\WOW6432Node\AMD] [HKLM\Software\WOW6432Node\AppDataLow] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Aviata] [HKLM\Software\WOW6432Node\Blizzard Entertainment] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\Conexant] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\DellShared] [HKLM\Software\WOW6432Node\GOG.com] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\IBM] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lake] [HKLM\Software\WOW6432Node\Lenovo] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Network Associates] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Riot Games] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\Symantec] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Wow6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\DisplayLink] [HKLM\Software\WOW6432Node\Even Balance] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives Q: [11/06/2015 05:24:54] - |ASH| - (.-.) - [49] - (0.0.0.0) - Q:\AUTORUN.INF [11/06/2015 05:24:54] - |ASH| - (.-.) - [65] - (0.0.0.0) - Q:\LenovoQDrive.cmd ---------- | C: [14/07/2009 05:18:56] - |SHD| - [387] - C:\$Recycle.Bin [12/05/2016 16:41:14] - |D| - [1161280] - C:\06343a8a17a9f35f4d0dd2cbd9b72d [23/04/2016 12:19:18] - |D| - [499521291] - C:\2-click run [25/06/2015 01:20:31] - |D| - [15901492] - C:\AdwCleaner [22/07/2016 12:51:22] - |D| - [518050982] - C:\AMD [13/11/2014 23:14:54] - |SHD| - [15720756] - C:\Boot [MD5.259525CFB422E6AC8E87BC9777B1DF73] - [13/11/2014 23:14:54] - |RASH| - (.-.) - [383786] - (0.0.0.0) - C:\bootmgr [MD5.2B84A28045CA0628EDC1CE352A33D3AA] - [13/11/2014 23:14:55] - |RASH| - (.-.) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK [23/12/2015 15:35:58] - |D| - [502981830] - C:\Counter Strike 1.6 [14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings [02/08/2015 11:45:02] - |D| - [264989454] - C:\DRIVERS [25/06/2015 15:36:56] - |D| - [26745196287] - C:\Earthquake 434 [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/06/2015 04:44:11] - |ASH| - (.-.) - [6233403392] - (0.0.0.0) - C:\hiberfil.sys [MD5.0B32E5FC073EEC5761598739844DA14B] - [18/06/2015 18:41:13] - |A| - (.-.) - [374] - (0.0.0.0) - C:\IFRToolLog.txt [11/06/2015 05:03:22] - |D| - [96786] - C:\Intel [10/06/2015 11:51:36] - |D| - [579803] - C:\mfg [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/06/2015 04:44:11] - |ASH| - (.-.) - [8311205888] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 05:20:08] - |D| - [19725157] - C:\PerfLogs [14/07/2009 05:20:08] - |RD| - [2331009049] - C:\Program Files [14/07/2009 05:20:08] - |RD| - [33122899282] - C:\Program Files (x86) [14/07/2009 05:20:08] - |HD| - [1260761298] - C:\ProgramData [27/07/2016 23:43:33] - |D| - [262057] - C:\QuickDiag [MD5.530A9B9463F9A584FB02C7A73D74686C] - [27/07/2016 23:43:49] - |A| - (.-.) - [126476] - (0.0.0.0) - C:\QuickDiag.txt [18/06/2015 17:35:13] - |D| - [6620674632] - C:\Riot Games [13/11/2014 23:25:50] - |D| - [33825113] - C:\support [13/11/2014 23:14:41] - |D| - [5791817129] - C:\SWTOOLS [11/06/2015 03:57:24] - |SHD| - [0] - C:\System Volume Information [11/06/2015 05:39:54] - |D| - [23916] - C:\Temp [14/07/2009 05:20:08] - |RD| - [193597180850] - C:\Users [14/07/2009 05:20:08] - |D| - [30252252376] - C:\Windows ---------- | C:\Windows [14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins [14/07/2009 05:20:08] - |D| - [27542749] - C:\Windows\AppCompat [14/07/2009 05:20:08] - |D| - [10973952] - C:\Windows\AppPatch [14/07/2009 05:20:08] - |RSD| - [1454985172] - C:\Windows\assembly [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/06/2015 05:23:45] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\ativpsrm.bin [MD5.7EFB1577EFBD72521E670188AA546C7D] - [11/07/2016 23:21:58] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.1.3076.0) - C:\Windows\avastSS.scr [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [21/11/2010 05:24:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 05:20:09] - |D| - [29163158] - C:\Windows\Boot [MD5.449E2906C80C713E9E86EA84958D3565] - [14/07/2009 07:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 05:20:09] - |D| - [3233280] - C:\Windows\Branding [12/05/2016 16:40:33] - |D| - [299551567] - C:\Windows\CheckSur [14/11/2014 21:29:44] - |D| - [0] - C:\Windows\CSC [MD5.A4DA4EED1EC85B55D716DFD7DB1A2EE1] - [10/06/2015 11:36:51] - |A| - (.-.) - [12] - (0.0.0.0) - C:\Windows\CSUP.TXT [14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors [11/06/2015 04:04:40] - |D| - [0] - C:\Windows\de-DE [14/07/2009 06:45:54] - |D| - [14220] - C:\Windows\debug [MD5.79F2D7DB790F46A495A8998CD99F42B0] - [01/09/2014 11:16:08] - |A| - (.-.) - [3672] - (0.0.0.0) - C:\Windows\Dext_01.ini [MD5.4EC902E857761137F689C1247453FB20] - [01/09/2014 11:16:08] - |A| - (.-.) - [3862] - (0.0.0.0) - C:\Windows\Dext_02.ini [MD5.3459955C7C8B13FA620369ACE4154D89] - [01/09/2014 11:16:08] - |A| - (.-.) - [3006] - (0.0.0.0) - C:\Windows\Dext_04.ini [MD5.AAB06478DF78B769F1B252C9E17735A3] - [01/09/2014 11:16:08] - |A| - (.-.) - [4082] - (0.0.0.0) - C:\Windows\Dext_05.ini [MD5.1A02BFBCDC0DD18F1F21359752EE4179] - [01/09/2014 11:16:08] - |A| - (.-.) - [3940] - (0.0.0.0) - C:\Windows\Dext_06.ini [MD5.1F25F1A17BBE1EB9DF3048BCA54F2EF3] - [01/09/2014 11:16:08] - |A| - (.-.) - [3928] - (0.0.0.0) - C:\Windows\Dext_07.ini [MD5.9AE53A271C2CB1F091A809E00C25C3D6] - [01/09/2014 11:16:08] - |A| - (.-.) - [4038] - (0.0.0.0) - C:\Windows\Dext_08.ini [MD5.CC4ABCE68713DDBD92EE85A85A452F21] - [01/09/2014 11:16:08] - |A| - (.-.) - [3640] - (0.0.0.0) - C:\Windows\Dext_09.ini [MD5.6B401ACFC91DB63508F83ED38DEC73BE] - [01/09/2014 11:16:08] - |A| - (.-.) - [4116] - (0.0.0.0) - C:\Windows\Dext_10.ini [MD5.F8CF8C7F68DFCDCE0F20E4DA1D9ADD39] - [01/09/2014 11:16:08] - |A| - (.-.) - [4006] - (0.0.0.0) - C:\Windows\Dext_1046.ini [MD5.7B205570CF8854CF1383130B6D2A2D6B] - [01/09/2014 11:16:08] - |A| - (.-.) - [4196] - (0.0.0.0) - C:\Windows\Dext_11.ini [MD5.5264E8B95A8E0CA1A32B4CDCC9F73331] - [01/09/2014 11:16:08] - |A| - (.-.) - [4168] - (0.0.0.0) - C:\Windows\Dext_12.ini [MD5.B6722FB989304339CDC8AC2C49B66888] - [01/09/2014 11:16:08] - |A| - (.-.) - [3622] - (0.0.0.0) - C:\Windows\Dext_13.ini [MD5.8591391EB772049A745D31490C367AFE] - [01/09/2014 11:16:08] - |A| - (.-.) - [4100] - (0.0.0.0) - C:\Windows\Dext_14.ini [MD5.79DE1DE79B3D8EFF89E6670FE38D3D9D] - [01/09/2014 11:16:08] - |A| - (.-.) - [3952] - (0.0.0.0) - C:\Windows\Dext_16.ini [MD5.BA010C9C642361E855F762135E8DFA94] - [01/09/2014 11:16:08] - |A| - (.-.) - [2900] - (0.0.0.0) - C:\Windows\Dext_17.ini [MD5.3D7E5E8E3548F55C39E1DF0B10551271] - [01/09/2014 11:16:08] - |A| - (.-.) - [2882] - (0.0.0.0) - C:\Windows\Dext_18.ini [MD5.53127835716C01929BC9C1D097CA30F9] - [01/09/2014 11:16:08] - |A| - (.-.) - [3944] - (0.0.0.0) - C:\Windows\Dext_19.ini [MD5.F624368A677CAC1298AC69A7E7126675] - [01/09/2014 11:16:08] - |A| - (.-.) - [3916] - (0.0.0.0) - C:\Windows\Dext_20.ini [MD5.4357D5B7E2AEEA83E8117E0DA25E1140] - [01/09/2014 11:16:08] - |A| - (.-.) - [2792] - (0.0.0.0) - C:\Windows\Dext_2052.ini [MD5.F083CF704CD14949F3521DF6329F948C] - [01/09/2014 11:16:08] - |A| - (.-.) - [4196] - (0.0.0.0) - C:\Windows\Dext_21.ini [MD5.CBA5BA2E8D3BDE76C02D82DE21986131] - [01/09/2014 11:16:08] - |A| - (.-.) - [4022] - (0.0.0.0) - C:\Windows\Dext_22.ini [MD5.72007A356D846A3D3B32516D5260782E] - [01/09/2014 11:16:08] - |A| - (.-.) - [3864] - (0.0.0.0) - C:\Windows\Dext_24.ini [MD5.C3238A6B16C264858EF62650A8478196] - [01/09/2014 11:16:08] - |A| - (.-.) - [4178] - (0.0.0.0) - C:\Windows\Dext_25.ini [MD5.D966E9289455FF5616CD561DFC418537] - [01/09/2014 11:16:08] - |A| - (.-.) - [4188] - (0.0.0.0) - C:\Windows\Dext_27.ini [MD5.5FD7C668A26164348BFCACF5617BAB21] - [01/09/2014 11:16:08] - |A| - (.-.) - [3762] - (0.0.0.0) - C:\Windows\Dext_29.ini [MD5.C3EB21A932E410CD8C45D5080EBF25B2] - [01/09/2014 11:16:08] - |A| - (.-.) - [3724] - (0.0.0.0) - C:\Windows\Dext_30.ini [MD5.B089FC72C15FC815CDD849A7BD64FD3F] - [01/09/2014 11:16:08] - |A| - (.-.) - [4098] - (0.0.0.0) - C:\Windows\Dext_31.ini [MD5.92717C461BFAA68E58C9AA1F202FEEF2] - [01/09/2014 11:16:08] - |A| - (.-.) - [4062] - (0.0.0.0) - C:\Windows\Dext_36.ini [14/07/2009 07:32:38] - |D| - [3044378] - C:\Windows\diagnostics [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker [11/06/2015 05:24:36] - |D| - [222592512] - C:\Windows\Downloaded Installations [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files [14/11/2014 21:29:46] - |D| - [118084593] - C:\Windows\ehome [20/07/2016 15:54:40] - |D| - [6388816] - C:\Windows\EOONotify [MD5.9DA3B83F80E205B6C601EEE1312FD0A0] - [16/06/2016 23:00:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3231232] - (6.1.7601.23418) - C:\Windows\explorer.exe [MD5.D41D8CD98F00B204E9800998ECF8427E] - [18/06/2015 17:26:29] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\firstboot.dat [14/07/2009 05:20:09] - |RSD| - [676165863] - C:\Windows\Fonts [11/06/2015 04:08:12] - |D| - [142848] - C:\Windows\fr-FR [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [MD5.36DADC207D52F4911EFCCFA285B9BB53] - [18/06/2015 17:26:29] - |A| - (.-.) - [10] - (0.0.0.0) - C:\Windows\getvol.scp [14/07/2009 05:20:09] - |D| - [43366725] - C:\Windows\Globalization [14/07/2009 05:20:09] - |D| - [48012565] - C:\Windows\Help [MD5.CD47548A52B02D254BF6D7F7A5F2BFD3] - [14/07/2009 02:29:53] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 02:29:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe [MD5.0D776C3A36F2B6E657939BB96096E070] - [12/04/2011 10:28:07] - |A| - (.-.) - [48223] - (0.0.0.0) - C:\Windows\HomeBasic.xml [14/07/2009 05:20:09] - |D| - [143547244] - C:\Windows\IME [14/07/2009 05:20:10] - |D| - [141391315] - C:\Windows\inf [14/11/2014 00:06:59] - |SHD| - [1237769728] - C:\Windows\Installer [14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\LiveKernelReports [14/07/2009 05:20:10] - |D| - [46461038] - C:\Windows\Logs [14/07/2009 05:20:10] - |RSD| - [14004469] - C:\Windows\Media [MD5.6577149AACD5D93E58E81BD7ADE3F449] - [11/06/2015 03:58:50] - |A| - (.-.) - [1271] - (0.0.0.0) - C:\Windows\MFGCLEAN.CMD [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 05:20:10] - |D| - [880246628] - C:\Windows\Microsoft.NET [14/11/2014 00:07:03] - |D| - [5787] - C:\Windows\Migration [06/01/2016 17:53:20] - |D| - [0] - C:\Windows\Minidump [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [13/08/2015 11:23:54] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe [MD5.9F6495040A9DEE5F7C1D98163446ECB9] - [11/06/2015 05:25:26] - |A| - (.-.) - [28728] - (0.0.0.0) - C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.txt [MD5.542B3C7BD9B670B928FDD49A8124E24E] - [11/06/2015 05:25:26] - |A| - (.-.) - [196608] - (0.0.0.0) - C:\Windows\ocsetup_install_OEMHelpCustomization.etl [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages [13/11/2014 23:15:07] - |D| - [1467869] - C:\Windows\Panther [14/07/2009 07:32:38] - |D| - [63242007] - C:\Windows\Performance [14/07/2009 05:20:10] - |D| - [1132015] - C:\Windows\PLA [14/07/2009 05:20:10] - |D| - [7448359] - C:\Windows\PolicyDefinitions [13/11/2014 23:15:47] - |D| - [62238386] - C:\Windows\Prefetch [MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [14/11/2014 21:30:49] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\Windows\PROFESSIONAL.xml [MD5.FA02A10F3F5EB898D73F8F4E6CC0F24C] - [11/06/2015 05:24:05] - |N| - (.Copyright (C) Lenovo 2006,2007. - ThinkPad Power Manager HTML Help Execte Helper.) - [2692848] - (1.0.0.0) - C:\Windows\PWMBTHLV.EXE [MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\Registration [MD5.9812A5EA1CA6AA4E941A2D21CA82E11B] - [01/09/2014 11:16:08] - |A| - (.-.) - [6318] - (0.0.0.0) - C:\Windows\remove.ini [MD5.EC8C831BEABF6EFDB076D4D278892C65] - [18/12/2015 18:50:25] - |A| - (.-.) - [773] - (0.0.0.0) - C:\Windows\removeep.cmd [14/07/2009 05:20:10] - |D| - [8369301] - C:\Windows\rescache [14/07/2009 05:20:10] - |D| - [1680075] - C:\Windows\Resources [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache [14/07/2009 05:20:10] - |D| - [58021] - C:\Windows\schemas [14/07/2009 05:20:10] - |D| - [1070380] - C:\Windows\security [14/07/2009 06:45:47] - |D| - [51984320] - C:\Windows\ServiceProfiles [14/07/2009 05:20:10] - |D| - [129802664] - C:\Windows\servicing [14/07/2009 06:45:50] - |D| - [311] - C:\Windows\Setup [14/11/2014 21:29:46] - |D| - [4544] - C:\Windows\ShellNew [11/06/2015 04:48:20] - |D| - [1059833599] - C:\Windows\SoftwareDistribution [14/07/2009 05:20:10] - |D| - [70579144] - C:\Windows\Speech [MD5.127AA81343A7C6F665C22CB1293B0A90] - [14/11/2014 00:18:44] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\Windows\splwow64.exe [MD5.D322350DAFB6BEA31FF25C2A04F6DD66] - [01/09/2014 11:16:08] - |A| - (.Copyright (C) 2010 - Remove Driver Application.) - [93344] - (1.0.0.7) - C:\Windows\SPRemove_x64.exe [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 05:20:10] - |D| - [5125708641] - C:\Windows\System32 [MD5.B125C21872B0EEF88AAD6EC1027AAC28] - [11/06/2015 05:33:58] - |A| - (.-.) - [6] - (0.0.0.0) - C:\Windows\systemtype.txt [14/07/2009 05:20:14] - |D| - [1498997927] - C:\Windows\SysWOW64 [14/07/2009 05:20:14] - |D| - [15] - C:\Windows\TAPI [14/07/2009 05:20:14] - |D| - [34638] - C:\Windows\Tasks [14/07/2009 05:20:14] - |D| - [42231533] - C:\Windows\Temp [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [MD5.D00FF5B41A322A7BD7E167E7705B2AE3] - [01/09/2014 11:16:08] - |A| - (.-.) - [14503] - (0.0.0.0) - C:\Windows\TWAIN2080.ini [MD5.3106DDC33C612019864AFD630B597A4C] - [01/09/2014 11:16:08] - |A| - (.-.) - [7408] - (0.0.0.0) - C:\Windows\TWAIN2080.src [14/07/2009 07:32:38] - |D| - [243872] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [21/11/2010 05:25:10] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [MD5.B64891DC75F0584BF64EA379BFF7F7FB] - [01/09/2014 11:16:08] - |A| - (.- Integrated Camera installer.) - [95952] - (3.3.5.1) - C:\Windows\un_dext.exe [11/06/2015 05:47:40] - |D| - [130360] - C:\Windows\util [14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss [14/07/2009 05:20:14] - |D| - [40769109] - C:\Windows\Web [MD5.CF6C94390135E660C1A167651642359C] - [14/07/2009 04:34:57] - |A| - (.-.) - [435] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.BE18523CF64BCFE53FC418C2F31F7104] - [11/06/2015 04:48:17] - |N| - (.-.) - [2063283] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [MD5.21B431E660103355C0C87B5FDE8B92C2] - [17/07/2015 09:59:02] - |A| - (.-.) - [192] - (0.0.0.0) - C:\Windows\wininit.ini [14/07/2009 05:20:14] - |D| - [16665390590] - C:\Windows\winsxs [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [04/05/2016 17:37:22] - C:\Windows\Installer\11f3be.msi : (Lenovo Solution Center - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/07/2016 22:32:29] - C:\Windows\Installer\173dd1d.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/05/2016 10:58:02] - C:\Windows\Installer\1e14bf.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/07/2016 12:14:21] - C:\Windows\Installer\1e62e26.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/01/2015 01:58:38] - C:\Windows\Installer\22730.msi : (Intel(R) Technology Access - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2014 22:14:08] - C:\Windows\Installer\2acb09.msi : (Blank Project Template - Adobe) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2014 22:10:02] - C:\Windows\Installer\2acb11.msi : (Blank Project Template - Adobe) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/01/2016 18:41:17] - C:\Windows\Installer\2acb33.msi : (Adobe Help - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/07/2015 11:37:48] - C:\Windows\Installer\38f5e28.msi : (Message Center Plus - Lenovo Group Limited) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/07/2016 21:49:36] - C:\Windows\Installer\3f4c16b.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/10/2014 18:39:04] - C:\Windows\Installer\4e3b2.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/10/2014 18:40:20] - C:\Windows\Installer\4e3b8.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/10/2014 18:39:02] - C:\Windows\Installer\4e3be.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/10/2014 18:40:52] - C:\Windows\Installer\4e3c4.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/10/2014 18:37:12] - C:\Windows\Installer\4e3ca.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/08/2014 00:57:28] - C:\Windows\Installer\4e3d0.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/08/2014 08:21:10] - C:\Windows\Installer\4e407.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:04:52] - C:\Windows\Installer\4e40d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:56:38] - C:\Windows\Installer\4e413.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:56:52] - C:\Windows\Installer\4e419.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:57:06] - C:\Windows\Installer\4e41f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:57:22] - C:\Windows\Installer\4e425.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:57:36] - C:\Windows\Installer\4e42b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:57:52] - C:\Windows\Installer\4e431.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:58:06] - C:\Windows\Installer\4e437.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:58:22] - C:\Windows\Installer\4e43d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:58:38] - C:\Windows\Installer\4e443.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:58:52] - C:\Windows\Installer\4e449.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:59:04] - C:\Windows\Installer\4e44f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:59:18] - C:\Windows\Installer\4e455.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:59:34] - C:\Windows\Installer\4e45b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 13:59:46] - C:\Windows\Installer\4e461.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:00:00] - C:\Windows\Installer\4e467.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:00:12] - C:\Windows\Installer\4e46d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:00:26] - C:\Windows\Installer\4e473.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:00:42] - C:\Windows\Installer\4e479.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:00:54] - C:\Windows\Installer\4e47f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:01:08] - C:\Windows\Installer\4e485.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:01:22] - C:\Windows\Installer\4e48b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:01:38] - C:\Windows\Installer\4e491.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:01:56] - C:\Windows\Installer\4e497.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/12/2011 22:58:32] - C:\Windows\Installer\4e49e.msi : (PowerXpressHybrid - InstallShield Software Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/12/2014 14:10:28] - C:\Windows\Installer\4e4b2.msi : (AMD Accelerated Video Transcoding INstallation package - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2014 01:14:02] - C:\Windows\Installer\4e4b9.msi : (DisplayLink Core Software - DisplayLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/04/2014 01:14:04] - C:\Windows\Installer\4e4bf.msi : (Lenovo USB Graphics - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/12/2014 03:21:40] - C:\Windows\Installer\4e4c5.msi : (Intel® WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/12/2014 03:21:48] - C:\Windows\Installer\4e4cb.msi : (Intel® WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [31/08/2012 13:28:26] - C:\Windows\Installer\4e4d1.msi : (Dolby Advanced Audio v2 - Dolby Laboratories Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/08/2014 05:43:36] - C:\Windows\Installer\4e4e1.msi : (Intel(R) Wireless Bluetooth(R) - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/08/2014 11:16:04] - C:\Windows\Installer\52ff2.msi : (OpenOffice 4.1.1 - OpenOffice) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/08/2015 11:43:33] - C:\Windows\Installer\545ca6b.msi : (Active Protection System - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/02/2016 11:54:44] - C:\Windows\Installer\54655.msi : (League of Legends - Riot Games) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:16:52] - C:\Windows\Installer\5f7b4c.msi : (AMD Installer (64 bit) - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:05:22] - C:\Windows\Installer\5f7b52.msi : (AMD Wireless Display v3.0 Installer - Advanced Micro Devices Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:09:34] - C:\Windows\Installer\5f7c8d.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:09:48] - C:\Windows\Installer\5f7c93.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:10:02] - C:\Windows\Installer\5f7c99.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:10:14] - C:\Windows\Installer\5f7c9f.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:10:28] - C:\Windows\Installer\5f7ca5.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:10:40] - C:\Windows\Installer\5f7cab.msi : (Catalyst Control Center next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:10:54] - C:\Windows\Installer\5f7cb1.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:11:08] - C:\Windows\Installer\5f7cb7.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:11:20] - C:\Windows\Installer\5f7cbd.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:11:34] - C:\Windows\Installer\5f7cc3.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:11:48] - C:\Windows\Installer\5f7cc9.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:12:02] - C:\Windows\Installer\5f7ccf.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:12:16] - C:\Windows\Installer\5f7cd5.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:12:28] - C:\Windows\Installer\5f7cdb.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:12:42] - C:\Windows\Installer\5f7ce1.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:12:56] - C:\Windows\Installer\5f7ce7.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:13:10] - C:\Windows\Installer\5f7ced.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:13:22] - C:\Windows\Installer\5f7cf3.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:13:36] - C:\Windows\Installer\5f7cf9.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:13:50] - C:\Windows\Installer\5f7cff.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:14:02] - C:\Windows\Installer\5f7d05.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:15:46] - C:\Windows\Installer\5f7d0b.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:09:18] - C:\Windows\Installer\5f7d11.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/11/2015 01:36:54] - C:\Windows\Installer\5f7d17.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/04/2016 20:04:18] - C:\Windows\Installer\5f7d1e.msi : (Drag & Drop Transcoding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/10/2015 18:57:49] - C:\Windows\Installer\6b2bc.msi : (Intel(R) Update Manager - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/05/2015 06:56:10] - C:\Windows\Installer\80959b2.msi : (swMSM - Adobe Systems, Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/05/2016 23:48:38] - C:\Windows\Installer\a673c.msi : ( - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2015 22:10:43] - C:\Windows\Installer\dec266.msi : (Metric Collection SDK Redistributable - Lenovo Group Limited) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/09/2015 12:19:00] - C:\Windows\Installer\f471aa.msi : (System Update - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/06/2015 05:24:36] - C:\Windows\Installer\f4ad.msi : (Lenovo QuickControl - Lenovo Group Limited) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/09/2012 14:54:04] - C:\Windows\Installer\f709.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/06/2015 05:27:07] - C:\Windows\Installer\f711.msi : (Lenovo Warranty Viewer - Lenovo) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/11/2013 23:57:42] - C:\Windows\Installer\f71b.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/05/2014 01:34:44] - C:\Windows\Installer\f725.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/01/2014 21:43:54] - C:\Windows\Installer\f730.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2014 20:41:30] - C:\Windows\Installer\f73a.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/08/2014 04:43:32] - C:\Windows\Installer\f74c.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/06/2015 05:31:49] - C:\Windows\Installer\f753.msi : (Lenovo User Guide - Lenovo Group Limited) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/06/2015 05:31:59] - C:\Windows\Installer\f75a.msi : (Lenovo PowerENGAGE - Lenovo Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/06/2015 05:33:55] - C:\Windows\Installer\f761.msi : (Create Recovery Media Installation - Lenovo Group Limited) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/06/2015 05:39:11] - C:\Windows\Installer\f770.msi : (Metric Collection SDK Redistributable - Lenovo Group Limited) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/06/2014 23:34:10] - C:\Windows\Installer\f7cb.msi : (Intel(R) WiDi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [14/07/2009 06:57:09] - [73] - C:\Windows\System32\desktop.ini [19/06/2015 03:41:10] - [16303] - C:\Windows\System32\ieuinit.inf [14/07/2009 07:13:15] - [1667460] - C:\Windows\System32\PerfStringBackup.INI [10/06/2009 23:01:25] - [60124] - C:\Windows\System32\tcpmon.ini [19/06/2015 03:41:11] - [16303] - C:\Windows\Syswow64\ieuinit.inf [14/07/2009 06:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf [14/11/2014 00:07:22] - [1642544] - C:\Windows\Syswow64\PerfStringBackup.INI ---------- | [Marion] [04/06/2016 18:38:42] - |D| - [0] - C:\Users\Marion\.LSC [04/06/2016 18:38:42] - |D| - [0] - C:\Users\Marion\.QtWebEngineProcess [18/06/2015 17:26:27] - |HD| - [1292594204] - C:\Users\Marion\AppData [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\Application Data [18/06/2015 17:26:51] - |RD| - [68787] - C:\Users\Marion\Contacts [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\Cookies [18/06/2015 17:26:27] - |RD| - [128779892426] - C:\Users\Marion\Desktop [18/06/2015 17:26:27] - |RD| - [48590765484] - C:\Users\Marion\Documents [18/06/2015 17:26:27] - |RD| - [13550985794] - C:\Users\Marion\Downloads [18/06/2015 17:26:27] - |RD| - [2104] - C:\Users\Marion\Favorites [18/06/2015 17:26:29] - |SHD| - [25308] - C:\Users\Marion\IntelGraphicsProfiles [18/06/2015 17:26:27] - |RD| - [3987] - C:\Users\Marion\Links [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\Local Settings [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\Menu Démarrer [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\Mes documents [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\Modèles [18/06/2015 17:26:27] - |RD| - [504] - C:\Users\Marion\Music [18/06/2015 17:26:27] - |ASH| - [3145728] - C:\Users\Marion\NTUSER.DAT [18/06/2015 17:26:28] - |ASH| - [262144] - C:\Users\Marion\ntuser.dat.LOG1 [18/06/2015 17:26:28] - |ASH| - [0] - C:\Users\Marion\ntuser.dat.LOG2 [18/06/2015 17:26:28] - |ASH| - [65536] - C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [18/06/2015 17:26:28] - |ASH| - [524288] - C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [18/06/2015 17:26:28] - |ASH| - [524288] - C:\Users\Marion\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [18/06/2015 17:26:28] - |SH| - [20] - C:\Users\Marion\ntuser.ini [22/11/2015 17:22:47] - |RD| - [97] - C:\Users\Marion\OneDrive [18/06/2015 17:26:27] - |RD| - [925724] - C:\Users\Marion\Pictures [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\Recent [18/06/2015 17:26:27] - |D| - [0] - C:\Users\Marion\Roaming [18/06/2015 17:26:27] - |RD| - [282] - C:\Users\Marion\Saved Games [18/06/2015 17:26:59] - |RD| - [1964] - C:\Users\Marion\Searches [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\SendTo [03/07/2015 13:08:46] - |D| - [41123840] - C:\Users\Marion\Tracing [18/06/2015 17:26:27] - |RD| - [504] - C:\Users\Marion\Videos [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\Voisinage d'impression [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\Voisinage réseau [18/06/2015 17:27:00] - |D| - [42689191] - C:\Users\Marion\AppData\Roaming\Adobe [06/01/2016 11:52:04] - |D| - [51458] - C:\Users\Marion\AppData\Roaming\AMD [03/07/2015 19:04:44] - |D| - [0] - C:\Users\Marion\AppData\Roaming\ATI [17/07/2015 10:08:20] - |D| - [38229817] - C:\Users\Marion\AppData\Roaming\AVAST Software [24/06/2015 15:43:14] - |D| - [2218] - C:\Users\Marion\AppData\Roaming\Battle.net [30/06/2015 17:55:28] - |D| - [0] - C:\Users\Marion\AppData\Roaming\CyberLink [19/06/2015 22:49:32] - |D| - [0] - C:\Users\Marion\AppData\Roaming\DAEMON Tools Lite [28/12/2015 20:09:49] - |D| - [203] - C:\Users\Marion\AppData\Roaming\dvdcss [18/06/2015 17:26:52] - |D| - [0] - C:\Users\Marion\AppData\Roaming\Identities [18/06/2015 17:26:28] - |D| - [1224] - C:\Users\Marion\AppData\Roaming\Intel [18/06/2015 17:26:43] - |D| - [144577] - C:\Users\Marion\AppData\Roaming\Lenovo [22/07/2016 13:08:24] - |D| - [0] - C:\Users\Marion\AppData\Roaming\library_dir [19/06/2015 18:20:47] - |D| - [0] - C:\Users\Marion\AppData\Roaming\LolClient [03/09/2015 08:21:19] - |D| - [114244917] - C:\Users\Marion\AppData\Roaming\LSC [18/06/2015 17:26:27] - |D| - [314351] - C:\Users\Marion\AppData\Roaming\Macromedia [18/06/2015 17:26:27] - |D| - [0] - C:\Users\Marion\AppData\Roaming\Media Center Programs [18/06/2015 17:26:27] - |SD| - [48801250] - C:\Users\Marion\AppData\Roaming\Microsoft [11/09/2015 09:33:51] - |D| - [12463550] - C:\Users\Marion\AppData\Roaming\OpenOffice [06/01/2016 18:54:57] - |D| - [2352] - C:\Users\Marion\AppData\Roaming\PACE Anti-Piracy [19/06/2015 14:29:32] - |D| - [174] - C:\Users\Marion\AppData\Roaming\PwrMgr [18/06/2015 20:45:07] - |D| - [25178] - C:\Users\Marion\AppData\Roaming\reaper [18/06/2015 17:33:32] - |D| - [0] - C:\Users\Marion\AppData\Roaming\Riot Games [03/07/2015 13:06:33] - |D| - [105305269] - C:\Users\Marion\AppData\Roaming\Skype [23/06/2015 21:46:57] - |D| - [2909995] - C:\Users\Marion\AppData\Roaming\TS3Client [24/06/2015 15:54:17] - |D| - [12962623] - C:\Users\Marion\AppData\Roaming\uTorrent [13/08/2015 11:17:24] - |D| - [88791] - C:\Users\Marion\AppData\Roaming\vlc [19/06/2015 22:46:09] - |D| - [12] - C:\Users\Marion\AppData\Roaming\WinRAR [26/06/2015 21:58:34] - |AHD| - [0] - C:\Users\Marion\AppData\Local\16940zzeYQQxKt [21/06/2015 17:32:06] - |D| - [2050863] - C:\Users\Marion\AppData\Local\Adobe [22/07/2016 13:15:05] - |D| - [4164] - C:\Users\Marion\AppData\Local\AMD [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\AppData\Local\Application Data [18/06/2015 21:26:32] - |D| - [4683397] - C:\Users\Marion\AppData\Local\Apps [03/07/2015 19:04:44] - |D| - [54378] - C:\Users\Marion\AppData\Local\ATI [18/06/2015 17:27:32] - |D| - [1356] - C:\Users\Marion\AppData\Local\Aviata [24/06/2015 15:43:14] - |D| - [27017157] - C:\Users\Marion\AppData\Local\Battle.net [24/06/2015 15:43:20] - |D| - [260] - C:\Users\Marion\AppData\Local\Blizzard Entertainment [14/03/2016 20:48:07] - |D| - [26546] - C:\Users\Marion\AppData\Local\bunkus.org [29/09/2014 19:34:30] - |AHD| - [0] - C:\Users\Marion\AppData\Local\c85wUX3Y [19/12/2015 20:41:24] - |D| - [8185972] - C:\Users\Marion\AppData\Local\CEF [30/06/2015 17:55:10] - |D| - [23319587] - C:\Users\Marion\AppData\Local\CyberLink [18/06/2015 21:26:31] - |D| - [0] - C:\Users\Marion\AppData\Local\Deployment [21/06/2015 13:56:24] - |D| - [4898551] - C:\Users\Marion\AppData\Local\Diagnostics [19/06/2015 22:55:23] - |D| - [2146] - C:\Users\Marion\AppData\Local\Disc_Soft_Ltd [18/06/2015 18:51:55] - |D| - [84631552] - C:\Users\Marion\AppData\Local\Downloaded Installations [23/06/2015 18:39:25] - |D| - [0] - C:\Users\Marion\AppData\Local\ElevatedDiagnostics [18/06/2015 17:30:51] - |SHD| - [0] - C:\Users\Marion\AppData\Local\EmieBrowserModeList [18/06/2015 17:30:51] - |SHD| - [0] - C:\Users\Marion\AppData\Local\EmieSiteList [18/06/2015 17:30:51] - |SHD| - [0] - C:\Users\Marion\AppData\Local\EmieUserList [27/07/2016 23:43:33] - |A| - [122552] - C:\Users\Marion\AppData\Local\GDIPFONTCACHEV1.DAT [18/06/2015 21:27:06] - |D| - [195100182] - C:\Users\Marion\AppData\Local\Google [21/06/2015 08:18:16] - |D| - [71] - C:\Users\Marion\AppData\Local\GWX [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\AppData\Local\Historique [19/06/2015 14:29:38] - |AH| - [14007753] - C:\Users\Marion\AppData\Local\IconCache.db [18/06/2015 17:27:06] - |D| - [35844] - C:\Users\Marion\AppData\Local\Lenovo [23/06/2015 16:13:15] - |D| - [0] - C:\Users\Marion\AppData\Local\LogMeIn [23/12/2015 18:29:20] - |D| - [0] - C:\Users\Marion\AppData\Local\MediaShow [18/06/2015 17:26:27] - |D| - [164606753] - C:\Users\Marion\AppData\Local\Microsoft [06/01/2016 18:54:57] - |D| - [0] - C:\Users\Marion\AppData\Local\PACE Anti-Piracy [18/06/2015 17:26:59] - |D| - [0] - C:\Users\Marion\AppData\Local\Packages [18/06/2015 17:27:01] - |D| - [40960] - C:\Users\Marion\AppData\Local\Power2Go [18/06/2015 17:32:46] - |D| - [0] - C:\Users\Marion\AppData\Local\Programs [19/06/2015 23:16:51] - |D| - [2864639] - C:\Users\Marion\AppData\Local\PunkBuster [03/07/2015 13:06:35] - |D| - [0] - C:\Users\Marion\AppData\Local\Skype [19/12/2015 20:41:09] - |D| - [126303441] - C:\Users\Marion\AppData\Local\Steam [12/09/2014 10:21:32] - |HD| - [1105] - C:\Users\Marion\AppData\Local\T1RgchLepeKW4o [23/06/2015 16:11:17] - |D| - [56463558] - C:\Users\Marion\AppData\Local\TeamSpeak 3 Client [18/06/2015 17:26:27] - |D| - [464359] - C:\Users\Marion\AppData\Local\Temp [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\AppData\Local\Temporary Internet Files [21/06/2015 18:55:57] - |D| - [2434] - C:\Users\Marion\AppData\Local\Tvsukernel [19/06/2015 23:14:00] - |D| - [0] - C:\Users\Marion\AppData\Local\Ubisoft Game Launcher [13/04/2016 13:00:04] - |D| - [4648] - C:\Users\Marion\AppData\Local\UNDERTALE [18/06/2015 17:26:50] - |D| - [185377025] - C:\Users\Marion\AppData\Local\VirtualStore [18/06/2015 17:26:58] - |ASH| - [174] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [18/06/2015 17:26:28] - |SHD| - [0] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [18/06/2015 17:26:27] - |RD| - [41842] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [26/02/2016 12:01:09] - |A| - [1835] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\REACHit Drive.lnk [07/04/2016 14:37:33] - |A| - [2657] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [23/04/2016 12:19:29] - |D| - [1864] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run [18/06/2015 17:26:27] - |RD| - [14654] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [18/06/2015 17:26:59] - |RD| - [174] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [23/12/2015 15:38:34] - |D| - [0] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [18/06/2015 17:26:58] - |ASH| - [338] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [16/08/2015 14:40:25] - |D| - [2384] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [18/06/2015 17:27:00] - |A| - [1444] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [23/04/2016 12:19:29] - |D| - [1870] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keep Talking and Nobody Explodes [25/07/2016 12:31:10] - |D| - [284] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo [18/06/2015 17:26:27] - |RD| - [580] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [22/11/2015 17:22:47] - |A| - [2220] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk [11/09/2015 07:44:24] - |SD| - [7938] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 [18/06/2015 17:26:59] - |RD| - [174] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [20/12/2015 14:06:16] - |D| - [1378] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [23/06/2015 16:11:17] - |D| - [2259] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [19/06/2015 22:45:42] - |D| - [4281] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [18/06/2015 17:26:59] - |ASH| - [174] - C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [11/06/2015 05:20:15] - |A| - [11889490] - C:\Users\Public\CAFADEBUG.log [11/06/2015 05:31:38] - |D| - [331] - C:\Users\Public\CyberLink [14/07/2009 05:20:08] - |RHD| - [11194] - C:\Users\Public\Desktop [14/07/2009 06:54:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [14/07/2009 05:20:08] - |RD| - [278] - C:\Users\Public\Documents [14/07/2009 05:20:08] - |RD| - [174] - C:\Users\Public\Downloads [14/07/2009 05:20:08] - |RHD| - [0] - C:\Users\Public\Favorites [11/06/2015 05:24:47] - |D| - [7562] - C:\Users\Public\Lenovo [14/07/2009 05:20:08] - |RHD| - [3970] - C:\Users\Public\Libraries [14/07/2009 05:20:08] - |RD| - [17411978] - C:\Users\Public\Music [17/07/2015 09:57:42] - |A| - [262144] - C:\Users\Public\NTUSER.DAT [17/07/2015 09:57:42] - |ASH| - [5120] - C:\Users\Public\NTUSER.DAT.LOG1 [17/07/2015 09:57:42] - |ASH| - [0] - C:\Users\Public\NTUSER.DAT.LOG2 [17/07/2015 09:57:42] - |ASH| - [65536] - C:\Users\Public\NTUSER.DAT{5d44c984-2c21-11e5-9f06-68f728db5315}.TM.blf [17/07/2015 09:57:42] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{5d44c984-2c21-11e5-9f06-68f728db5315}.TMContainer00000000000000000001.regtrans-ms [17/07/2015 09:57:42] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{5d44c984-2c21-11e5-9f06-68f728db5315}.TMContainer00000000000000000002.regtrans-ms [02/08/2015 11:43:43] - |ASH| - [65536] - C:\Users\Public\NTUSER.DAT{a8d1b8f7-382c-11e5-bc59-68f728db5315}.TM.blf [02/08/2015 11:43:43] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{a8d1b8f7-382c-11e5-bc59-68f728db5315}.TMContainer00000000000000000001.regtrans-ms [02/08/2015 11:43:43] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{a8d1b8f7-382c-11e5-bc59-68f728db5315}.TMContainer00000000000000000002.regtrans-ms [14/07/2009 05:20:08] - |RD| - [5838651] - C:\Users\Public\Pictures [14/11/2014 21:29:21] - |RD| - [9699579] - C:\Users\Public\Recorded TV [11/06/2015 05:18:55] - |D| - [0] - C:\Users\Public\Roaming [14/07/2009 05:20:08] - |RD| - [26246732] - C:\Users\Public\Videos ---------- | C:\ProgramData [11/06/2015 05:25:10] - |D| - [46065743] - C:\ProgramData\Adobe [11/06/2015 05:10:47] - |D| - [350925] - C:\ProgramData\AMD [14/07/2009 07:08:56] - |SHD| - [13250310271] - C:\ProgramData\Application Data [17/07/2015 10:05:12] - |D| - [69960224] - C:\ProgramData\AVAST Software [11/06/2015 05:32:01] - |D| - [329] - C:\ProgramData\Aviata [24/06/2015 15:37:57] - |D| - [12463622] - C:\ProgramData\Battle.net [24/06/2015 15:30:41] - |D| - [960282] - C:\ProgramData\Blizzard Entertainment [11/06/2015 05:27:18] - |D| - [817] - C:\ProgramData\CLSK [11/06/2015 05:19:18] - |D| - [1267591] - C:\ProgramData\Conexant [11/06/2015 05:27:17] - |D| - [328043] - C:\ProgramData\CyberLink [19/06/2015 22:48:55] - |D| - [2920] - C:\ProgramData\DAEMON Tools Lite [14/07/2009 07:08:56] - |SHD| - [11194] - C:\ProgramData\Desktop [14/07/2009 07:08:56] - |SHD| - [278] - C:\ProgramData\Documents [11/06/2015 05:19:33] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Favorites [11/06/2015 05:29:10] - |D| - [520306] - C:\ProgramData\install_clap [11/06/2015 05:02:17] - |D| - [54423796] - C:\ProgramData\Intel [11/06/2015 05:43:31] - |D| - [1095000] - C:\ProgramData\Intel(R) Update Manager [11/06/2015 05:18:43] - |D| - [54225219] - C:\ProgramData\Intel.sav [10/06/2015 11:38:11] - |D| - [160867137] - C:\ProgramData\Lenovo [23/06/2015 16:13:15] - |D| - [0] - C:\ProgramData\LogMeIn [21/07/2016 19:45:32] - |D| - [11016268] - C:\ProgramData\Malwarebytes [11/06/2015 05:34:11] - |D| - [176] - C:\ProgramData\McAfee [14/07/2009 05:20:08] - |SD| - [600922956] - C:\ProgramData\Microsoft [22/11/2015 17:22:37] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [19/06/2015 23:16:21] - |D| - [22826] - C:\ProgramData\Orbit [06/01/2016 18:54:57] - |D| - [2030] - C:\ProgramData\PACE Anti-Piracy [11/06/2015 04:56:09] - |D| - [118214643] - C:\ProgramData\Package Cache [06/01/2016 11:51:26] - |D| - [3406] - C:\ProgramData\regid.1986-12.com.adobe [18/06/2015 17:38:08] - |D| - [39] - C:\ProgramData\Riot Games [11/06/2015 05:18:55] - |D| - [0] - C:\ProgramData\Roaming [03/07/2015 13:06:24] - |D| - [127279104] - C:\ProgramData\Skype [14/07/2009 07:08:56] - |SHD| - [191347] - C:\ProgramData\Start Menu [11/06/2015 05:27:16] - |D| - [1839784] - C:\ProgramData\Temp [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Templates [11/06/2015 05:29:51] - |A| - [107] - C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log [11/06/2015 05:27:21] - |A| - [105] - C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [11/06/2015 05:28:11] - |A| - [110] - C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log [11/06/2015 05:29:11] - |A| - [115] - C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 07:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 06:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [14/07/2009 05:20:08] - |RD| - [188357] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 06:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:20:08] - |RD| - [47353] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [14/07/2009 07:32:38] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [06/01/2016 18:41:18] - |A| - [1008] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [11/06/2015 05:26:43] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [22/07/2016 13:03:14] - |D| - [1937] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings [14/07/2016 03:25:32] - |A| - [1048] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk [11/07/2016 23:23:07] - |D| - [1951] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software [07/04/2016 19:23:11] - |D| - [2619] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab [14/07/2016 13:26:03] - |D| - [933] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [23/12/2015 15:38:34] - |D| - [3373] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [14/07/2009 06:54:23] - |ASH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [11/06/2015 05:20:56] - |D| - [1899] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby [11/03/2016 19:34:34] - |D| - [1148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm Launcher [14/07/2009 07:32:38] - |RD| - [2588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [13/04/2016 12:53:10] - |D| - [2995] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com [25/06/2015 01:19:44] - |A| - [2204] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [11/06/2015 05:43:31] - |D| - [1212] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [11/06/2015 05:42:51] - |D| - [4254] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation [11/06/2015 05:42:51] - |A| - [2033] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk [26/02/2016 11:55:27] - |D| - [1819] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends [11/06/2015 04:56:18] - |D| - [4267] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo [11/06/2015 05:39:34] - |A| - [2040] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo PC Experience.lnk [11/06/2015 05:32:02] - |RD| - [2169] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo PowerENGAGE [04/07/2015 11:38:42] - |D| - [2105] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage [11/06/2015 05:23:58] - |HD| - [17872] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools [14/07/2009 05:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [21/07/2016 19:45:34] - |D| - [3724] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [11/06/2015 04:49:37] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [14/03/2016 20:47:36] - |D| - [8948] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix [11/06/2015 05:28:07] - |RD| - [8949] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create [14/07/2009 06:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [04/01/2016 23:05:10] - |D| - [2148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [21/06/2015 08:33:03] - |D| - [4165] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [14/07/2009 05:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [19/12/2015 20:38:05] - |D| - [1054] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [14/11/2014 21:29:21] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [22/07/2016 13:03:20] - |D| - [2366] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1 [14/07/2009 06:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [11/06/2015 04:49:30] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [14/07/2009 06:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [14/07/2009 06:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [19/06/2015 22:45:42] - |D| - [4209] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [24/06/2015 15:31:02] - |D| - [5339] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [14/07/2009 06:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 06:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [11/06/2015 05:25:10] - |D| - [541722936] - C:\Program Files (x86)\Adobe [22/07/2016 13:03:05] - |D| - [57231674] - C:\Program Files (x86)\AMD [11/06/2015 05:10:47] - |D| - [764784] - C:\Program Files (x86)\AMD AVT [11/06/2015 05:10:10] - |D| - [22085] - C:\Program Files (x86)\ATI Technologies [11/06/2015 05:18:44] - |D| - [7114563] - C:\Program Files (x86)\Cisco [14/07/2009 05:20:08] - |D| - [326278891] - C:\Program Files (x86)\Common Files [23/12/2015 15:37:41] - |D| - [1143700083] - C:\Program Files (x86)\Counter-Strike 1.6 [11/06/2015 05:27:41] - |D| - [985772018] - C:\Program Files (x86)\CyberLink [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [07/04/2016 19:05:21] - |D| - [10723803312] - C:\Program Files (x86)\Divinity Original Sin Enhanced Edition [13/04/2016 12:53:00] - |D| - [158280710] - C:\Program Files (x86)\Divinity Original Sin Enhanced EditionUndertale [11/06/2015 05:20:56] - |D| - [2319024] - C:\Program Files (x86)\Dolby Advanced Audio v2 [11/03/2016 19:34:30] - |D| - [60604971] - C:\Program Files (x86)\FirestormLauncher [18/06/2015 21:27:14] - |D| - [524582006] - C:\Program Files (x86)\Google [11/06/2015 05:11:32] - |HD| - [157099223] - C:\Program Files (x86)\InstallShield Installation Information [11/06/2015 05:12:39] - |D| - [6549661] - C:\Program Files (x86)\Integrated Camera [11/06/2015 05:02:13] - |D| - [88936354] - C:\Program Files (x86)\Intel [14/07/2009 05:20:08] - |D| - [11244862] - C:\Program Files (x86)\Internet Explorer [11/06/2015 04:56:18] - |D| - [118998702] - C:\Program Files (x86)\Lenovo [11/06/2015 05:32:01] - |D| - [2115708] - C:\Program Files (x86)\Lenovo Registration [21/07/2016 19:45:32] - |D| - [59400843] - C:\Program Files (x86)\Malwarebytes Anti-Malware [11/06/2015 05:37:35] - |D| - [0] - C:\Program Files (x86)\Microsoft Office [22/11/2015 17:22:47] - |D| - [7846992] - C:\Program Files (x86)\Microsoft OneDrive [14/11/2014 00:07:04] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild [11/09/2015 07:43:54] - |D| - [327250813] - C:\Program Files (x86)\OpenOffice 4 [22/07/2016 13:08:20] - |D| - [585744] - C:\Program Files (x86)\Raptr Inc [11/06/2015 05:45:17] - |D| - [14293209] - C:\Program Files (x86)\Realtek [14/07/2009 07:32:38] - |D| - [39175425] - C:\Program Files (x86)\Reference Assemblies [03/07/2015 13:06:27] - |RD| - [91449793] - C:\Program Files (x86)\Skype [21/06/2015 08:31:10] - |D| - [57] - C:\Program Files (x86)\SpeedFan [19/12/2015 20:38:05] - |D| - [17400071292] - C:\Program Files (x86)\Steam [11/06/2015 05:24:05] - |D| - [98545300] - C:\Program Files (x86)\ThinkPad [19/06/2015 22:59:14] - |D| - [0] - C:\Program Files (x86)\Ubisoft [14/07/2009 06:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [13/08/2015 11:15:32] - |D| - [127461522] - C:\Program Files (x86)\VideoLAN [24/06/2015 16:00:29] - |D| - [0] - C:\Program Files (x86)\VS Revo Group [22/07/2016 13:03:20] - |D| - [548101] - C:\Program Files (x86)\VulkanRT [14/07/2009 07:32:38] - |D| - [524800] - C:\Program Files (x86)\Windows Defender [14/07/2009 05:20:08] - |D| - [6181376] - C:\Program Files (x86)\Windows Mail [14/07/2009 07:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player [14/07/2009 05:20:08] - |D| - [12197556] - C:\Program Files (x86)\Windows NT [14/07/2009 07:32:38] - |D| - [4417800] - C:\Program Files (x86)\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [5994626] - C:\Program Files (x86)\Windows Sidebar [19/06/2015 22:45:39] - |D| - [4548631] - C:\Program Files (x86)\WinRAR ---------- | C:\Program Files [09/04/2016 22:15:01] - |D| - [11907664] - C:\Program Files\Adobe [11/06/2015 05:10:07] - |D| - [97257074] - C:\Program Files\AMD [11/06/2015 05:14:51] - |D| - [23009575] - C:\Program Files\Apoint2K [11/06/2015 05:09:57] - |D| - [20959] - C:\Program Files\ATI [17/07/2015 10:05:51] - |D| - [889609097] - C:\Program Files\AVAST Software [14/07/2016 13:26:02] - |D| - [18988336] - C:\Program Files\CCleaner [14/07/2009 05:20:08] - |D| - [71080364] - C:\Program Files\Common Files [11/06/2015 05:19:31] - |D| - [520912677] - C:\Program Files\CONEXANT [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini [11/06/2015 04:51:47] - |D| - [1047632] - C:\Program Files\DIFX [11/06/2015 05:13:31] - |D| - [25860325] - C:\Program Files\DisplayLink Core Software [14/07/2009 07:32:38] - |D| - [90256916] - C:\Program Files\DVD Maker [11/06/2015 05:02:23] - |D| - [146063352] - C:\Program Files\Intel [11/06/2015 05:42:50] - |D| - [97724722] - C:\Program Files\Intel Corporation [14/07/2009 05:20:08] - |D| - [31516609] - C:\Program Files\Internet Explorer [11/06/2015 05:24:45] - |D| - [204197806] - C:\Program Files\Lenovo [11/06/2015 05:14:00] - |D| - [9123] - C:\Program Files\Lenovo USB Graphics [11/06/2015 05:01:29] - |D| - [4070784] - C:\Program Files\MLPS [14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files\MSBuild [14/07/2009 07:32:38] - |D| - [36834473] - C:\Program Files\Reference Assemblies [11/06/2015 05:23:58] - |D| - [7352394] - C:\Program Files\ThinkPad [14/07/2009 07:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information [14/07/2009 07:32:38] - |D| - [4039680] - C:\Program Files\Windows Defender [14/11/2014 21:30:01] - |D| - [9242744] - C:\Program Files\Windows Journal [14/07/2009 05:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail [14/07/2009 07:32:38] - |D| - [7687085] - C:\Program Files\Windows Media Player [14/07/2009 05:20:08] - |D| - [12627636] - C:\Program Files\Windows NT [14/07/2009 07:32:38] - |D| - [5516056] - C:\Program Files\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [7241184] - C:\Program Files\Windows Sidebar ---------- | C:\Program Files (x86)\Common Files [11/06/2015 05:26:26] - |D| - [148022614] - C:\Program Files (x86)\Common Files\Adobe [11/06/2015 05:25:10] - |D| - [28429088] - C:\Program Files (x86)\Common Files\Adobe AIR [11/06/2015 05:10:47] - |D| - [2460960] - C:\Program Files (x86)\Common Files\ATI Technologies [18/12/2015 18:49:21] - |D| - [1536189] - C:\Program Files (x86)\Common Files\AV [24/06/2015 15:31:02] - |D| - [195] - C:\Program Files (x86)\Common Files\Blizzard Entertainment [11/06/2015 05:24:02] - |D| - [1155061] - C:\Program Files (x86)\Common Files\InstallShield [11/06/2015 05:11:23] - |D| - [70884897] - C:\Program Files (x86)\Common Files\Intel [11/06/2015 05:39:16] - |D| - [468025] - C:\Program Files (x86)\Common Files\LENOVO [14/07/2009 05:20:08] - |D| - [18533522] - C:\Program Files (x86)\Common Files\microsoft shared [11/06/2015 05:02:23] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [15/06/2016 20:47:10] - |D| - [2399872] - C:\Program Files (x86)\Common Files\Skype [14/07/2009 05:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines [19/12/2015 20:38:06] - |D| - [835664] - C:\Program Files (x86)\Common Files\Steam [14/07/2009 05:20:08] - |D| - [10241523] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [11/06/2015 05:10:07] - |D| - [4041857] - C:\Program Files\Common files\ATI Technologies [18/12/2015 18:49:21] - |D| - [1536189] - C:\Program Files\Common files\AV [11/06/2015 05:18:44] - |D| - [2294304] - C:\Program Files\Common files\Intel [11/06/2015 05:34:11] - |D| - [199360] - C:\Program Files\Common files\McAfee [14/07/2009 05:20:08] - |D| - [50206989] - C:\Program Files\Common files\Microsoft Shared [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files\Common files\Services [14/07/2009 05:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines [14/07/2009 05:20:08] - |D| - [12190195] - C:\Program Files\Common files\System ---------- | Tasks [MD5.7F0F25CB4CE1FBDA3ED9F703721614B5] - [25/06/2015 01:18:05] - |A| - [1066] - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [MD5.13C199E1FBB9CE492C162DA5F55183B2] - [25/06/2015 01:18:05] - |A| - [1070] - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 07:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.A71310F46E1E45C6CF930AEE55D13C73] - [14/07/2009 07:08:49] - |A| - [32496] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.1ADEB41B91EA8A07A39BFEA5219F8006] - [16/08/2015 14:48:04] - |A| - [4476] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.DDDA009809BFC0E04538245F7BDCEA6D] - [22/07/2016 13:12:47] - |A| - [4238] - C:\Windows\System32\Tasks\AMD Updater : "C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe" [MD5.00000000000000000000000000000000] - [18/12/2015 18:49:22] - |D| - [3860] - C:\Windows\System32\Tasks\AVAST Software [MD5.619DD10361EC88D5445AC9F9918791AB] - [17/07/2015 10:07:55] - |A| - [4180] - C:\Windows\System32\Tasks\avast! Emergency Update : C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [MD5.DFA2576778817CEA4CB84E4BA349CB36] - [14/07/2016 13:26:04] - |A| - [2794] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.C436D767580128CD106B26A6BC6A58C5] - [11/06/2015 05:28:04] - |A| - [3148] - C:\Windows\System32\Tasks\CLMLSvc : C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [MD5.16CBDB0540F5DF24D76DF1073BFBF55B] - [25/06/2015 01:18:05] - |A| - [3814] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.9FA34392CDDB3DF5CF56CB909AFB9984] - [25/06/2015 01:18:05] - |A| - [4066] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.D731A1172A6F4E6FDB3B6FCF60255E38] - [11/06/2015 05:43:35] - |A| - [3722] - C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 : "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe" [MD5.43060D88FC6326F9A12DDF57C7D0D31B] - [11/06/2015 05:43:35] - |A| - [3476] - C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon : "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe" [MD5.00000000000000000000000000000000] - [11/06/2015 04:56:20] - |D| - [42416] - C:\Windows\System32\Tasks\Lenovo [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:13] - |D| - [336378] - C:\Windows\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [22/11/2015 17:06:17] - |D| - [4728] - C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.B1294E6238FD6C65A286AE851FA00269] - [11/06/2015 05:31:42] - |A| - [3062] - C:\Windows\System32\Tasks\PDVDServ12 Task : C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [MD5.52A65DEEBF6592C0ACD7E8EC20A66724] - [11/06/2015 05:24:17] - |A| - [3020] - C:\Windows\System32\Tasks\PMTask : C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [MD5.38D0B5D6B1F112D66590AB321DA55FC0] - [14/07/2016 03:25:32] - |A| - [3918] - C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468459529 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe [MD5.DFA561476A572F9868D29D6AAA1A63EA] - [11/06/2015 05:31:45] - |A| - [2890] - C:\Windows\System32\Tasks\StartPowerDVDService : "C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [MD5.00000000000000000000000000000000] - [11/06/2015 05:39:30] - |D| - [8122] - C:\Windows\System32\Tasks\TVT [MD5.00000000000000000000000000000000] - [14/07/2009 07:09:57] - |D| - [0] - C:\Windows\System32\Tasks\WPD [MD5.C9A35E1F9A954268AF3EF5A1C97959BF] - [04/07/2015 14:54:25] - |A| - [2978] - C:\Windows\System32\Tasks\{1681566F-B893-46A7-AC9D-2E16B6CA97FE} : C:\Riot Games\League of Legends\lol.launcher.admin.exe [MD5.99CC9DF4072152F4FCB5B5CAF1718FBB] - [04/07/2015 14:27:13] - |A| - [2966] - C:\Windows\System32\Tasks\{23ED8EB3-4EBC-4C9B-A33D-8037D8A58B8F} : C:\Riot Games\League of Legends\lol.launcher.exe [MD5.99CC9DF4072152F4FCB5B5CAF1718FBB] - [04/07/2015 14:22:22] - |A| - [2966] - C:\Windows\System32\Tasks\{2A9768CB-2A00-4F52-950F-2D04AE6A633B} : C:\Riot Games\League of Legends\lol.launcher.exe [MD5.99CC9DF4072152F4FCB5B5CAF1718FBB] - [04/07/2015 21:31:36] - |A| - [2966] - C:\Windows\System32\Tasks\{2B588749-62B9-49C0-8B6F-6710AE06608A} : C:\Riot Games\League of Legends\lol.launcher.exe [MD5.99CC9DF4072152F4FCB5B5CAF1718FBB] - [04/07/2015 14:35:50] - |A| - [2966] - C:\Windows\System32\Tasks\{6C37CFA0-6D7C-4AA0-A2A5-9C3FAC5387E2} : C:\Riot Games\League of Legends\lol.launcher.exe [MD5.C9A35E1F9A954268AF3EF5A1C97959BF] - [04/07/2015 13:11:27] - |A| - [2978] - C:\Windows\System32\Tasks\{89D80EA6-4767-4EFA-B908-DCD72D9B9E8B} : C:\Riot Games\League of Legends\lol.launcher.admin.exe [MD5.99CC9DF4072152F4FCB5B5CAF1718FBB] - [04/07/2015 14:41:53] - |A| - [2966] - C:\Windows\System32\Tasks\{97D0848F-44C6-4C5C-8388-DCCFF788A517} : C:\Riot Games\League of Legends\lol.launcher.exe [MD5.C9A35E1F9A954268AF3EF5A1C97959BF] - [04/07/2015 13:15:36] - |A| - [2978] - C:\Windows\System32\Tasks\{B0A97FB2-8014-4B8E-B95C-A6CA6BF21DEC} : C:\Riot Games\League of Legends\lol.launcher.admin.exe [MD5.314EB8A740A9AA02D6D68AAA3510B4A9] - [23/12/2015 15:40:20] - |A| - [3154] - C:\Windows\System32\Tasks\{B36ED808-C426-409D-B79F-77494EDD360B} : C:\Windows\system32\pcalua.exe [MD5.99CC9DF4072152F4FCB5B5CAF1718FBB] - [04/07/2015 14:38:32] - |A| - [2966] - C:\Windows\System32\Tasks\{B9966DC2-BDC2-458D-9AD8-407531707A4B} : C:\Riot Games\League of Legends\lol.launcher.exe [MD5.99CC9DF4072152F4FCB5B5CAF1718FBB] - [04/07/2015 14:29:35] - |A| - [2966] - C:\Windows\System32\Tasks\{D3D2AC69-D9B2-470C-9606-15CAB64403BB} : C:\Riot Games\League of Legends\lol.launcher.exe [MD5.C9A35E1F9A954268AF3EF5A1C97959BF] - [03/08/2015 13:41:39] - |A| - [2978] - C:\Windows\System32\Tasks\{F7EB4A37-4B8E-4580-AE9C-4EBEA52D4F4D} : C:\Riot Games\League of Legends\lol.launcher.admin.exe [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{C0548CA1-052B-4303-9C13-37001DDDE23C}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002| "{1CC561F3-473C-439C-B1FF-D4B9D50D75B9}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe|Name=Wireless PAN DHCP Server|EmbedCtxt=MyWiFiDHCPDNS| "{D9792D5F-0A8D-4B55-AC7D-ED3578DF6205}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe|Name=Lenovo QuickControl| "{6E105899-7AD9-4DFA-B2E7-D1824BA07FC4}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe|Name=Lenovo QuickControl| "{33B0F6C6-4222-4ECD-84E9-B2EB2C5BBE13}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe|Name=CyberLink PowerDVD 12.0|Desc=CyberLink PowerDVD 12.0| "{5938EFC0-811A-4DCB-B77B-54F766F56968}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe|Name=WiDiApp| "{BCAF68CC-B57E-4AD4-BEF9-BAA48A588D20}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\SysWOW64\PnkBstrA.exe|Name=PnkBstrA| "{461C9AC4-B4BB-4C36-BCA7-D3038111E6CB}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\SysWOW64\PnkBstrA.exe|Name=PnkBstrA| "{798F13B6-A8AA-4136-A8C1-A47FB56B6252}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\SysWOW64\PnkBstrB.exe|Name=PnkBstrB| "{1440536C-2C38-4655-A9DA-3613D0E8E677}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\SysWOW64\PnkBstrB.exe|Name=PnkBstrB| "{F06FB46D-9E6D-4BE4-909D-403C5C7804B9}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Skype\Phone\Skype.exe|Name=Skype| "{C2CFB880-022D-416A-AC67-5941F0D87AE5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\Riot Games\League of Legends\lol.launcher.exe|Name=League of Legends| "{9516706F-D6CB-4E6F-AE84-05591F07EA0D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\Riot Games\League of Legends\lol.launcher.exe|Name=League of Legends| "{B80C13FC-2BE0-4673-B5B7-D6DA8FE2546E}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\Riot Games\League of Legends\lol.launcher.exe|Name=League of Legends| "{D964EC65-708B-4AD7-A26D-E4B9B89EA01B}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\Riot Games\League of Legends\lol.launcher.exe|Name=League of Legends| "{0A476419-410C-4035-B23F-3759566D85CD}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files (x86)\Lenovo\System Update\uncserver.exe|Name=TvsuUNCServer| "{364540A4-4B43-48CD-B602-31D63410DBDE}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files (x86)\Lenovo\System Update\uncserver.exe|Name=TvsuUNCServer| "TCP Query User{1B59B0CB-8290-4D8B-AC3D-48A231241554}C:\program files (x86)\counter-strike 1.6\hl.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\counter-strike 1.6\hl.exe|Name=Half-Life Launcher|Desc=Half-Life Launcher|Defer=User| "UDP Query User{2CEFD5B2-D950-4BB8-91DF-589361F3D72F}C:\program files (x86)\counter-strike 1.6\hl.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\counter-strike 1.6\hl.exe|Name=Half-Life Launcher|Desc=Half-Life Launcher|Defer=User| "{CBA8ED81-15C2-4191-8B96-8B38F58F74BC}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Marion\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (TCP-In) (Marion)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{982B1773-A346-4147-8FFF-19DEA6F551B0}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\Marion\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (TCP-Out) (Marion)|Desc=Allow µTorrent network traffic| "{8E3E68E1-FB2F-49F1-9ABB-EB014DB7081C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Marion\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (UDP-In) (Marion)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{86255B52-225C-4CEE-AE43-0EF70C251E96}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Marion\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Marion)| "{1511FCCE-2A41-4CC6-983B-E2AD32D86DE3}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Marion\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Marion)| "{21FD80FB-0CF4-420C-8CDC-841AE9A303FC}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\Marion\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (UDP-Out) (Marion)|Desc=Allow µTorrent network traffic| "TCP Query User{6F95248C-332F-4FCE-BD0A-88E85FCDF838}C:\program files (x86)\divinity original sin enhanced edition\shipping\eocapp.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\divinity original sin enhanced edition\shipping\eocapp.exe|Name=Divinity Original Sin Enhanced Edition|Desc=Divinity Original Sin Enhanced Edition|Defer=User| "UDP Query User{753B0A56-7F3A-48FF-9A93-35125D0865AF}C:\program files (x86)\divinity original sin enhanced edition\shipping\eocapp.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\divinity original sin enhanced edition\shipping\eocapp.exe|Name=Divinity Original Sin Enhanced Edition|Desc=Divinity Original Sin Enhanced Edition|Defer=User| "{59468356-4585-4D6E-A491-03035CB97896}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "TCP Query User{A80137C5-6CBA-412B-A1EC-D72343F79773}C:\Users\Marion\Desktop\quickdiag_2_24.07.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Marion\Desktop\quickdiag_2_24.07.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User| "UDP Query User{8086F52E-78FA-489A-B2C4-2168ADE624EB}C:\Users\Marion\Desktop\quickdiag_2_24.07.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Marion\Desktop\quickdiag_2_24.07.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User| [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list] "C:\Users\Marion\Desktop\quickdiag_2_24.07.2016.1.exe"=C:\Users\Marion\Desktop\quickdiag_2_24.07.2016.1.exe:*:Enabled:quickdiag_2_24.07.2016.1 ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{34446E8E-37B4-4B16-9DA6-BEA2DB33465A}] : (BluetoothAuxiliary) [] -> @oem31.inf,%BluetoothAuxiliary.NAME%;Bluetooth Auxiliary [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{502EB68B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9D2FE6D0-9B76-11DB-B606-0800200C9A66}] : (SMDriver) [] -> @oem35.inf,%ClassName%;SM Driver [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C30ECEA0-11EF-4EF9-B02E-6AF81E6E65C0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;Fournisseur d’impression WSD [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [19/09/2014 01:21:36] - (1.80.1.1) - (Lenovo. - ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver) - C:\Windows\System32\DRIVERS\ApsHM64.sys [19/09/2014 01:21:36] - (1.80.1.1) - (Lenovo. - Shockproof Disk Driver) - C:\Windows\System32\DRIVERS\Apsx64.sys [11/06/2015 05:24:04] - (1.0.0.0) - (Lenovo Group Limited - Power Manager) - C:\Windows\System32\drivers\Tppwr64v.sys [11/06/2015 05:45:18] - (6.3.9600.21247) - (Realsil Semiconductor Corporation - RTS PCIE READER Driver) - C:\Windows\system32\DRIVERS\RtsPer.sys [11/06/2015 05:14:48] - (8.1.1616.496) - (Alps Electric Co., Ltd. - Alps Touch Pad Driver) - C:\Windows\system32\DRIVERS\Apfiltr.sys [11/06/2015 03:59:15] - (1.67.9.3) - (Lenovo. - Lenovo Power Management Driver) - C:\Windows\system32\DRIVERS\ibmpmdrv.sys [07/02/2012 07:20:20] - (6.1.1020.0) - (Lenovo Information Product(ShenZhen China) Inc. - SMBIOS Driver) - C:\Windows\system32\DRIVERS\psadd.sys [11/06/2015 05:19:18] - (8.64.108.0) - (Conexant Systems Inc. - 64-bit High Definition Audio Function Driver) - C:\Windows\system32\drivers\CHDRT64.sys [04/09/2014 09:08:32] - (5.0.1.58) - (Sunplus - AVStream) - C:\Windows\System32\Drivers\SPUVCbv_x64.sys [16/06/2016 23:00:46] - (5.1.2.248) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL [29/12/2012 22:59:38] - (2.3.11.0) - (Almico Software - SpeedFan x64 Driver) - C:\Windows\SysWOW64\speedfan.sys [11/06/2015 05:45:18] - (6.3.9600.21247) - (Realsil Semiconductor Corporation - RTS PCIE READER Driver) - C:\Windows\System32\drivers\RtsPer.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R0 - ACPI (Microsoft ACPI Driver) -> system32\drivers\ACPI.sys R0 - amdkmpfd (AMD PCI Root Bus Lower Filter) -> system32\DRIVERS\amdkmpfd.sys R0 - amdxata () -> system32\drivers\amdxata.sys R0 - aswRvrt (avast! Revert) -> (?) R0 - aswVmm (avast! VM Monitor) -> (?) R0 - atapi (IDE Channel) -> system32\drivers\atapi.sys R0 - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys R0 - CNG () -> System32\Drivers\cng.sys R0 - Compbatt (Microsoft Composite Battery Driver) -> system32\drivers\compbatt.sys R0 - Disk (Pilote de disque) -> system32\drivers\disk.sys R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys S0 - Fs_Rec () -> (?) R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys R0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys R0 - iaStorA () -> system32\DRIVERS\iaStorA.sys R0 - iaStorF () -> system32\DRIVERS\iaStorF.sys R0 - iusb3hcs (Intel(R) USB 3.0 Host Controller Switch Driver) -> system32\DRIVERS\iusb3hcs.sys R0 - KSecDD () -> System32\Drivers\ksecdd.sys R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys R0 - msahci () -> system32\drivers\msahci.sys R0 - msisadrv () -> system32\drivers\msisadrv.sys R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys R0 - pci (Pilote de bus PCI) -> system32\drivers\pci.sys R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys R0 - Shockprf () -> System32\DRIVERS\Apsx64.sys R0 - spldr (Security Processor Loader Driver) -> (?) R0 - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys R0 - TPDIGIMN () -> System32\DRIVERS\ApsHM64.sys R0 - vdrvroot (Microsoft Virtual Drive Enumerator Driver) -> system32\drivers\vdrvroot.sys R0 - volmgr (Volume Manager Driver) -> system32\drivers\volmgr.sys R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys R0 - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys R1 - aswKbd (aswKbd) -> \SystemRoot\system32\drivers\aswKbd.sys R1 - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys R1 - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys R1 - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys R1 - Beep (Beep) -> (?) R1 - blbdrive () -> system32\DRIVERS\blbdrive.sys R1 - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys R1 - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys R1 - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys R1 - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys R1 - Msfs () -> (?) R1 - mssmbios (Microsoft System Management BIOS Driver) -> system32\DRIVERS\mssmbios.sys R1 - ndisrd (Intel(R) Technology Access Filter Driver) -> system32\DRIVERS\ndisrfl.sys R1 - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys R1 - Npfs () -> (?) R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys R1 - Null () -> (?) R1 - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys R1 - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys R1 - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys R1 - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys R1 - TermDD (Terminal Device Driver) -> system32\DRIVERS\termdd.sys R1 - TPPWRIF () -> System32\drivers\Tppwr64v.sys R1 - VgaSave () -> \SystemRoot\System32\drivers\vga.sys R1 - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys R1 - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys R1 - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys R2 - AdobeARMservice (Adobe Acrobat Update Service) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" R2 - AMD External Events Utility () -> %SystemRoot%\system32\atiesrxx.exe R2 - ApHidMonitorService (Alps HID Monitor Service) -> "C:\Program Files\Apoint2K\HidMonitorSvc.exe" R2 - aswHwid (avast! HardwareID) -> \SystemRoot\system32\drivers\aswHwid.sys R2 - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys S2 - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys R2 - AudioEndpointBuilder (@%SystemRoot%\system32\audiosrv.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - AudioSrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - avast! Antivirus (Avast Antivirus) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - Bluetooth Device Monitor (Bluetooth Device Monitor) -> "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" R2 - Bluetooth Media Service (Bluetooth Media Service) -> "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" R2 - Bluetooth OBEX Service (Bluetooth OBEX Service) -> "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" R2 - c2cautoupdatesvc (Skype Click to Call Updater) -> "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service R2 - c2cpnrsvc (Skype Click to Call PNR Service) -> "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service S2 - clr_optimization_v4.0.30319_32 (Microsoft .NET Framework NGEN v4.0.30319_X86) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe S2 - clr_optimization_v4.0.30319_64 (Microsoft .NET Framework NGEN v4.0.30319_X64) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService S2 - CxAudMsg (@C:\Windows\system32\CxAudMsg64.exe,-100) -> C:\Windows\system32\CxAudMsg64.exe R2 - DcomLaunch (@oleres.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - DiagTrack (@%SystemRoot%\system32\UtcResources.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc R2 - DisplayLinkService (DisplayLinkManager) -> "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork R2 - eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - EvtEng (Intel(R) PROSet/Wireless Event Log) -> "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" R2 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - FontCache3.0.0.0 (@%SystemRoot%\system32\PresentationHost.exe,-3309) -> %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe R2 - gpsvc (@gpapi.dll,-112) -> %windir%\system32\svchost.exe -k GPSvcGroup S2 - gupdate (Service Google Update (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc R2 - IBMPMSVC (Lenovo PM Service) -> %SystemRoot%\system32\ibmpmsvc.exe R2 - iBtSiva (Intel Bluetooth Service) -> C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe R2 - igfxCUIService1.0.0.0 (Intel(R) HD Graphics Control Panel Service) -> %SystemRoot%\system32\igfxCUIService.exe R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - Intel(R) TechnologyAccessService (Intel(R) Technology Access Service) -> "C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe" R2 - IPBusEnum (@%systemroot%\system32\IPBusEnum.dll,-102) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs R2 - jhi_service (Intel(R) Dynamic Application Loader Host Interface Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - LENOVO.MICMUTE (Lenovo Microphone Mute) -> "C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe" R2 - Lenovo.VIRTSCRLSVC (Lenovo Auto Scroll) -> "C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe" R2 - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys R2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - LMS (Intel(R) Management and Security Application Local Management Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" R2 - lnvDiscoveryWinSvc () -> "C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe" R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys S2 - MMCSS (@%systemroot%\system32\mmcss.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - PnkBstrA (PnkBstrA) -> C:\Windows\system32\PnkBstrA.exe R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - QuickControlMasterSvc (Lenovo QuickControl Master Service) -> "C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe" R2 - RegSrvc (Intel(R) PROSet/Wireless Registry Service) -> "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS R2 - RpcSs (@oleres.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss R2 - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe R2 - SAService (Conexant SmartAudio service) -> %SystemRoot%\system32\SAsrv.exe R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs S2 - SkypeUpdate (Skype Updater) -> "C:\Program Files (x86)\Skype\Updater\Updater.exe" R2 - speedfan (speedfan) -> \??\C:\Windows\SysWOW64\speedfan.sys S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - TPHKLOAD (Lenovo Hotkey Client Loader) -> "C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe" R2 - TPHKSVC (Incrustation) -> "C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe" R2 - UxSms (@%SystemRoot%\system32\dwm.exe,-2000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - WinDefend (@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103) -> %SystemRoot%\System32\svchost.exe -k secsvcs R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - Wlansvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - WMPNetworkSvc (@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101) -> "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding R2 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - ZeroConfigService (Intel(R) PROSet/Wireless Zero Configuration Service) -> "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" ---------- | System files (Microsoft Files whitelisted) [MD5.2F6B34B83843F0C5118B63AC634F5BF4] - [10/06/2009 22:36:24] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [479.58 Ko] - (1.6.6.4) - C:\Windows\System32\Drivers\adp94xx.sys [MD5.597F78224EE9224EA1A13D6350CED962] - [13/07/2009 23:59:32] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [331.58 Ko] - (1.6.6.1) - C:\Windows\System32\Drivers\adpahci.sys [MD5.E109549C90F62FB570B9540C4B148E54] - [13/07/2009 23:59:33] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) - [178.58 Ko] - (7.2.0.0) - C:\Windows\System32\Drivers\adpu320.sys [MD5.5812713A477A3AD7363C7438CA2EE038] - [14/07/2009 01:19:47] - (.Copyright (C) Acer Laboratories Inc. 2000 - ALi mini IDE Driver.) - [15.08 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\aliide.sys [MD5.67D7C6E359B36D3DE92974AD74B933AD] - [21/03/2016 16:39:30] - (.© Advanced Micro Devices. - AMD ACP Binaries.) - [289.7 Ko] - (2016.321.955.20) - C:\Windows\System32\Drivers\amdacpksd.sys [MD5.1FF8B4431C353CE385C875F194924C0C] - [14/07/2009 01:19:49] - (.Copyright (C) AMD 2003 - Pilote IDE AMD.) - [15.08 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\amdide.sys [MD5.64BB536A8C053C97AC5A5491B10D4E04] - [25/07/2016 13:11:55] - (.Copyright (C) 2011 Advanced Micro Devices, Inc. - AMD PCI Root Bus Lower Filter.) - [77.27 Ko] - (8.14.1.6032) - C:\Windows\System32\Drivers\amdkmpfd.sys [MD5.D4121AE6D0C0E7E13AA221AA57EF2D49] - [14/11/2014 01:22:17] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [105.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdsata.sys [MD5.F67F933E79241ED32FF46A4F29B5120B] - [10/06/2009 22:37:35] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [189.58 Ko] - (3.6.1540.127) - C:\Windows\System32\Drivers\amdsbs.sys [MD5.540DAF1CEA6094886D72126FD7C33048] - [14/11/2014 01:22:17] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [26.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdxata.sys [MD5.4A5AEBC992322CA9E701AB1291A06EAE] - [11/06/2015 05:14:48] - (.Copyright (c) Alps Electric Co., Ltd. - Alps Touch Pad Driver.) - [558.3 Ko] - (8.1.1616.496) - C:\Windows\System32\Drivers\Apfiltr.sys [MD5.E1BA840662D0B203C8C32B756ECF697F] - [19/09/2014 01:21:36] - (.Copyright (C) Lenovo. 2005,2014. - ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver.) - [28.7 Ko] - (1.80.1.1) - C:\Windows\System32\Drivers\ApsHM64.sys [MD5.ADA92D2F2B3BCE23BEDF745F84AC2C1C] - [19/09/2014 01:21:36] - (.Copyright (C) Lenovo. 2005,2014. - Shockproof Disk Driver.) - [152.2 Ko] - (1.80.1.1) - C:\Windows\System32\Drivers\ApsX64.sys [MD5.C484F8CEB1717C540242531DB7845C4E] - [13/07/2009 23:59:33] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [85.58 Ko] - (5.2.0.10384) - C:\Windows\System32\Drivers\arc.sys [MD5.019AF6924AEFE7839F61C830227FE79C] - [13/07/2009 23:59:33] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [95.56 Ko] - (5.2.0.16119) - C:\Windows\System32\Drivers\arcsas.sys [MD5.A629E4799D4CD6361D1B5D573EA5C2CD] - [17/07/2015 10:07:33] - (.Copyright (c) 2014 AVAST Software - avast! HWID.) - [36.77 Ko] - (12.1.3076.0) - C:\Windows\System32\Drivers\aswHwid.sys [MD5.97F952A9050CAD88681F5F0F46B8D5A5] - [11/07/2016 23:22:40] - (.Copyright (c) 2014 AVAST Software - avast! Keyboard Filter Driver.) - [36.27 Ko] - (12.1.3076.0) - C:\Windows\System32\Drivers\aswKbd.sys [MD5.9C6C17C495E960E52EDE5D038EE92AE1] - [17/07/2015 10:07:33] - (.Copyright (c) 2014 AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) - [105.77 Ko] - (12.1.3076.0) - C:\Windows\System32\Drivers\aswMonFlt.sys [MD5.8F492911129B1B32818BF894DC0C2C73] - [17/07/2015 10:07:33] - (.Copyright (c) 2014 AVAST Software - avast! WFP Redirect Driver.) - [100.65 Ko] - (12.1.3076.0) - C:\Windows\System32\Drivers\aswRdr2.sys [MD5.4ABDD84A67378E866BC15DDC9916BA71] - [17/07/2015 10:07:33] - (.Copyright (c) 2014 AVAST Software - avast! Revert.) - [72.8 Ko] - (12.1.3076.0) - C:\Windows\System32\Drivers\aswRvrt.sys [MD5.409CDD1400B404F655EEC1B5850FD3BE] - [17/07/2015 10:07:33] - (.Copyright (c) 2014 AVAST Software - avast! Virtualization Driver.) - [1045.8 Ko] - (12.1.3076.0) - C:\Windows\System32\Drivers\aswSnx.sys [MD5.CDB1BE967AFF65D8395B6DF2EA8CBCCF] - [17/07/2015 10:07:33] - (.Copyright (c) 2014 AVAST Software - avast! self protection module.) - [462.49 Ko] - (12.1.3076.7) - C:\Windows\System32\Drivers\aswsp.sys [MD5.F6B5E463A0BB934C26FB319EDC726F65] - [17/07/2015 10:07:33] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [159.09 Ko] - (12.1.3076.0) - C:\Windows\System32\Drivers\aswStm.sys [MD5.DA7B392FB478EB42BE925433D27940F8] - [17/07/2015 10:07:33] - (.Copyright (c) 2014 AVAST Software - avast! VM Monitor.) - [283.29 Ko] - (12.1.3076.0) - C:\Windows\System32\Drivers\aswVmm.sys [MD5.1890CDF2ECAE766E4A7185E4DBBF9EE1] - [21/03/2016 16:36:12] - (.Copyright (C) 1998-2012 Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - [25728 Ko] - (8.1.1.1546) - C:\Windows\System32\Drivers\atikmdag.sys [MD5.1FE14B9C86B8C17F741BE4619CD2E421] - [21/03/2016 15:45:32] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) - [661 Ko] - (8.14.1.6505) - C:\Windows\System32\Drivers\atikmpag.sys [MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - [10/06/2009 22:34:23] - (.Copyright 2000-2008, Broadcom Corporation. - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) - [264.5 Ko] - (10.100.4.0) - C:\Windows\System32\Drivers\b57nd60a.sys [MD5.F09EEE9EDC320B5E1501F749FDE686C8] - [14/07/2009 03:19:59] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [18 Ko] - (1.10.0.2) - C:\Windows\System32\Drivers\BrFiltLo.sys [MD5.B114D3098E9BDB8BEA8B053685831BE6] - [14/07/2009 03:20:21] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [8.5 Ko] - (1.4.0.1) - C:\Windows\System32\Drivers\BrFiltUp.sys [MD5.43BEA8D483BF1870F018E2D02E06A5BD] - [14/07/2009 03:19:06] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Pilote Brother Série I/F (WDM).) - [280 Ko] - (1.0.1.6) - C:\Windows\System32\Drivers\BrSerId.sys [MD5.A6ECA2151B08A09CACECA35C07F05B42] - [14/07/2009 03:20:11] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [46 Ko] - (1.0.0.20) - C:\Windows\System32\Drivers\BrSerWdm.sys [MD5.B79968002C277E869CF38BD22CD61524] - [14/07/2009 03:20:26] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [14.63 Ko] - (1.0.0.12) - C:\Windows\System32\Drivers\BrUsbMdm.sys [MD5.A87528880231C54E75EA7A44943B38BF] - [14/07/2009 03:20:15] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [14.38 Ko] - (1.0.1.3) - C:\Windows\System32\Drivers\BrUsbSer.sys [MD5.70F8310E8B36DFCAD9A11720929E20ED] - [13/05/2014 20:17:06] - (.Copyright 2014 Motorola Solutions, Inc. - Bluetooth Auxiliary Driver.) - [138.3 Ko] - (17.1.1406.468) - C:\Windows\System32\Drivers\btmaux.sys [MD5.94A99773CC88E25E61E99EB137D7C176] - [17/06/2014 19:51:04] - (.Copyright 2014 Motorola Solutions, Inc. - Bluetooth Filter Driver.) - [1390.8 Ko] - (17.1.1407.474) - C:\Windows\System32\Drivers\btmhsf.sys [MD5.3E5B191307609F7514148C6832BB0842] - [10/06/2009 22:34:28] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [457.5 Ko] - (4.8.2.0) - C:\Windows\System32\Drivers\bxvbda.sys [MD5.2494A5C411C7655AD2E35123C0CD967A] - [11/06/2015 05:19:18] - (.© Conexant Systems Inc. - 64-bit High Definition Audio Function Driver.) - [1660.71 Ko] - (8.64.108.0) - C:\Windows\System32\Drivers\CHDRT64.sys [MD5.E19D3F095812725D88F9001985B94EDD] - [14/07/2009 01:19:48] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [17.08 Ko] - (2.0.7.0) - C:\Windows\System32\Drivers\cmdide.sys [MD5.496C3C6BC3D930D0960C9E75AA30F4A7] - [19/06/2015 22:49:33] - (.Copyright (C) 2000-2015 - DAEMON Tools Lite Virtual SCSI Bus Driver.) - [29.55 Ko] - (5.24.0.0) - C:\Windows\System32\Drivers\dtlitescsibus.sys [MD5.A82585AA7B7DD775CB0FFCC2401C35E9] - [11/06/2015 03:59:20] - (.Copyright(C) 2013, Intel Corporation. - Intel(R) Gigabit Adapter NDIS 6.x driver.) - [369.27 Ko] - (12.12.80.19) - C:\Windows\System32\Drivers\e1d62x64.sys [MD5.0E5DA5369A0FCAEA12456DD852545184] - [10/06/2009 22:36:49] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [518.06 Ko] - (7.2.10.211) - C:\Windows\System32\Drivers\elxstor.sys [MD5.DC5D737F51BE844D8C82C695EB17372F] - [10/06/2009 22:34:33] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3209 Ko] - (4.8.13.0) - C:\Windows\System32\Drivers\evbda.sys [MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - [30/03/2015 15:25:00] - (.© LogMeIn, Inc. 2004-2009 - Hamachi Virtual Network Interface Driver.) - [33.06 Ko] - (7.0.1.1) - C:\Windows\System32\Drivers\hamachi.sys [MD5.F2523EF6460FC42405B12248338AB2F0] - [14/07/2009 00:53:43] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [30.5 Ko] - (1.31.27127.0) - C:\Windows\System32\Drivers\hcw85cir.sys [MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - [21/11/2010 05:23:47] - (.Copyright (c) 2004-2010 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [76.88 Ko] - (6.12.6.64) - C:\Windows\System32\Drivers\HpSAMD.sys [MD5.003CBE4AC700567DB2762C4F6D8A8D78] - [02/08/2015 11:45:04] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver - x64.) - [1366.73 Ko] - (13.6.0.1002) - C:\Windows\System32\Drivers\iaStorA.sys [MD5.325E609D4693D7BCD9559F3EF3B60324] - [02/08/2015 11:45:04] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology Filter driver - x64.) - [30.23 Ko] - (13.6.0.1002) - C:\Windows\System32\Drivers\iaStorF.sys [MD5.AAAF44DB3BD0B9D1FB6969B23ECC8366] - [14/11/2014 01:22:17] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [400.88 Ko] - (8.6.2.1014) - C:\Windows\System32\Drivers\iaStorV.sys [MD5.C5637F74E032C700B6F5D3EA03E8F636] - [11/06/2015 03:59:15] - (.Copyright (C) Lenovo Japan. 2000,2014. - Lenovo Power Management Driver.) - [58.7 Ko] - (1.67.9.3) - C:\Windows\System32\Drivers\ibmpmdrv.sys [MD5.18DA57A6DBA2DFEFDCD52D1637FFB657] - [17/06/2014 17:42:16] - (.Intel Corporation (C) 2013 - Intel(R) Wireless Bluetooth(R) USB Driver.) - [214.95 Ko] - (17.1.1431.1) - C:\Windows\System32\Drivers\ibtusb.sys [MD5.FF35266A3375E49B5AF67BC5F8062313] - [11/06/2015 05:10:50] - (.Copyright (c) 1998-2013 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [4651.43 Ko] - (10.18.14.4029) - C:\Windows\System32\Drivers\igdkmd64.sys [MD5.5C18831C61933628F5BB0EA2675B9D21] - [13/07/2009 23:59:33] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [43.08 Ko] - (5.4.22.0) - C:\Windows\System32\Drivers\iirsp.sys [MD5.EA26AE512C63026756D2ACA0711BA7E5] - [11/06/2015 05:10:48] - (.Intel(R) Corporation. - Intel(R) Display Audio Driver.) - [444.77 Ko] - (6.16.0.3161) - C:\Windows\System32\Drivers\IntcDAud.sys [MD5.9B4D2ADA7A867D8FF02664B130CDDB53] - [12/06/2014 23:14:04] - (.Copyright © 2013-2013, Intel Corporation. - Intel® WiDi Solution.) - [34.37 Ko] - (5.0.28.0) - C:\Windows\System32\Drivers\intelaud.sys [MD5.AFB70882655B85FD3A241C78D4DEC7F9] - [11/06/2015 05:03:21] - (.(C) 2010-2014 Intel Corporation - Intel(R) USB 3.0 Host Controller Switch Driver.) - [22.27 Ko] - (3.0.3.60) - C:\Windows\System32\Drivers\iusb3hcs.sys [MD5.B3ACB8ECAAED8D72EF915D0883764188] - [11/06/2015 05:03:21] - (.(C) 2010-2014 Intel Corporation - Intel(R) USB 3.0 Hub Driver.) - [379.77 Ko] - (3.0.3.60) - C:\Windows\System32\Drivers\iusb3hub.sys [MD5.7FCDCF40A8E99FEAA80C6F915102DB1B] - [11/06/2015 05:03:21] - (.(C) 2010-2014 Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller Driver.) - [780.77 Ko] - (3.0.3.60) - C:\Windows\System32\Drivers\iusb3xhc.sys [MD5.E74B1A771C879A9A8101789C53EF8F1D] - [12/06/2014 23:14:04] - (.Copyright © 2013-2013, Intel Corporation. - Intel® WiDi Solution.) - [25.37 Ko] - (5.0.28.0) - C:\Windows\System32\Drivers\iwdbus.sys [MD5.1A93E54EB0ECE102495A51266DCDB6A6] - [13/07/2009 23:59:34] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [112.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_fc.sys [MD5.1047184A9FDC8BDBFF857175875EE810] - [13/07/2009 23:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [104.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_sas.sys [MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - [13/07/2009 23:59:34] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [64.06 Ko] - (2.0.2.71) - C:\Windows\System32\Drivers\lsi_sas2.sys [MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - [13/07/2009 23:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [113.06 Ko] - (1.28.3.67) - C:\Windows\System32\Drivers\lsi_scsi.sys [MD5.78BFF5425E044086E74E78650A359FBB] - [21/07/2016 19:45:32] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [26.38 Ko] - (0.1.16.0) - C:\Windows\System32\Drivers\mbam.sys [MD5.1239597BAB7EED2BB16D035AF87E65D9] - [21/07/2016 19:45:32] - (.© Malwarebytes. - Malwarebytes Chameleon Protection Driver.) - [137.38 Ko] - (1.1.22.0) - C:\Windows\System32\Drivers\mbamchameleon.sys [MD5.78488AF2AB2111D67B3C4044707A519B] - [21/07/2016 19:46:05] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [187.71 Ko] - (0.3.0.4) - C:\Windows\System32\Drivers\MBAMSwissArmy.sys [MD5.A55805F747C6EDB6A9080D7C633BD0F4] - [10/06/2009 22:37:14] - (.Copyright © LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64.) - [34.56 Ko] - (4.5.1.64) - C:\Windows\System32\Drivers\megasas.sys [MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - [13/07/2009 23:59:33] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [278.06 Ko] - (13.5.409.2009) - C:\Windows\System32\Drivers\MegaSR.sys [MD5.452ACB7A9914398D9E18CCCFFCF92208] - [21/07/2016 19:45:32] - (.© Malwarebytes Corporation. - Malwarebytes Web Access Control.) - [63.38 Ko] - (1.0.6.0) - C:\Windows\System32\Drivers\mwac.sys [MD5.A5C16FB04280446E3DD3C6E2687ECE49] - [31/10/2014 07:30:06] - (.Copyright (C), Intel Corporation. - Intel(R) Technology Access Filter Driver.) - [40.21 Ko] - (1.3.0.1000) - C:\Windows\System32\Drivers\ndisrfl.sys [MD5.87473262743FB71A63E3A506385DA836] - [08/12/2014 21:05:32] - (.Copyright © Intel Corporation 2011 - Intel® Wireless WiFi Link Driver.) - [3357.27 Ko] - (17.13.11.5) - C:\Windows\System32\Drivers\Netwsw02.sys [MD5.77889813BE4D166CDAB78DDBA990DA92] - [13/07/2009 23:59:33] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [50.06 Ko] - (7.10.0.0) - C:\Windows\System32\Drivers\nfrd960.sys [MD5.0A92CB65770442ED0DC44834632F66AD] - [14/11/2014 01:22:17] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [144.88 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvraid.sys [MD5.DAB0E87525C10052BF65F06152F37E4A] - [14/11/2014 01:22:17] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvstor.sys [MD5.05A4779E4994B21473EDBE85AABE8030] - [07/02/2012 07:20:20] - (.Copyright© Lenovo 2005-2011. - SMBIOS Driver.) - [39.3 Ko] - (6.1.1020.0) - C:\Windows\System32\Drivers\psadd.sys [MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - [10/06/2009 22:37:36] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1489.08 Ko] - (9.1.8.6) - C:\Windows\System32\Drivers\ql2300.sys [MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - [13/07/2009 23:59:34] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [125.58 Ko] - (2.1.3.20) - C:\Windows\System32\Drivers\ql40xx.sys [MD5.8E255394255FB64DB7D31DD3D08F68A6] - [11/06/2015 05:45:18] - (.Copyright © Realtek Semiconductor Corporation 2013 - RTS PCIE READER Driver.) - [455.21 Ko] - (6.3.9600.21247) - C:\Windows\System32\Drivers\RtsPer.sys [MD5.3EA8A16169C26AFBEB544E0E48421186] - [14/07/2009 04:36:07] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [22.5 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys [MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - [10/06/2009 22:37:40] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [42.56 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys [MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - [13/07/2009 23:59:33] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [78.58 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys [MD5.4B1049A268C9318029D2443D9150B0AC] - [04/09/2014 09:08:32] - (.- AVStream.) - [666.28 Ko] - (5.0.1.58) - C:\Windows\System32\Drivers\SPUVCBv_x64.sys [MD5.F3817967ED533D08327DC73BC4D5542A] - [13/07/2009 23:59:33] - (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) - [24.08 Ko] - (5.0.1.1) - C:\Windows\System32\Drivers\stexstor.sys [MD5.1BC9159CF58BABD89419072EA180A8F6] - [10/10/2014 18:37:16] - (.Copyright © 2006-2014, Intel Corporation. - Intel(R) Management Engine Interface.) - [126.28 Ko] - (10.0.30.1054) - C:\Windows\System32\Drivers\TeeDriverx64.sys [MD5.A9EF6C7E62DC3B01C51CFB92C1596C62] - [11/06/2015 05:24:04] - (.Copyright (C) Lenovo 2006,2008. - Power Manager.) - [20.25 Ko] - (1.0.0.0) - C:\Windows\System32\Drivers\TPPWR64V.SYS [MD5.E5689D93FFE4E5D66C0178761240DD54] - [14/07/2009 01:19:50] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [17.08 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys [MD5.5E2016EA6EBACA03C04FEAC5F330D997] - [10/06/2009 22:37:58] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [158.08 Ko] - (6.0.6000.6210) - C:\Windows\System32\Drivers\vsmraid.sys ---------- | Uninstall [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\dda9ca0b023f4c56] : (Lenovo Service Bridge.-.Lenovo) -> C:\Users\Marion\AppData\Local\Apps\2.0\X48T0BXT.6BC\QEWBK3M3.2MJ\lsb...tion_2d7b41b05b24775e_0001.0006_6c5982beb50abfca\Uninstaller.exe "rundll32.exe dfshim.dll,ShArpMaintain LSB.application, Culture=neutral, PublicKeyToken=2d7b41b05b24775e, processorArchitecture=msil" [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] : (TeamSpeak 3 Client.-.TeamSpeak Systems GmbH) -> "C:\Users\Marion\AppData\Local\TeamSpeak 3 Client\uninstall.exe" [HKU\S-1-5-21-3068805931-2497146629-1372413373-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> "C:\Users\Marion\AppData\Roaming\uTorrent\uTorrent.exe" /UNINSTALL [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\4ED8788498CF43D3423E6F8A41D0FAAF62902DB0] : (Windows Driver Package - Intel (e1dexpress) Net (09/29/2014 12.12.80.19).-.Intel) -> C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\e1d62x64.inf_amd64_neutral_7aa82a4e9e487241\e1d62x64.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\5EC6580D569A9D3B15C34964E5BB5BC263F05FE5] : (Windows Driver Package - Intel Corporation (iaStorA) HDC (08/22/2014 13.5.0.1056).-.Intel Corporation) -> C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_neutral_595892184c18043d\iaahcic.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager] : (AMD Install Manager.-.Advanced Micro Devices, Inc.) -> "C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe" /UNINSTALL /IGNORE_UPGRADE /ON_REBOOT_MESSAGE:NO [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\cAudioFilterAgent] : (.-.Conexant Systems) -> C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CNXT_AUDIO_HDA] : (Conexant HD Audio.-.Conexant) -> C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -IG14Plmwa.inf [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CxAudMsg] : (.-.) -> C:\Program Files\Conexant\CxAudMsg\SETUP64.EXE -U -ICxAudMsg [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DolbyGUI] : (.-.Conexant Systems) -> C:\Program Files\Conexant\DolbyGUI\SETUP64.EXE -U -IDolbyGUI [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A] : (Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03).-.Lenovo) -> C:\PROGRA~1\DIFX\8730326CFC0D32D8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_neutral_10981d3f854bc96d\ibmpmdrv.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\ForteConfig] : (.-.Conexant Systems) -> C:\Program Files\CONEXANT\ForteConfig\SETUP64.EXE -U -IForteConfig -SM=fmapp.exe,16 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\LenovoAutoScrollUtility] : (Lenovo Auto Scroll Utility.-.Lenovo) -> rundll32.exe "C:\Program Files\Lenovo\VIRTSCRL\cleanup.dll",InfUninstallEx DefaultUninstall.LH C:\Program Files\Lenovo\VIRTSCRL\tpdu_vs.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\OnScreenDisplay] : (Incrustation.-.) -> rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstallEx DefaultUninstall.LH C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Power Management Driver] : (Lenovo Power Management Driver.-.) -> RunDll32.exe tpinspm.dll,Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SAII] : (.-.Conexant Systems) -> C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SWTM="HDAudioAPI-D9A3021B-9BCE-458C-B667-9029C4EF4050,1801" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.3.1] : (Vulkan Run Time Libraries 1.0.3.1.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.3.1\UninstallVulkanRT.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{021da516-b5d9-40cd-9ade-6427d40fe1e4}] : (Intel(R) PRO/Wireless Driver.-.Intel Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0761962A-795F-E5BB-BFA8-E4625AFC5A9F}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{07B5AB95-77AD-AC26-496B-722066229B87}] : (Catalyst Control Center Next Localization KO.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{07FC7436-E7B5-2646-BA48-32D7E9A8C666}] : (Catalyst Control Center Next Localization CS.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0898F764-D48A-DE16-BEE6-3D003B701FFD}] : (Catalyst Control Center Next Localization BR.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{10E9C0F4-AA89-7426-54C2-4F53DE895682}] : (Catalyst Control Center Next Localization TH.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1B444AF9-1DBE-4884-8F35-969BEFCF69A8}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{1B444AF9-1DBE-4884-8F35-969BEFCF69A8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2522CA6D-EF72-C63C-D2B9-CDC55F01E7B1}] : (Catalyst Control Center Next Localization TR.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2FFD48A8-D2E9-C256-4C04-82472D531802}] : (Catalyst Control Center Next Localization FI.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{302600C1-6BDF-4FD1-1407-148929CC1385}] : (Intel(R) Wireless Bluetooth(R)(patch version 17.1.1431.1).-.Intel Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3D10CE8B-DA43-8F50-4499-CCD5BAE9C8E9}] : (AMD Drag and Drop Transcoding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{3D10CE8B-DA43-8F50-4499-CCD5BAE9C8E9} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3E293710-1410-87AF-B5E4-5AD5D6E3362C}] : (Catalyst Control Center Next Localization HU.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3FFB59B6-520F-37D8-DC0A-61FBC1C74DFC}] : (Catalyst Control Center Next Localization NL.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{40B17B27-AE12-072A-5041-4835EA7D8530}] : (Catalyst Control Center Next Localization FR.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4332723E-06E5-47F8-B106-8A2971B01368}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{4332723E-06E5-47F8-B106-8A2971B01368} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{433E7A26-1C27-1FBB-A2A8-347D4833B34E}] : (Catalyst Control Center Next Localization JA.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{443F21F6-8E3E-257E-E43F-7FB7BF2762C1}] : (AMD Install Manager.-.Advanced Micro Devices, Inc.) -> msiexec /q/x{443F21F6-8E3E-257E-E43F-7FB7BF2762C1} REBOOT=ReallySuppress [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}] : (ThinkVantage Active Protection System.-.Lenovo) -> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{49691258-4A4D-F4C5-4C0C-C21860490650}] : (Catalyst Control Center Next Localization SV.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{581A480E-F28E-5153-8B41-F77EFBA3AD34}] : (Catalyst Control Center Next Localization ES.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}] : (DisplayLink Core Software.-.DisplayLink Corp.) -> MsiExec.exe /X{58F4C39B-D946-4A45-A314-DEFC2AFDF397} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}] : (Intel(R) WiDi.-.Intel Corporation) -> MsiExec.exe /X{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60DA95E6-3B1C-811E-9356-BD8ECE030749}] : (Catalyst Control Center Next Localization CHT.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6D08D442-48EC-FC20-A2B5-1FA8E88AD9E7}] : (Catalyst Control Center Next Localization RU.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1] : (Lenovo Peer Connect SDK.-.Lenovo) -> "C:\Program Files\Lenovo\Lenovo Peer Connect\unins000.exe" [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{78ACE60E-0CB7-4935-BCD4-F33422105607}] : (AMD Settings - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{78ACE60E-0CB7-4935-BCD4-F33422105607} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9141FD82-4253-9CA6-1A73-31F2A2FFB0A4}] : (Catalyst Control Center Next Localization NO.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9B077E05-6AFA-4C60-1FF3-1EF83DE8C9B7}] : (AMD Wireless Display v3.0.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{9B077E05-6AFA-4C60-1FF3-1EF83DE8C9B7} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}] : (ThinkPad UltraNav Driver.-.ALPS ELECTRIC CO., LTD.) -> "C:\Program Files\Apoint2K\Uninstap.exe" ADDREMOVE [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A621A41A-BDA2-8E01-B073-394C3EEF28BF}] : (Catalyst Control Center Next Localization EL.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AA758256-BAB5-5FC0-954C-DA2C953D2786}] : (Catalyst Control Center Next Localization IT.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AAE0AC3F-17BF-48CD-96CE-4F19169E94B0}] : (Intel® PROSet/Wireless WiFi Software.-.Intel Corporation) -> MsiExec.exe /I{AAE0AC3F-17BF-48CD-96CE-4F19169E94B0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AB46AC6D-3E9A-4484-8061-64FF10301B41}] : (Lenovo Solution Center.-.Lenovo) -> MsiExec.exe /X{AB46AC6D-3E9A-4484-8061-64FF10301B41} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD667C75-0EDD-4073-A406-A6DD9C3016EB}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{BD667C75-0EDD-4073-A406-A6DD9C3016EB} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C2306F93-60AC-4401-B600-453376E771EC}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{C2306F93-60AC-4401-B600-453376E771EC} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D0341CD6-4DB6-4397-858E-4424381F99AB}] : (Intel(R) Technology Access.-.Intel Corporation) -> MsiExec.exe /I{D0341CD6-4DB6-4397-858E-4424381F99AB} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D9929D54-2DA6-34B9-D9B8-3AA168A12E56}] : (Catalyst Control Center Next Localization DE.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E04C7D42-CAA0-CCAF-5916-E0C49E129BE2}] : (Catalyst Control Center Next Localization DA.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E0729EA8-444C-4AAF-AB69-3CE907F60A38}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{E0729EA8-444C-4AAF-AB69-3CE907F60A38} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E416B77F-7681-B9C2-2EA9-F87EC879BE08}] : (AMD Accelerated Video Transcoding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{E416B77F-7681-B9C2-2EA9-F87EC879BE08} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}] : (Lenovo USB Graphics.-.Lenovo) -> MsiExec.exe /X{E6B1FE9A-CB1E-4096-A0AF-163419CB971C} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{ED18DB34-7C6F-2B5C-32DB-1E2762E432C5}] : (Catalyst Control Center Next Localization PL.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}] : (Message Center Plus.-.Lenovo Group Limited) -> MsiExec.exe /X{EE4D9822-C7F3-4386-8703-889CDDA22FAA} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FDADC57D-5D12-1669-E15E-07C9D55DDD78}] : (Catalyst Control Center Next Localization CHS.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FE51B16C-A025-418A-A5D6-07D93B643AFB}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{FE51B16C-A025-418A-A5D6-07D93B643AFB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\1456487183_is1] : (Undertale.-.GOG.com) -> "C:\Program Files (x86)\Divinity Original Sin Enhanced EditionUndertale\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe AIR] : (Adobe AIR.-.Adobe Systems Incorporated) -> c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe DNG Codec] : (Adobe DNG Codec.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Adobe\DNG Codec\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Avast] : (Avast Antivirus Gratuit.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1] : (Adobe Help Manager.-.Adobe Systems Incorporated) -> msiexec /qb /x {AF37176A-78CA-545B-34EF-8B6A21514DD1} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Counter-Strike 1.6] : (Counter-Strike 1.6.-.) -> C:\Program Files (x86)\Counter-Strike 1.6\Uninstal.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Divinity Original Sin Enhanced Edition_is1] : (Divinity Original Sin Enhanced Edition v.2.0.104.737.-.) -> "C:\Program Files (x86)\Divinity Original Sin Enhanced Edition\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\setup.exe" --uninstall --multi-install --chrome --system-level [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}] : (WaveEditor.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}] : (CyberLink PowerDVD 12.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe" /z-uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{D6E853EC-8960-4D44-AF03-7361BB93227C}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{D6E853EC-8960-4D44-AF03-7361BB93227C}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}] : (PowerDVD Create.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{DE485075-8CD3-4A1E-9ABC-6412EBA44872}\setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Keep Talking and Nobody Explodes1.01] : (Keep Talking and Nobody Explodes.-.Friends in War) -> "C:\2-click run\Keep Talking and Nobody Explodes\uninstall.exe" "/U:C:\2-click run\Keep Talking and Nobody Explodes\Uninstall\uninstall.xml" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\League of Legends 3.0.1] : (League of Legends.-.Riot Games) -> msiexec.exe /x {3E75652D-99B1-417E-B163-BEF33CAD3F16} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] : (Malwarebytes Anti-Malware version 2.2.1.1043.-.Malwarebytes) -> "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MKVToolNix] : (MKVToolNix 8.9.0 (64bit).-.Moritz Bunkus) -> C:\Users\Marion\Documents\MKVToolNix\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SafeZone 1.48.2066.114] : (SafeZone Stable 1.48.2066.114.-.Avast Software) -> "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" /uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 10190] : (Call of Duty: Modern Warfare 2 - Multiplayer.-.Infinity Ward) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10190 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 240] : (Counter-Strike: Source.-.Valve) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Sunplus SPUVCb] : (Integrated Camera.-.SunplusIT) -> "C:\Program Files (x86)\Integrated Camera\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.30 (32-bit).-.win.rar GmbH) -> C:\Program Files (x86)\WinRAR\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{008D5963-9A73-4472-8C16-A5BF04491B9D}_is1] : (Firestorm Launcher version 1.0.-.Firestorm) -> "C:\Program Files (x86)\FirestormLauncher\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{04128C8C-7812-4DCC-816E-9C8AB1D6EECE}] : (Lenovo QuickControl.-.Lenovo Group Limited) -> MsiExec.exe /X{04128C8C-7812-4DCC-816E-9C8AB1D6EECE} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07490D6D-5C62-C4E6-A260-9A00266D9D2F}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08D2E121-7F6A-43EB-97FD-629B44903403}] : (Microsoft_VC90_CRT_x86.-.Adobe) -> MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{121727D5-FDF3-4723-BA57-EB383440ED72}] : (OpenOffice 4.1.1.-.Apache Software Foundation) -> MsiExec.exe /I{121727D5-FDF3-4723-BA57-EB383440ED72} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{13D989B5-37B0-FBB5-C9AC-A2CBDDD3C933}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{13F59938-C595-479C-B479-F171AB9AF64F}] : (Lenovo User Guide.-.Lenovo Group Limited) -> MsiExec.exe /X{13F59938-C595-479C-B479-F171AB9AF64F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}] : (Lenovo PowerENGAGE.-.Lenovo Inc.) -> MsiExec.exe /X{15B15395-FF53-44E1-ADAD-FCC279E3CA10} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1D464EFF-EC8B-F225-2F74-F74143200DDF}] : (OEM Application Profile.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{1D464EFF-EC8B-F225-2F74-F74143200DDF} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1EC63C5F-8E70-A3CA-A2B8-C2CA64C0C655}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2039332F-EA93-5E4A-C213-849645150B35}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}] : (Intel(R) USB 3.0 eXtensible Host Controller Driver.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall_arp [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{25C64847-B900-48AD-A164-1B4F9B774650}] : (Lenovo System Update.-.Lenovo) -> MsiExec.exe /X{25C64847-B900-48AD-A164-1B4F9B774650} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2ABC2D20-7D0C-1E1E-38C7-82EDFBBCA467}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2C3CDA73-A18D-4B58-B480-ACE083EC2D52}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D292832-A775-2605-0E48-310F80B0B588}] : (PX Profile Update.-.AMD) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2DEB7DCB-AF88-B006-5A64-AB4ADE93FCA4}] : (Catalyst Control Center Graphics Previews Common.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}] : (WaveEditor.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{386AF965-10BA-3DB6-FAEE-6CD9947D5A8F}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{386AF965-10BA-3DB6-FAEE-6CD9947D5A8F} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E75652D-99B1-417E-B163-BEF33CAD3F16}] : (League of Legends.-.Riot Games) -> MsiExec.exe /X{3E75652D-99B1-417E-B163-BEF33CAD3F16} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}] : (CyberLink Power2Go 7.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}] : (REACHit.-.Lenovo) -> MsiExec.exe /X{4532E4C5-C84D-4040-A044-ECFCC5C6995B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{454D32AD-C149-49BE-9F2E-8C089C3D6620}] : (Lenovo USB3.0 to DVI VGA Monitor Adapter.-.Lenovo) -> "C:\Program Files (x86)\InstallShield Installation Information\{454D32AD-C149-49BE-9F2E-8C089C3D6620}\setup.exe" -runfromtemp -l0x0409 -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{460C6E1B-DB9B-6480-0AF3-ADB6716EAEA6}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}] : (Create Recovery Media.-.Lenovo Group Limited) -> MsiExec.exe /X{50DC5136-21E8-48BC-97E5-1AD055F6B0B6} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{51FDC2DE-0917-46B7-EAEC-5377504701DE}] : (PowerXpressHybrid.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{51FDC2DE-0917-46B7-EAEC-5377504701DE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] : (swMSM.-.Adobe Systems, Inc) -> MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{665526DB-AED9-223D-DB9D-CA1DD3451903}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{715C0854-EC71-6844-90EF-B1D450F99F44}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7337CFB9-FCC7-000D-4441-07B521C762A2}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8E1CACF5-2493-4950-9AD5-189903FE57E7}] : (ThinkPad OneLink Dock.-.Lenovo) -> "C:\Program Files (x86)\InstallShield Installation Information\{8E1CACF5-2493-4950-9AD5-189903FE57E7}\setup.exe" -runfromtemp -l0x0409 -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9091B0C4-2271-FCF5-10A1-FB41600B43C2}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}] : (Microsoft_VC80_CRT_x86.-.Adobe) -> MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{97DE7FD2-D93D-13FB-ECBE-E95B3D6B6DF4}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{a3294ccc-6d01-43c2-9249-3f50bd113bb8}] : (Intel(R) Technology Access.-.Intel Corporation) -> "C:\ProgramData\Package Cache\{a3294ccc-6d01-43c2-9249-3f50bd113bb8}\SetupITA_BB_x64.exe" /uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5D382B7-B298-310B-2AE7-ABACF6EFB2CB}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A68E77AF-268E-8AA3-52A3-3BB8ACDDF433}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{a9888f41-68ae-43df-bd7d-d93405a44106}] : (Intel® PROSet/Wireless Software.-.Intel Corporation) -> "C:\ProgramData\Package Cache\{a9888f41-68ae-43df-bd7d-d93405a44106}\Setup.exe" /uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824191728}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824191728} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}] : (Adobe Reader XI (11.0.17) MUI.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AB0000000001} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF37176A-78CA-545B-34EF-8B6A21514DD1}] : (Adobe Help Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AF37176A-78CA-545B-34EF-8B6A21514DD1} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}] : (CyberLink PowerDVD 12.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\Setup.exe" /z-uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B716F402-52DC-C0DD-27DB-6D43ED366AAF}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B7A0CE06-068E-11D6-97FD-0050BACBF861}] : (CyberLink PowerProducer 5.5.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}] : (Intel(R) Update Manager.-.Intel Corporation) -> MsiExec.exe /I{B991A1BC-DE0F-41B3-9037-B2F948F706EC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}] : (Dolby Advanced Audio v2.-.Dolby Laboratories Inc) -> MsiExec.exe /X{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}] : (Metric Collection SDK 35.-.Lenovo Group Limited) -> MsiExec.exe /X{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C5406BF7-AE6D-24CF-B49A-AAFF40A9B0D2}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C8488A39-7AB6-95EE-0078-BB38550B4109}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D19B9E97-FDF6-121B-A0B4-828461B608C8}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D6E853EC-8960-4D44-AF03-7361BB93227C}] : ( PowerDVD Create 10.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{D6E853EC-8960-4D44-AF03-7361BB93227C}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D8102684-7BA1-4948-88B9-535F84E6E588}] : (Thinkpad USB 3.0 Ethernet Adapter Driver.-.Lenovo) -> C:\Program Files (x86)\InstallShield Installation Information\{D8102684-7BA1-4948-88B9-535F84E6E588}\setup.exe -runfromtemp -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}] : (Gestionnaire d'alimentation.-.Lenovo Group Limited) -> C:\Program Files (x86)\InstallShield Installation Information\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}\Setup.exe -AddRemove [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}] : (Metric Collection SDK.-.Lenovo Group Limited) -> MsiExec.exe /X{DDAA788F-52E6-44EA-ADB8-92837B11BF26} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DE485075-8CD3-4A1E-9ABC-6412EBA44872}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{DE485075-8CD3-4A1E-9ABC-6412EBA44872}\setup.exe" /z-uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E1E568B2-28C5-0E83-FA96-DF6BB853728F}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E881D030-3758-E81A-AFEF-388F7195AA7D}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E9E6E25C-E6B8-F85D-C43A-0B1AE149F842}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EA29A3CE-FC81-9B0C-C611-213DBA1898DB}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EEAB654A-2BC7-07C8-90F0-C81E3EC3912F}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0253EF4-CFD0-05E0-B395-93495C7E589B}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F2E04A40-3EA7-42F8-B7CC-B6E7A39DC150}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{F2E04A40-3EA7-42F8-B7CC-B6E7A39DC150} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{f5d71765-7cd1-4e68-998f-5b379e725da3}] : (Intel(R) Chipset Device Software.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{f5d71765-7cd1-4e68-998f-5b379e725da3}\SetupChipset.exe" /uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.26.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}] : (Lenovo Warranty Information.-.Lenovo) -> MsiExec.exe /X{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521} ---------- | Installer [HKCR\Installer\Products\017392E30141FA785B4EA55D6D3E63C2] : Catalyst Control Center Next Localization HU -> C:\Windows\Installer\{3E293710-1410-87AF-B5E4-5AD5D6E3362C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\02D2CBA2C0D7E1E1837C28DEBFCB4A76] : CCC Help Swedish -> C:\Windows\Installer\{2ABC2D20-7D0C-1E1E-38C7-82EDFBBCA467}\ARPPRODUCTICON.exe [HKCR\Installer\Products\030D188E8573A18EFAFE83F81759AAD7] : CCC Help Polish -> C:\Windows\Installer\{E881D030-3758-E81A-AFEF-388F7195AA7D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\04A40E2F7AE38F247BCC6B7E3AD91C05] : Adobe AIR [HKCR\Installer\Products\0B5B5B2C545249E44BAB45D8B40F1B69] : Metric Collection SDK 35 [HKCR\Installer\Products\1C006203FDB61DF44170419892CC3158] : Intel(R) Wireless Bluetooth(R)(patch version 17.1.1431.1) -> C:\Windows\Installer\{302600C1-6BDF-4FD1-1407-148929CC1385}\IntelBluetoothICO [HKCR\Installer\Products\204F617BCD25DD0C72BDD634DE63A6FA] : CCC Help German -> C:\Windows\Installer\{B716F402-52DC-C0DD-27DB-6D43ED366AAF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2277CBB59D4E60448A9BE1112AB3E9FA] : Intel(R) WiDi -> C:\Windows\Installer\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}\WiDiIcon [HKCR\Installer\Products\2289D4EE3F7C6834783088C9DD2AF2AA] : Message Center Plus -> C:\Program Files (x86)\Lenovo\Message Center Plus\MessageCenterPlus.exe,0 [HKCR\Installer\Products\244D80D6CE8402CF2A5BF18A8EA89D7E] : Catalyst Control Center Next Localization RU -> C:\Windows\Installer\{6D08D442-48EC-FC20-A2B5-1FA8E88AD9E7}\ARPPRODUCTICON.exe [HKCR\Installer\Products\24D7C40E0AACFACC95610E4CE921B92E] : Catalyst Control Center Next Localization DA -> C:\Windows\Installer\{E04C7D42-CAA0-CCAF-5916-E0C49E129BE2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\28DF141935246AC9A137132F2AFF0B4A] : Catalyst Control Center Next Localization NO -> C:\Windows\Installer\{9141FD82-4253-9CA6-1A73-31F2A2FFB0A4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2B865E1E5C8238E0AF69FDB68B3527F8] : Catalyst Control Center Localization All -> C:\Windows\Installer\{E1E568B2-28C5-0E83-FA96-DF6BB853728F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2DF7ED79D39DBF31CEEB9EB5D3B6D64F] : CCC Help Thai -> C:\Windows\Installer\{97DE7FD2-D93D-13FB-ECBE-E95B3D6B6DF4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\37ADC3C2D81A85B44B08CA0E38CED225] : CCC Help Hungarian -> C:\Windows\Installer\{2C3CDA73-A18D-4B58-B480-ACE083EC2D52}\ARPPRODUCTICON.exe [HKCR\Installer\Products\38E1FB04BE028D11795C00905C206085] : Power2Go -> C:\Windows\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe [HKCR\Installer\Products\39F6032CCA0610446B005433677E17CE] : Intel(R) Management Engine Components [HKCR\Installer\Products\43BD81DEF6C7C5B223BDE172264E235C] : Catalyst Control Center Next Localization PL -> C:\Windows\Installer\{ED18DB34-7C6F-2B5C-32DB-1E2762E432C5}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4580C51717CE448609FE1B4D059FF944] : CCC Help Czech -> C:\Windows\Installer\{715C0854-EC71-6844-90EF-B1D450F99F44}\ARPPRODUCTICON.exe [HKCR\Installer\Products\45D9299D6AD29B439D8BA31A861AE265] : Catalyst Control Center Next Localization DE -> C:\Windows\Installer\{D9929D54-2DA6-34B9-D9B8-3AA168A12E56}\ARPPRODUCTICON.exe [HKCR\Installer\Products\467F8980A84D61EDEB6ED300B307F1DF] : Catalyst Control Center Next Localization BR -> C:\Windows\Installer\{0898F764-D48A-DE16-BEE6-3D003B701FFD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\49648A64CE950F8469C4E7679E8F2ADE] : ThinkVantage Active Protection System [HKCR\Installer\Products\4C0B190917225FCF011ABF1406B0342C] : CCC Help Spanish -> C:\Windows\Installer\{9091B0C4-2271-FCF5-10A1-FB41600B43C2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4F0C9E0198AA6247452CF435ED986528] : Catalyst Control Center Next Localization TH -> C:\Windows\Installer\{10E9C0F4-AA89-7426-54C2-4F53DE895682}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4FE3520F0DFC0E503B593994C5E785B9] : CCC Help Portuguese -> C:\Windows\Installer\{F0253EF4-CFD0-05E0-B395-93495C7E589B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\50E770B9AFA606C4F13FE18FD38E9C7B] : AMD Wireless Display v3.0 -> C:\Windows\Installer\{9B077E05-6AFA-4C60-1FF3-1EF83DE8C9B7}\ARPPRODUCTICON.exe [HKCR\Installer\Products\569FA683AB016BD3AFEEC69D49D7A5F8] : Catalyst Control Center - Branding -> C:\Windows\Installer\{386AF965-10BA-3DB6-FAEE-6CD9947D5A8F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\57C766DBDDE037044A606ADDC90361BE] : Intel(R) Chipset Device Software [HKCR\Installer\Products\59351B5135FF1E44DADACF2C973EAC01] : Lenovo PowerENGAGE -> C:\Windows\Installer\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}\ARPPRODUCTICON.exe [HKCR\Installer\Products\59BA5B70DA7762CA94B627026622B978] : Catalyst Control Center Next Localization KO -> C:\Windows\Installer\{07B5AB95-77AD-AC26-496B-722066229B87}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5B989D310B735BBF9CCA2ABCDD3D9C33] : CCC Help Dutch -> C:\Windows\Installer\{13D989B5-37B0-FBB5-C9AC-A2CBDDD3C933}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5C4E2354D48C04040A44CECF5C6C99B5] : REACHit -> C:\Windows\Installer\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\60EC0A7BE8606D1179DF0005ABBC8F16] : PowerProducer -> C:\Windows\Installer\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\ARPPRODUCTICON.exe [HKCR\Installer\Products\615AD1209D5BDC04A9ED46724DF01E4E] : Intel(R) PRO/Wireless Driver -> C:\Windows\Installer\{021DA516-B5D9-40CD-9ADE-6427D40FE1E4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\62A7E33472C1BBF12A8A43D784333BE4] : Catalyst Control Center Next Localization JA -> C:\Windows\Installer\{433E7A26-1C27-1FBB-A2A8-347D4833B34E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\6315CD058E12CB84795EA10D556F0B6B] : Create Recovery Media -> C:\Program Files (x86)\Lenovo\Factory Recovery\recovburncd.exe,0 [HKCR\Installer\Products\6347CF705B7E6462AB84237D9E8A6C66] : Catalyst Control Center Next Localization CS -> C:\Windows\Installer\{07FC7436-E7B5-2646-BA48-32D7E9A8C666}\ARPPRODUCTICON.exe [HKCR\Installer\Products\63AEB64B17B0E4A4EA1478426134AFA0] : PowerDVD -> C:\Windows\Installer\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\652857AA5BAB0CF559C4ADC259D37268] : Catalyst Control Center Next Localization IT -> C:\Windows\Installer\{AA758256-BAB5-5FC0-954C-DA2C953D2786}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA408033019195008142917182] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824191728}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA7FFFFB744BA0000000010] : Adobe Reader XI (11.0.17) MUI -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}\SC_Reader.ico [HKCR\Installer\Products\6B95BFF3F0258D73CDA016BF1C7CD4CF] : Catalyst Control Center Next Localization NL -> C:\Windows\Installer\{3FFB59B6-520F-37D8-DC0A-61FBC1C74DFC}\ARPPRODUCTICON.exe [HKCR\Installer\Products\6DC1430D6BD4793458E8444283F199BA] : Intel(R) Technology Access [HKCR\Installer\Products\6E59AD06C1B3E1183965DBE8EC307094] : Catalyst Control Center Next Localization CHT -> C:\Windows\Installer\{60DA95E6-3B1C-811E-9356-BD8ECE030749}\ARPPRODUCTICON.exe [HKCR\Installer\Products\6F12F344E3E8E7524EF3F77BFB72261C] : AMD Install Manager -> C:\Windows\Installer\{443F21F6-8E3E-257E-E43F-7FB7BF2762C1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\72B71B0421EAA27005148453AED75803] : Catalyst Control Center Next Localization FR -> C:\Windows\Installer\{40B17B27-AE12-072A-5041-4835EA7D8530}\ARPPRODUCTICON.exe [HKCR\Installer\Products\74846C52009BDA841A46B1F4B9776405] : Lenovo System Update -> C:\Windows\Installer\{25C64847-B900-48AD-A164-1B4F9B774650}\ARPPRODUCTICON.exe [HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.26 -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe [HKCR\Installer\Products\79E9B91D6FDFB1210A4B2848166B808C] : CCC Help English -> C:\Windows\Installer\{D19B9E97-FDF6-121B-A0B4-828461B608C8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7B283D5A892BB013A27EBACA6FFE2BBC] : CCC Help French -> C:\Windows\Installer\{A5D382B7-B298-310B-2AE7-ABACF6EFB2CB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7C43C21609E58D74B9C5F017D78D7262] : swMSM -> C:\Windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7FB6045CD6EAFC424BA9AAFF049A0B2D] : CCC Help Danish -> C:\Windows\Installer\{C5406BF7-AE6D-24CF-B49A-AAFF40A9B0D2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\83995F31595CC9744B971F17BAA96FF4] : Lenovo User Guide -> C:\Windows\Installer\{13F59938-C595-479C-B479-F171AB9AF64F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\85219694D4A45C4FC4C02C8106946005] : Catalyst Control Center Next Localization SV -> C:\Windows\Installer\{49691258-4A4D-F4C5-4C0C-C21860490650}\ARPPRODUCTICON.exe [HKCR\Installer\Products\872CE4DF1B1C694499DE0CEBB1A05A12] : Lenovo Warranty Information -> C:\Windows\Installer\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8A84DFF29E2D652CC4402874D2358120] : Catalyst Control Center Next Localization FI -> C:\Windows\Installer\{2FFD48A8-D2E9-C256-4C04-82472D531802}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8AE9270EC444FAA4BA96C39E706FA083] : Intel(R) Management Engine Components [HKCR\Installer\Products\93A8848C6BA7EE590087BB8355B01490] : CCC Help Norwegian -> C:\Windows\Installer\{C8488A39-7AB6-95EE-0078-BB38550B4109}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9A1221D6FB710CE4182F723DE03C7010] : Skype Click to Call -> C:\Windows\Installer\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}\ICON_PRODUCT [HKCR\Installer\Products\9BFC73377CCFD0004414705B127C262A] : CCC Help Finnish -> C:\Windows\Installer\{7337CFB9-FCC7-000D-4441-07B521C762A2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9FA444B1EBD14884F85369B9FEFC968A] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A14A126A2ADB10E80B3793C4E3FE82FB] : Catalyst Control Center Next Localization EL -> C:\Windows\Installer\{A621A41A-BDA2-8E01-B073-394C3EEF28BF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A2691670F597BB5EFB8A4E26A5CFA5F9] : AMD Settings -> C:\Windows\Installer\{0761962A-795F-E5BB-BFA8-E4625AFC5A9F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A456BAEE7CB28C70090F8CE1E33C19F2] : CCC Help Russian -> C:\Windows\Installer\{EEAB654A-2BC7-07C8-90F0-C81E3EC3912F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A67173FAAC87B54543FEB8A61215D41D] : Adobe Help Manager [HKCR\Installer\Products\A7C07E9B58F993A44A3AFB3A3CFB6731] : Dolby Advanced Audio v2 -> C:\Windows\Installer\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}\DolbyBlue.exe [HKCR\Installer\Products\A9EF1B6EE1BC69040AFA614391BC79C1] : Lenovo USB Graphics -> C:\Windows\Installer\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}\controlPanelIcon.exe [HKCR\Installer\Products\B1E6C064B9BD0846A03FDA6B17E6EA6A] : CCC Help Greek -> C:\Windows\Installer\{460C6E1B-DB9B-6480-0AF3-ADB6716EAEA6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B8EC01D334AD05F84499CC5DAB9E8C9E] : AMD Drag and Drop Transcoding -> C:\Windows\Installer\{3D10CE8B-DA43-8F50-4499-CCD5BAE9C8E9}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B93C4F85649D54A43A41EDCFA2DF3F79] : DisplayLink Core Software -> C:\Windows\Installer\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}\controlPanelIcon.exe [HKCR\Installer\Products\BCD7BED288FA600BA546BAA4ED39CF4A] : Catalyst Control Center Graphics Previews Common -> C:\Windows\Installer\{2DEB7DCB-AF88-B006-5A64-AB4ADE93FCA4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\BD6255669DEAD322BDD9ACD13D549130] : CCC Help Italian -> C:\Windows\Installer\{665526DB-AED9-223D-DB9D-CA1DD3451903}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C52E6E9E8B6ED58F4CA3B0A11E948F24] : AMD Settings -> C:\Windows\Installer\{E9E6E25C-E6B8-F85D-C43A-0B1AE149F842}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C61B15EF520AA8145A6D709DB346A3BF] : Intel(R) Management Engine Components [HKCR\Installer\Products\C8C821402187CCD418E6C9A81B6DEEEC] : Lenovo QuickControl -> C:\Windows\Installer\{04128C8C-7812-4DCC-816E-9C8AB1D6EECE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C9335768C821DD4438FBA0D5A6DB2879] : Lenovo System Update -> C:\Program Files (x86)\Lenovo\System Update\Tvsu.exe [HKCR\Installer\Products\CB1A199BF0ED3B1409732B9F847F60CE] : Intel(R) Update Manager -> C:\Windows\Installer\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}\icon.ico [HKCR\Installer\Products\CC67F423DD8D78D47BD74DFAE5A17A3B] : WaveEditor -> C:\Windows\Installer\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CE358E6D069844D4FA303716BB3922C7] : PowerDVD Create -> C:\Windows\Installer\{D6E853EC-8960-4D44-AF03-7361BB93227C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D25657E31B99E7141B36EB3FC3DAF361] : League of Legends -> C:\Windows\Installer\{3E75652D-99B1-417E-B163-BEF33CAD3F16}\lol.launcher_1.exe [HKCR\Installer\Products\D6AC225227FEC36C2D9BDC5CF5107E1B] : Catalyst Control Center Next Localization TR -> C:\Windows\Installer\{2522CA6D-EF72-C63C-D2B9-CDC55F01E7B1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D6CA64BAA9E34844081646FF0103B114] : Lenovo Solution Center -> C:\Windows\Installer\{AB46AC6D-3E9A-4484-8061-64FF10301B41}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D6D0947026C56E4C2A06A90062D6D9F2] : CCC Help Korean -> C:\Windows\Installer\{07490D6D-5C62-C4E6-A260-9A00266D9D2F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D75CDADF21D596611EE5709C5DD5DD87] : Catalyst Control Center Next Localization CHS -> C:\Windows\Installer\{FDADC57D-5D12-1669-E15E-07C9D55DDD78}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E06ECA877BC05394CB4D3F4322016570] : AMD Settings - Branding -> C:\Windows\Installer\{78ACE60E-0CB7-4935-BCD4-F33422105607}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E084A185E82F3515B8147FE7BF3ADA43] : Catalyst Control Center Next Localization ES -> C:\Windows\Installer\{581A480E-F28E-5153-8B41-F77EFBA3AD34}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E32723345E608F741B60A892170B3186] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\EC3A92AE18CFC0B96C1112D3AB8189BD] : CCC Help Chinese Traditional -> C:\Windows\Installer\{EA29A3CE-FC81-9B0C-C611-213DBA1898DB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\ED2CDF1571907B64AECE3577057410ED] : PowerXpressHybrid -> C:\Windows\Installer\{51FDC2DE-0917-46B7-EAEC-5377504701DE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F233930239AEA4E52C3148695451B053] : CCC Help Chinese Standard -> C:\Windows\Installer\{2039332F-EA93-5E4A-C213-849645150B35}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F3CA0EAAFB71DC8469ECF49161E9490B] : Intel® PROSet/Wireless WiFi Software -> C:\Windows\Installer\{AAE0AC3F-17BF-48CD-96CE-4F19169E94B0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F5C36CE107E8AC3A2A8B2CAC460C6C55] : CCC Help Japanese -> C:\Windows\Installer\{1EC63C5F-8E70-A3CA-A2B8-C2CA64C0C655}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F77B614E18672C9BE29A8FE78C97EB80] : AMD Accelerated Video Transcoding -> C:\Windows\Installer\{E416B77F-7681-B9C2-2EA9-F87EC879BE08}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F887AADD6E25AE44DA8B2938B711FB62] : Metric Collection SDK [HKCR\Installer\Products\FA77E86AE8623AA8253AB38BCADD4F33] : CCC Help Turkish -> C:\Windows\Installer\{A68E77AF-268E-8AA3-52A3-3BB8ACDDF433}\ARPPRODUCTICON.exe ---------- | ADS @C:\Users\Marion\AppData\Local:394ESDGOeRwcgxMLeOFmfpMIi ---------- | Drives Disk: 0 Size=477G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 1.5G Yes No 2,048 3,072,000 1 1 07-NTFS 457G No No 3,074,048 935,743,488 2 2 07-NTFS 19G No No 938,817,536 37,953,536 ---------- | MBR Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: LENOVO BIOS Manufacturer: LENOVO System Manufacturer: LENOVO System Product Name: 20DFCTO1WW Logical Drives Mask: 0x0001000c Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante lpksetup.exe, version : 6.1.7601.17514, horodatage : 0x4ce7a1f7 Nom du module défaillant : msvcrt.dll, version : 7.0.7601.17744, horodatage : 0x4eeb033f Code d’exception : 0x40000015 Décalage d’erreur : 0x000000000002a84e ID du processus défaillant : 0x2b8 Heure de début de l’application défaillante : 0x01d1e8489ddfd45e Chemin d’accès de l’application défaillante : C:\Windows\system32\lpksetup.exe Chemin d’accès du module défaillant: C:\Windows\system32\msvcrt.dll ID de rapport : e04c79c6-543b-11e6-b4ef-68f728db5315 ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Nom de l’application défaillante lpksetup.exe, version : 6.1.7601.17514, horodatage : 0x4ce7a1f7 Nom du module défaillant : msvcrt.dll, version : 7.0.7601.17744, horodatage : 0x4eeb033f Code d’exception : 0x40000015 Décalage d’erreur : 0x000000000002a84e ID du processus défaillant : 0x15e4 Heure de début de l’application défaillante : 0x01d1e80d8e503d65 Chemin d’accès de l’application défaillante : C:\Windows\system32\lpksetup.exe Chemin d’accès du module défaillant: C:\Windows\system32\msvcrt.dll ID de rapport : d1f42edb-5400-11e6-8fff-68f728db5315 ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Nom de l’application défaillante lpksetup.exe, version : 6.1.7601.17514, horodatage : 0x4ce7a1f7 Nom du module défaillant : msvcrt.dll, version : 7.0.7601.17744, horodatage : 0x4eeb033f Code d’exception : 0x40000015 Décalage d’erreur : 0x000000000002a84e ID du processus défaillant : 0x10b0 Heure de début de l’application défaillante : 0x01d1e800c6d3618e Chemin d’accès de l’application défaillante : C:\Windows\system32\lpksetup.exe Chemin d’accès du module défaillant: C:\Windows\system32\msvcrt.dll ID de rapport : 075b3a4c-53f4-11e6-90f3-68f728db5315 ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Nom de l’application défaillante lpksetup.exe, version : 6.1.7601.17514, horodatage : 0x4ce7a1f7 Nom du module défaillant : msvcrt.dll, version : 7.0.7601.17744, horodatage : 0x4eeb033f Code d’exception : 0x40000015 Décalage d’erreur : 0x000000000002a84e ID du processus défaillant : 0xcfc Heure de début de l’application défaillante : 0x01d1e7ecbfef73b6 Chemin d’accès de l’application défaillante : C:\Windows\system32\lpksetup.exe Chemin d’accès du module défaillant: C:\Windows\system32\msvcrt.dll ID de rapport : 01a151e1-53e0-11e6-aa59-68f728db5315 ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Nom de l’application défaillante lpksetup.exe, version : 6.1.7601.17514, horodatage : 0x4ce7a1f7 Nom du module défaillant : msvcrt.dll, version : 7.0.7601.17744, horodatage : 0x4eeb033f Code d’exception : 0x40000015 Décalage d’erreur : 0x000000000002a84e ID du processus défaillant : 0x1d4 Heure de début de l’application défaillante : 0x01d1e7209b59c5e4 Chemin d’accès de l’application défaillante : C:\Windows\system32\lpksetup.exe Chemin d’accès du module défaillant: C:\Windows\system32\msvcrt.dll ID de rapport : dfa655e2-5313-11e6-9d73-68f728db5315 ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Nom de l’application défaillante LolClient.exe, version : 0.0.0.0, horodatage : 0x515663e0 Nom du module défaillant : Adobe AIR.dll, version : 21.0.0.176, horodatage : 0x56de3058 Code d’exception : 0xc0000005 Décalage d’erreur : 0x001794f1 ID du processus défaillant : 0xffc Heure de début de l’application défaillante : 0x01d1e65fe5154d8b Chemin d’accès de l’application défaillante : C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.206\deploy\LolClient.exe Chemin d’accès du module défaillant: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.206\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll ID de rapport : 9b273f23-5258-11e6-bd73-68f728db5315 ------------ Nom de l’application défaillante lpksetup.exe, version : 6.1.7601.17514, horodatage : 0x4ce7a1f7 Nom du module défaillant : msvcrt.dll, version : 7.0.7601.17744, horodatage : 0x4eeb033f Code d’exception : 0x40000015 Décalage d’erreur : 0x000000000002a84e ID du processus défaillant : 0x1578 Heure de début de l’application défaillante : 0x01d1e65f89755f18 Chemin d’accès de l’application défaillante : C:\Windows\system32\lpksetup.exe Chemin d’accès du module défaillant: C:\Windows\system32\msvcrt.dll ID de rapport : c96dee0d-5252-11e6-bd73-68f728db5315 ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Nom de l’application défaillante lpksetup.exe, version : 6.1.7601.17514, horodatage : 0x4ce7a1f7 Nom du module défaillant : msvcrt.dll, version : 7.0.7601.17744, horodatage : 0x4eeb033f Code d’exception : 0x40000015 Décalage d’erreur : 0x000000000002a84e ID du processus défaillant : 0x1414 Heure de début de l’application défaillante : 0x01d1e64fcaed0b4c Chemin d’accès de l’application défaillante : C:\Windows\system32\lpksetup.exe Chemin d’accès du module défaillant: C:\Windows\system32\msvcrt.dll ID de rapport : 10d5c524-5243-11e6-a14f-68f728db5315 ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Nom de l’application défaillante rads_user_kernel.exe, version : 0.0.0.0, horodatage : 0x4e65c1ac Nom du module défaillant : rads_user_kernel.exe, version : 0.0.0.0, horodatage : 0x4e65c1ac Code d’exception : 0xc0000005 Décalage d’erreur : 0x000b8554 ID du processus défaillant : 0x1664 Heure de début de l’application défaillante : 0x01d1e58deaf3239b Chemin d’accès de l’application défaillante : C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Chemin d’accès du module défaillant: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ID de rapport : 29e0f569-5181-11e6-aa5d-68f728db5315 ------------ Nom de l’application défaillante GWXUX.exe, version : 6.3.9600.18407, horodatage : 0x578254e8 Nom du module défaillant : RPCRT4.dll, version : 6.1.7601.23452, horodatage : 0x5734ba1c Code d’exception : 0xc0000005 Décalage d’erreur : 0x00000000000475b8 ID du processus défaillant : 0x1434 Heure de début de l’application défaillante : 0x01d1e58ddec21498 Chemin d’accès de l’application défaillante : C:\Windows\System32\GWX\GWXUX.exe Chemin d’accès du module défaillant: C:\Windows\system32\RPCRT4.dll ID de rapport : 28b73e1d-5181-11e6-aa5d-68f728db5315 ------------ Nom de l’application défaillante lpksetup.exe, version : 6.1.7601.17514, horodatage : 0x4ce7a1f7 Nom du module défaillant : msvcrt.dll, version : 7.0.7601.17744, horodatage : 0x4eeb033f Code d’exception : 0x40000015 Décalage d’erreur : 0x000000000002a84e ID du processus défaillant : 0x1048 Heure de début de l’application défaillante : 0x01d1e58dcf736637 Chemin d’accès de l’application défaillante : C:\Windows\system32\lpksetup.exe Chemin d’accès du module défaillant: C:\Windows\system32\msvcrt.dll ID de rapport : 15482294-5181-11e6-aa5d-68f728db5315 ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ----------( EOF)---------- - 3543 | 23:50:52