--------------- QuickDiag | g3n-h@ckm@n | 2_17.07.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 17/07/2016 10:19:28 Updated 17/07/2016 | 08.15 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Aralia (Administrator)] - [ADAMTROPIK] (S-1-5-21-93316058-2836923639-1887713213-1001) System: Microsoft Windows 10 Famille - - (10.0.10586) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition4 Boot : Normal boot PC: SATELLITE C70D-B - TOSHIBA - IdNumber: 1F033098U - UUID: B004FBE5-6B95-E411-AA22-008CFA8A9408 Processor : X64 - 1347 Mhz - AMD E1-6010 APU with AMD Radeon R2 Graphics 1.40 - en|US|iso8859-1 - Insyde Corp. - S/N: 1F033098U - 1.40 - TOSINV - 1 CoreTemp : 50 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1179F939&REV_1002\4&4E4651B&0&0001 AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1005\4&874A449&0&0001 ---------- | Video AMD Radeon(TM) R2 Graphics - Resolution: 1600x900 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,amdxc64.dll,aticfx32,aticfx32,aticfx32,amdxc32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9853&SUBSYS_F9361179&REV_00\3&2411E6FE&1&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 536870912 Inegrated Video Chipset DeviceName: AMD Radeon(TM) R2 Graphics - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25344 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27136 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34632 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:5 % CPU #2 value:17 % Total Overall CPU Usage value:11 % ---------- | Network Realtek PCIe FE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Carte réseau Broadcom 802.11n : SENT:0 bytes/sec / RECVD:0 bytes/sec Connexion au réseau local* 3 : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{29457D79-D8D0-4249-8764-D4626DD54DEE} : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:11 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Carte réseau Broadcom 802.11n - Ethernet 802.3 - Broadcom - Status: - PnPID : PCI\VEN_14E4&DEV_4365&SUBSYS_665511AD&REV_01\4&1FBAD106&0&0013 Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_FF1E1179&REV_07\4&D012061&0&0012 TomTom - - - Status: - PnPID : Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\7&42E1425&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\7&42E1425&0&2 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&1CEC7C13&0&02 Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE Microsoft ISATAP Adapter - - - Status: - PnPID : Microsoft ISATAP Adapter - - - Status: - PnPID : Microsoft ISATAP Adapter #3 - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_2 ---------- | Memory RAM = Total (MB) : 3630 | Free (MB) : 1922 Pagefile = Total (MB) : 4351 | Free (MB) : 2557 Virtual = Total (MB) : 4194 | Free (MB) : 3957 Physical Memory 1 : Capacity: 4294967296 - DIMM 1 - Posit.: - Manufacturer: Samsung - PartNumber: M471B5173QH0-YK0 - S/N: D1A29E80 ---------- | SID Users Administrateur : [S-1-5-21-93316058-2836923639-1887713213-500] Aralia : [S-1-5-21-93316058-2836923639-1887713213-1001] DefaultAccount : [S-1-5-21-93316058-2836923639-1887713213-503] HomeGroupUser$ : [S-1-5-21-93316058-2836923639-1887713213-1003] Invité : [S-1-5-21-93316058-2836923639-1887713213-501] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-93316058-2836923639-1887713213-1002] WinRMRemoteWMIUsers__ : [S-1-5-21-93316058-2836923639-1887713213-1000] ---------- | Drives H:\ -> [Removable] | [STORE N GO] | Total : 3.76 Go | Free : 0.13 Go -> FAT32 [USB] G:\ -> [Removable] | [SP UFD U2] | Total : 7.21 Go | Free : 0.24 Go -> FAT32 [USB] F:\ -> [Removable] | [STORE N GO] | Total : 3.73 Go | Free : 0.04 Go -> FAT32 [USB] E:\ -> [Removable] | [SP UFD U2] | Total : 7.21 Go | Free : 4.79 Go -> FAT32 [USB] C:\ -> [Fixed] | [TI31378800A] | Total : 918.82 Go | Free : 750.77 Go -> NTFS [SATA] Disk Usage Information [5 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #4 [H:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_UFD_2.0&PROD_SILICON-POWER8G&REV_PMAP\12040045021E600249B32B21F57&0 DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_&REV_\11080858002125&0 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_UFD_2.0&PROD_SILICON-POWER8G&REV_PMAP\12040045022E600249B2C2B6434&0 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : SCSI\DISK&VEN_HGST&PROD_HTS541010A9E680\4&28D91EE9&0&000000 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_1.00\3AF7416EA653629C&0 ---------- | Windows updates No detected update !!! Windows Is Activated ---------- | Browsers IE : 11.0.10586.494 (© Microsoft Corporation. Tous droits réservés.) FF : 47.0.1.6018 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 51.0.2704.106 (Copyright 2015 Google Inc.) Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" ---------- | FlashPlayer FlashPlayer ActiveX : 22.0.0.209 FlashPlayer Plugin : 21.0.0.182 ---------- | Security AV : avast! Antivirus Disabled AS : avast! Antivirus Disabled AM : Malwarebytes' Anti-Malware ( 2.3.173.0) [Update : 04/07/2016 19:59:14] FW : avast! Antivirus Disabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 392 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.10586.0) = C:\Windows\System32\smss.exe [30/10/2015 09:18:03] CPU Usage:0 % 720 | [Owner : | Parent : 592() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.10586.306) = C:\Windows\System32\wininit.exe [11/05/2016 07:45:37] CPU Usage:0 % 808 | [Owner : | Parent : 712() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.10586.306) = C:\Windows\System32\winlogon.exe [11/05/2016 07:45:42] CPU Usage:0 % 828 | [Owner : | Parent : 720(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.10586.71) = C:\Windows\System32\services.exe [27/01/2016 20:38:12] CPU Usage:0 % 848 | [Owner : | Parent : 720(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.10586.0) = C:\Windows\System32\lsass.exe [30/10/2015 09:18:03] CPU Usage:0 % 932 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 984 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 948 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 968 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1048 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1064 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1108 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1348 | [Owner : | Parent : 828(services.exe) | ?????] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe [08/10/2015 22:34:22] CPU Usage:0 % 1356 | [Owner : | Parent : 828(services.exe) | ?????] - (.Advanced Micro Devices, Inc. - tbaseprovisioning.) - (1.0.0.0) = C:\Windows\SysWOW64\tbaseprovisioning.exe [23/06/2015 19:39:28] CPU Usage:0 % 1384 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1476 | [Owner : | Parent : 1348(atiesrxx.exe) | ?????] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe [08/10/2015 22:34:22] CPU Usage:0 % 1828 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 1956 | [Owner : | Parent : 828(services.exe) | ?????] - (.AVAST Software - avast! Service.) - (12.1.3076.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [02/07/2016 09:56:09] CPU Usage:0 % 2032 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.122) = C:\Windows\System32\spoolsv.exe [02/03/2016 14:11:40] CPU Usage:0 % 1072 | [Owner : | Parent : 1064(svchost.exe) | ?????] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (10.0.10586.0) = C:\Windows\System32\wlanext.exe [30/10/2015 09:17:42] CPU Usage:0 % 1232 | [Owner : | Parent : 1072(wlanext.exe) | ?????] - (.Microsoft Corporation - Console Window Host.) - (10.0.10586.0) = C:\Windows\System32\conhost.exe [30/10/2015 09:17:58] CPU Usage:0 % 2248 | [Owner : | Parent : 828(services.exe) | ?????] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.19.1728) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [25/06/2016 01:45:12] CPU Usage:0 % 2260 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 2272 | [Owner : | Parent : 828(services.exe) | ?????] - (.- dts_apo_service.) - (1.1.57.0) = C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [25/02/2014 00:11:20] CPU Usage:0 % 2396 | [Owner : | Parent : 828(services.exe) | ?????] - (.- Inkjet Printer/Scanner/Fax Extended Survey Program Service.) - (3.2.0.102) = C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe [28/12/2015 12:41:47] CPU Usage:0 % 2468 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 2476 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 2528 | [Owner : | Parent : 828(services.exe) | ?????] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.0.16.3) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [20/09/2015 04:02:12] CPU Usage:0 % 2580 | [Owner : | Parent : 828(services.exe) | ?????] - (.RaMMicHaeL - Unchecky Service.) - (0.4.3.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [23/09/2015 13:40:36] CPU Usage:0 % 2608 | [Owner : | Parent : 828(services.exe) | ?????] - (.TomTom - Windows Service for TomTom HOME.) - (2.9.8.3722) = C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [13/07/2015 12:44:30] CPU Usage:0 % 2636 | [Owner : | Parent : 828(services.exe) | ?????] - (.Toshiba Corporation - TOSHIBA eco Utility Service.) - (2.0.0.26) = C:\Program Files\TOSHIBA\Teco\TecoService.exe [30/07/2014 03:02:46] CPU Usage:0 % 2756 | [Owner : | Parent : 828(services.exe) | ?????] - (.Broadcom Corporation. - Bluetooth Radio Management Support.) - (12.0.0.8048) = C:\Windows\System32\BtwRSupportService.exe [27/03/2015 19:33:20] CPU Usage:0 % 2800 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [25/05/2016 10:31:20] CPU Usage:0 % 2824 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Updates Skype Click to Call.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [25/05/2016 10:30:36] CPU Usage:0 % 3292 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 4184 | [Owner : Aralia | Parent : 948(svchost.exe) | 18.34 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe [30/10/2015 09:18:01] CPU Usage:0 % 4208 | [Owner : Aralia | Parent : 948(svchost.exe) | 25.86 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe [30/10/2015 09:17:43] CPU Usage:0 % 4216 | [Owner : Aralia | Parent : 2580(unchecky_svc.exe) | 10.3 Mo] - (.RaMMicHaeL - Unchecky Background Process.) - (0.4.3.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [23/09/2015 13:40:36] CPU Usage:0 % 4224 | [Owner : Aralia | Parent : 2528(SynTPEnhService.exe) | 18.42 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.0.16.3) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [20/09/2015 04:02:12] CPU Usage:0 % 4544 | [Owner : Aralia | Parent : 932(svchost.exe) | 33.29 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe [30/10/2015 09:17:51] CPU Usage:0 % 4756 | [Owner : Aralia | Parent : 4696() | 113.26 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.494) = C:\Windows\explorer.exe [13/07/2016 13:58:14] CPU Usage:0 % 4836 | [Owner : Aralia | Parent : 4488() | 3.66 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.0.16.3) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [20/09/2015 04:02:13] CPU Usage:0 % 4368 | [Owner : Aralia | Parent : 932(svchost.exe) | 81.17 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.494) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [13/07/2016 13:58:34] CPU Usage:0 % 4140 | [Owner : Aralia | Parent : 932(svchost.exe) | 99.08 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.494) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [13/07/2016 13:54:28] CPU Usage:0 % 3912 | [Owner : | Parent : 828(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.494) = C:\Windows\System32\SearchIndexer.exe [13/07/2016 13:57:03] CPU Usage:0 % 1428 | [Owner : Aralia | Parent : 4756(explorer.exe) | 9.44 Mo] - (.TomTom - System Tray application for TomTom HOME.) - (2.9.8.3722) = C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [13/07/2015 12:44:26] CPU Usage:0 % 5716 | [Owner : Aralia | Parent : 4756(explorer.exe) | 11.64 Mo] - (.Nico Mak Computing - WinZip Update Notifier.) - (1.0.0.0) = C:\Program Files\WinZip\WZUpdateNotifier.exe [23/10/2015 21:00:00] CPU Usage:0 % 1780 | [Owner : Aralia | Parent : 5720() | 24.12 Mo] - (.AVAST Software - avast! Antivirus.) - (12.1.3076.6) = C:\Program Files\AVAST Software\Avast\avastui.exe [12/07/2016 02:12:57] CPU Usage:0 % 3028 | [Owner : Aralia | Parent : 932(svchost.exe) | 6.27 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.10586.0) = C:\Windows\System32\wbem\unsecapp.exe [30/10/2015 09:17:45] CPU Usage:0 % 4192 | [Owner : Aralia | Parent : 828(services.exe) | 26.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe [30/10/2015 09:17:49] CPU Usage:0 % 8012 | [Owner : Aralia | Parent : 948(svchost.exe) | 3.06 Mo] - (.TOSHIBA Corporation - TOSHIBA Service Station.) - (2.6.7.0) = C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [24/09/2013 22:16:26] CPU Usage:0 % 7380 | [Owner : | Parent : 828(services.exe) | ?????] - (.TOSHIBA Corporation - TSS TMachInfo Service.) - (2.4.0.0) = C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [24/09/2013 22:16:18] CPU Usage:0 % 7932 | [Owner : Aralia | Parent : 948(svchost.exe) | 9.28 Mo] - (.Toshiba Europe GmbH - Toshiba TEMPRO.) - (5.0.0.0) = C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [17/11/2015 13:05:42] CPU Usage:0 % 8036 | [Owner : | Parent : 828(services.exe) | ?????] - (.Toshiba Europe GmbH - Toshiba TEMPRO.) - (5.0.0.0) = C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [17/11/2015 13:05:32] CPU Usage:0 % 4704 | [Owner : | Parent : 1384(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.10586.218) = C:\Windows\System32\audiodg.exe [13/04/2016 22:05:24] CPU Usage:0 % 7828 | [Owner : Aralia | Parent : 6784() | 62.84 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.10586.494) = C:\Program Files\Internet Explorer\iexplore.exe [13/07/2016 13:56:59] CPU Usage:0 % 3980 | [Owner : Aralia | Parent : 7828(iexplore.exe) | 152.27 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.10586.494) = C:\Program Files (x86)\Internet Explorer\iexplore.exe [13/07/2016 13:56:52] CPU Usage:0 % 1452 | [Owner : Aralia | Parent : 7828(iexplore.exe) | 165.44 Mo] - (.Eyeo GmbH - Adblock Plus Engine for Internet Explorer.) - (1.5.0.0) = C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe [23/09/2015 03:17:22] CPU Usage:0 % 5580 | [Owner : Aralia | Parent : 4756(explorer.exe) | 27.77 Mo] - (.SosVirus - QuickDiag.) - (17.7.2016.1) = C:\Users\Aralia\Desktop\QuickDiag.exe [17/07/2016 10:17:22] CPU Usage:0 % ---------- | MD5 [MD5.E396258CFD8F84E8F2C24930E6D88C67] - [13/07/2016 13:58:14] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4409.43 Ko] - (10.0.10586.494) : C:\WINDOWS\Explorer.exe [MD5.41E25E514D90E9C8BC570484DBAFF62B] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [228.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\cmd.exe [MD5.3E7CCD0F507877C50078205667CE8133] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.72 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\csrss.exe [MD5.9513834DAC717444F04169EA5D120885] - [30/10/2015 09:17:51] - (.© Microsoft Corporation. - COM Surrogate.) - [18.34 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\dllhost.exe [MD5.1C9C6933A94C594DE7366124B4DD6075] - [30/10/2015 09:17:46] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [689.05 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Kernel32.dll [MD5.889459F1FDDC5EC58B437AA6C436F33F] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.55 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\lsass.exe [MD5.B339861C6A2A86FBCA67C2006B461473] - [30/10/2015 09:17:51] - (.© Microsoft Corporation. - Distributed COM Services.) - [883.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\rpcss.dll [MD5.0DCB89B1F3689BC6262FF30BBD603171] - [30/10/2015 09:18:14] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [58 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\rundll32.exe [MD5.6FF8248F3A9D69A095C7F3F42BC29CB2] - [27/01/2016 20:38:12] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [429.84 Ko] - (10.0.10586.71) : C:\WINDOWS\System32\services.exe [MD5.8497852ED44AFF902D502015792D315D] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [42.91 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\svchost.exe [MD5.F5F7CE3E32536F1A37FB3972F27A814F] - [11/05/2016 07:45:49] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1366.43 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\user32.dll [MD5.8F3ECCB5DC878FA14887B43CD148CBA9] - [30/10/2015 09:17:53] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\userinit.exe [MD5.C1C81AAF533552B3C4D9F11A5FF97700] - [11/05/2016 07:45:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [284.53 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\Wininit.exe [MD5.5C156EC4E44E30331BCC865A3B61D839] - [11/05/2016 07:45:42] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [572 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\Winlogon.exe [MD5.70148EFA9A562E7185B75BBE7D376BF7] - [28/12/2015 10:27:28] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [565.34 Ko] - (10.0.10586.3) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.492B99D2E3D5D7BFD5F0AE1BE7BD37DD] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.B6664965BF346322BBDF286174851476] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [188.34 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.7F9C7226D743B232907ED2537B8A574F] - [30/10/2015 09:18:09] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.82D97776BF982AA143BDC7DFB5054EA8] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.935823F79CBEDB91637B63D37E3A5A36] - [13/04/2016 22:04:45] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [145 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.84BC034B6BB763733C1949B7B9BAF976] - [30/10/2015 09:17:18] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [78 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.53FDD9E69189E546DE4740F8C4D8AB2F] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.9E5E8F2A1996F23B7E9687846AA81B01] - [30/10/2015 09:17:43] - (.© Microsoft Corporation. - IP Network Address Translator.) - [140 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.0B3B0C1D86050355676640488FA897D3] - [02/03/2016 14:11:33] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [420.84 Ko] - (10.0.10586.122) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.E582DA849A58524E645545FB68B6625D] - [13/04/2016 22:04:51] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1125.84 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.C03E926B0E7D66D68994067231DC3246] - [15/06/2016 02:32:05] - (.© Microsoft Corporation. - MBT Transport driver.) - [272 Ko] - (10.0.10586.420) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.19BD8A88AAC580592668B070AC0727D9] - [13/04/2016 22:05:21] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2101.84 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.7D0FC96264C0F8F2C1321E33E8EB646C] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.E3C82823B22463BC38AA4F8ADA852624] - [02/03/2016 14:10:24] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.10586.122) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.1DC2CC74B51E4DC4CD5A20C1021E4010] - [30/10/2015 09:19:42] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [169 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.CF63BF6AAEDF721E37F9E216FD321B8E] - [13/07/2016 13:53:43] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2346.84 Ko] - (10.0.10586.494) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.91D3F2A6253EF83EFBD7903028F58C4D] - [28/12/2015 10:27:29] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.84 Ko] - (10.0.10586.3) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.E1F91A727A04C9F8199D04FF3BBBF63C] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [404.84 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\CoreUIComponents.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1404) -- C:\WINDOWS\SYSTEM32\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6463) -- C:\WINDOWS\SYSTEM32\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.625) -- C:\WINDOWS\SYSTEM32\atidxx64.dll (.Google.-.Google Drive shell extension.) - (1.30.2170.459) -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (.AVAST Software.-.avast! Shell Extension.) - (12.1.3076.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (..-..) - (0.0.0.0) -- C:\Program Files\Unlocker\UnlockerCOM.dll (.Malwarebytes.-.Malwarebytes Anti-Malware.) - (3.1.1.0) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll (.WinZip Computing, S.L..-.WinZip Shell Extension DLL.) - (4.1.0.0) -- C:\Program Files\WinZip\wzshls64.dll (.Google.-.Google Drive shell extension.) - (1.30.2170.459) -- C:\Program Files (x86)\Google\Drive\contextmenu64.dll (.Igor Pavlov.-.7-Zip Shell Extension.) - (16.2.0.0) -- C:\Program Files\7-Zip\7-zip.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.357) -- C:\WINDOWS\system32\RtkAPO64.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Google Update - ("C:\Users\Aralia\AppData\Local\Google\Update\GoogleUpdate.exe" /c [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\...\Run]) - User: ADAMTROPIK\Aralia CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\...\Run]) - User: ADAMTROPIK\Aralia TomTomHOME.exe - ("C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\...\Run]) - User: ADAMTROPIK\Aralia FAH - (C:\PROGRA~1\WinZip\FAHCON~1.EXE [Common Startup]) - User: Public Update Notifier - (C:\PROGRA~1\WinZip\WZUPDA~1.EXE [Common Startup]) - User: Public WinZip Preloader - (C:\PROGRA~1\WinZip\WZPREL~1.EXE [Common Startup]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\...\Run]) - User: Public TCrdMain - (C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [HKLM\...\Run]) - User: Public TosWaitSrv - (%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [HKLM\...\Run]) - User: Public TecoResident - (C:\Program Files\TOSHIBA\Teco\TecoResident.exe [HKLM\...\Run]) - User: Public TSSSrv - (C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [HKLM\...\Run]) - User: Public SynTPEnh - (%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [HKLM\...\Run]) - User: Public CanonMyPrinter - (C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [HKLM\...\Run]) - User: Public [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Aralia\AppData\Local\Google\Update\GoogleUpdate.exe" /c "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "CCleaner Monitoring"=0x03000000ACD653B5D713D101 "OneDrive"=0x0300000070F014BFD713D101 "Google Update"=0x030000005645D899D913D101 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "TCrdMain"=C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [09/10/2013 02:51:12] "TosWaitSrv"=%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "TecoResident"=C:\Program Files\TOSHIBA\Teco\TecoResident.exe [17/04/2014 23:39:58] "TSSSrv"=C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [22/10/2013 05:51:24] "SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "RTHDVCPL"=0x03000000801E54BE633BD101 "SynTPEnh"=0x060000000000000000000000 ""=0x040000000000000000000000 "CanonMyPrinter"=0x03000000000E40C7633BD101 "TecoResident"=0x03000000608563B3633BD101 "TCrdMain"=0x0300000070EDD2B7633BD101 "TSSSrv"=0x020000000000000000000000 "TosWaitSrv"=0x020000000000000000000000 "TSVU"=0x0300000040C1F7D5633BD101 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui "TSVU"="c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe" "CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=9a8180b3-f453-4dcf-9dd6-ddfce95 "GlassSessionId"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=27 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [01/05/2015 19:15:58] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=848 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 ---------- | .LNK C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk (shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}) C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk (shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}) C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk (shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}) C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk (/e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}) C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk (/0) C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk (::{7007ACC7-3202-11D1-AAD2-00805FC1270E}) C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk (/name Microsoft.DeviceManager) C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk (/name Microsoft.System) C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk (/name Microsoft.PowerOptions) C:\Users\Aralia\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk (/name Microsoft.ProgramsAndFeatures) C:\Users\Aralia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk (/prefetch:1) C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk (/SendTo) C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk (/sendto:) C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk (--sendto) C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk (-hunter) C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk (page=SettingsPagePCSystemDevices) C:\Users\Public\Desktop\Canon MP280 series Manuel en ligne.lnk ("C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MP280 SERIES\French\Info.egv") C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk ("-startda") C:\Users\Public\Desktop\Toshiba Tempro.lnk (/startUI) C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk (/id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem) C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk (/id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem) C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk (/id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem) C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk (/id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem) C:\ProgramData\Microsoft\Windows\GameExplorer\{a4716442-59ac-4657-b782-124436d3e105}\PlayTasks\0\provider.lnk (/id=a4716442-59ac-4657-b782-124436d3e105 /src gameexploreroem) C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk (/id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk (/OEM) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk (-sta {C90FB8CA-3295-4462-A721-2935E83694BA}) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series\MP Drivers - Programme de désinstallation.lnk (/U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series /L0x000c) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual\Canon MP280 series Manuel en ligne.lnk ("C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MP280 SERIES\French\Info.egv") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint EX\Désinstaller Easy-PhotoPrint EX.lnk (C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.ini) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\Désinstallation de MP Navigator EX.lnk (/UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 4.0\uninst.ini) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Printer\Désinstallation de My Printer.lnk (C:\Program Files\Canon\MyPrinter\uninst.ini) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Printer\My Printer.lnk (/mn) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu EX\Désinstallation de Solution Menu EX.lnk (/Uninstall C:\Program Files (x86)\Canon\Solution Menu EX\uninst.ini) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk (--new_document) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk (--new_spreadsheet) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk (--new_presentation) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\FAH.lnk () 1T1%H}c0WinZip> �7G�[%H}c.u F��WinZipj2�WG� FAHCON~1.EXEN �W C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Update Notifier.lnk () 1T1%H}c0WinZip> �7G�[%H}c.u F��WinZipv2�pWG�!WZUPDA~1.EXEZ �W C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\WinZip Preloader.lnk () 1T1%H}c0WinZip> �7G�[%H}c.u F��WinZipl2��WG�!WZPREL~1.EXEY�W C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk (/name Microsoft.DefaultPrograms) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk (/7) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\Désinstaller TomTom HOME 2.lnk (/x {5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\TomTom MyDrive Connect.lnk ("-startda") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Toshiba Tempro.lnk (/startUI) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Support\Manual.lnk (Manual) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\eco Utility.lnk (/UI) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\TOSHIBA Hotkey.lnk (/Setting) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk (--reset-config --reset-plugins-cache vlc://quit) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk (-Iskins) ---------- | AppCertDlls | AppInit_DLLs ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=0 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "MouseMonitorEscapeSpeed"=0 "Win8DpiScaling"=0 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1600 "MaxMonitorDimension"=1600 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301003DCE0700000A00004006000069B513E88DF4D00163003A005C00750073006500720073005C006100720061006C00690061005C00700069006300740075007200650073005C00610064005F006D0065007300700068006F0074006F0073005C003300390031003500320035005F0067007500690074006100720065002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "AutoColorization"=1 "ImageColor"=2462088536 "Pattern Upgrade"=TRUE "DpiScalingVer"=4096 "Wallpaper"=c:\users\aralia\pictures\ad_mesphotos\391525_guitare.jpg [13/05/2016 09:10:08] "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "AllowStartMenuToDefaultOn"=1 "TelemetrySalt"=4 "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309DAA5E00006078A409B011A54DAFA526D86198A78032580000BD0E0C47735D584D9CEDE91E22E23282E62D00000493D7E0BE84CE1196414445535400008B51000094B202BB2584E542983F41A1FA970CD61E220000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "LastClockSize"=0x270000000F000000460000000F000000410000000F000000 "GlobalAssocChangedCounter"=223 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "Browse For Folder Width"=347 "Browse For Folder Height"=288 "link"=0x1E000000 [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "StoreAppsOnTaskbar"=1 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=11 "ReindexedProfile"=1 "TaskbarSizeMove"=0 "EnableStartMenu"=1 [HKLM\Software\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "SoftwareSASGeneration"=1 "DisableTaskMgr"=0 "DisableRegistryTools"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "NoRun"=0 "NoFolderOptions"=0 "NoControlPanel"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=Off "GlobalAssocChangedCounter"=239 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "SoftwareSASGeneration"=1 "DisableTaskMgr"=0 "DisableRegistryTools"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "NoRun"=0 "NoFolderOptions"=0 "NoControlPanel"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=29 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=10586 "FirstLogon"=0 "PUUActive"=0x53A5712D0900000009002000B43A0100ED7301004F8D0100D0000000B500BD0028B767AE17630200C5D601009F9C000078860000D51A000000000000C4940100F9100000510000004DE45740FFDFD101 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "ShutdownStartTime"=131132151500761076 "UserSessionShutdownStopTime"=131132151563367990 "ShutdownFlags"=7 "Userinit"=C:\Windows\system32\userinit.exe, "scremoveoption"=0 "DisableCad"=1 "AutoAdminLogon"=0 "DefaultUserName"=Aralia "ShutdownWithoutLogon"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=iexplore.exe [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=iexplore.exe [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser ---------- | AppcompatFlags [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"=0x5341435001000000000000000700000028000000503E08002E3009000100000000000000000001060001000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006C7E081500000000CA020000CA020000 "C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe"=0x5341435001000000000000000200000028000000000000000000000000000000000000000000000000000000055D0000000000000800000008000000070000002800000080E01300917D1400010000000000000000000206F502000059193B14E312D1010000000000000000 "C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe"=0x5341435001000000000000000700000028000000686A0900F8830900010000000000000000000206F102000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000E3353F00000000000D0000000D000000 "C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE"=0x5341435001000000000000000700000028000000A83E0E000CD70E000100000000000000000003067120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000E39E0600000000001A0000001A000000 "SIGN.IE=01FB2D0 IE11-Windows6.1.exe"=0x5341435001000000000000000700000028000000D0B21F003EA4200001000000000000000000020600010000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000AB500100000000000100000001000000 "SIGN.IE=05A4340 adblockplusie-1.3.exe"=0x534143500100000000000000070000002800000040435A001E3A5B0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000B4200400000000000100000001000000 "SIGN.IE=062F180 ccsetup505.exe"=0x534143500100000000000000070000002800000080F16200359E630001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000170F6F00000000000100000001000000 "SIGN.IE=02714728 Firefox Setup 37.0.2.exe"=0x5341435001000000000000000700000028000000284771020000000001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000124B0A00000000000200000002000000 "SIGN.IE=013B168 wlsetup-web.exe"=0x534143500100000000000000070000002800000068B11300A415140001000000000000000000010671020000975FD891C99ECE0100000000000000000200000028000000000000000000005000000000000000000000000000000000083C3300000000000300000003000000 "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"=0x5341435001000000000000000700000028000000686312007736130003000000000000000000010671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000EB360400000000000300000003000000 "SIGN.IE=013B168 wlsetup-web (1).exe"=0x534143500100000000000000070000002800000068B11300A415140001000000000000000000010671020000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000071320500000000000100000001000000 "C:\Program Files (x86)\Windows Live\Mail\wlmail.exe"=0x5341435001000000000000000700000028000000786701001AAB01000100000000000000000001067122000019B4C529E312D1010000000000000000020000005000000000000000000000000000000000000000000000000000000031B11E010000000044050000440500000000000000000010000002000000000000000000000000000CDA6501000000001A02000000000000 "SIGN.IE=0548D0 capturei.exe"=0x5341435001000000000000000700000028000000D04805002D74050001000000000000000000000671020000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000009E7A0000000000000100000001000000 "C:\Users\Aralia\AppData\LocalLow\Adblock Plus for IE\update.msi"=0x534143500100000000000000070000002800000000000100FEC2010001000000000000000000010500100000EDA4DCB1B3BAD00100000000000000000200000028000000000000000000004000000000000000000000000000000000F2B10F00000000000300000003000000 "SIGN.IE=091D6CC0 avast_free_antivirus_setup.exe"=0x5341435001000000000000000700000028000000C06C1D090000000001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000C55F0300000000000100000001000000 "SIGN.IE=0156FB7 MaCalculatrice.exe"=0x5341435001000000000000000700000028000000B76F15000000000001000000000000000000010571000000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000050530A00000000000400000004000000 "SIGN.IE=0D5EF000 LibreOffice_4.4.2_Win_x86.msi"=0x534143500100000000000000070000002800000000FC0000FB41010001000000000000000000010500100000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000009F110E00000000000100000001000000 "C:\Program Files (x86)\LibreOffice 4\program\soffice.exe"=0x534143500100000000000000070000002800000020EB00000D1E01000100000000000000000003067122000019B4C529E312D10100000000000000000200000028000000000000000000001000000000000000000000000000000000067EC001000000004B0100004B010000 "C:\Program Files (x86)\LibreOffice 4\program\swriter.exe"=0x534143500100000000000000070000002800000020FD0000F0D001000100000000000000000003067122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D9F9D80100000000C2020000C2020000 "SIGN.IE=0534AD48 Nero_BurningROM2015_setup-16.0.02700_3p_trial.exe"=0x534143500100000000000000070000002800000048AD3405191E350501000000000000000000010671020000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000021330B00000000000100000001000000 "SIGN.IE=0B8570 Malavida_Download_Manager.exe"=0x534143500100000000000000070000002800000070850B001586316101000000000000000000020600010000975FD891C99ECE010000000000000000 "C:\Users\Aralia\AppData\Local\Chromium\Application\44.0.2397.0\Installer\setup.exe"=0x534143500100000000000000070000002800000000200E000000000003000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000005F137F00000000000100000001000000 "SIGN.IE=02808A8 revosetup.exe"=0x5341435001000000000000000700000028000000A8082800A0C6280001000000000000000000010600010000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000006760100000000000100000001000000 "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe"=0x5341435001000000000000000700000028000000303E30001B1231000100000000000000000002067122000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000100000000000000000000000007E441000000000001700000017000000 "C:\Windows\SysWOW64\FlashPlayerApp.exe"=0x5341435001000000000000000700000028000000F8170C00B42D0C0001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E10C0000000000000100000001000000 "SIGN.IE=0625DF Unlocker1.9.2.exe"=0x5341435001000000000000000700000028000000DF2506000000000001000000000000000000010600010000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000008F7A0000000000000100000001000000 "C:\Program Files\Unlocker\Unlocker.exe"=0x534143500100000000000000070000002800000000E80100000000000100000000000000000002067322000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000C64A0300000000001200000012000000 "SIGN.IE=01B836F0 vlc-2.2.1-win32.exe"=0x5341435001000000000000000700000028000000F036B8012E86B80101000000000000000000010600010000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000006B460100000000000100000001000000 "SIGN.IE=04D3DF0 XnView-win.exe"=0x5341435001000000000000000700000028000000F03D4D009C704D0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000005E850300000000000100000001000000 "C:\Program Files (x86)\XnView\xnview.exe"=0x5341435001000000000000000700000028000000D8C34F00863A50000100000000000000000003067120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000BFEB790700000000F5000000F5000000 "SIGN.IE=07AE088 TeamViewer_Setup_fr.exe"=0x534143500100000000000000070000002800000088E07A0025977B0001000000000000000000010600010000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000000A150100000000000100000001000000 "SIGN.MEDIA=26F72C7 Ez-DicomCDViewer.exe"=0x53414350010000000000000007000000280000004A255D000000000001000000000000000000010571000000975FD891C99ECE010000000000000000020000002800000000000000800000000014000000000000000000000000000053450400000000000100000001000000 "SIGN.MEDIA=2D5B542 Ez-DicomCDViewer.exe"=0x5341435001000000000000000700000028000000B0DA4500559B460001000000000000000000010671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C9030000000000000200000002000000 "C:\Program Files (x86)\Google\Drive\googledrivesync.exe"=0x534143500100000000000000070000002800000020F254010A26550101000000000000000000010671020000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000003AF40200000000000100000001000000 "SIGN.IE=018B200 AdwCleaner-5.004.exe"=0x534143500100000000000000070000002800000000B218000000000001000000000000000000030600210000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000484A0000000000000100000001000000 "SIGN.IE=018B200 adwcleaner_5.004.exe"=0x534143500100000000000000070000002800000000B218000000000001000000000000000000030600210000975FD891C99ECE01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001B850400000000000100000001000000 "SIGN.MEDIA=926FC MSETUP4.EXE"=0x534143500100000000000000070000002800000050150500752B05000100000000000000000001060021000019B4C529E312D10100000080000000000200000050000000000000000000000000000000000000000000000000000000998B1D00000000000200000001000000000000008000000000000000000000000000000000000000FA781A00000000000100000000000000 "C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe"=0x534143500100000000000000070000002800000058551D0026281E000100000000000000000001060021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000061990000000000000800000008000000 "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE"=0x53414350010000000000000007000000280000005815120043ED12000100000000000000000001060021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008AC8C503000000005000000050000000 "SIGN.IE=0195600 adwcleaner_5.007.exe"=0x5341435001000000000000000700000028000000005619000000000001000000000000000000030600210000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EF250500000000000100000001000000 "SIGN.IE=0217000 FRST64.exe"=0x5341435001000000000000000700000028000000007021004798210001000000000000000000030600210000B395E7CF049FCE01000000000000000002000000280000000000000000000040000000000000000000000000000000006A590A00000000000100000001000000 "SIGN.IE=0217000 FRST64 (1).exe"=0x5341435001000000000000000700000028000000007021004798210001000000000000000000030600210000B395E7CF049FCE010000000000000000020000002800000000000000000000400000000000000000000000000000000010C01800000000000100000001000000 "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000C83403003F8C03000100000000000000000003060001000059193B14E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000043D83208000000003404000034040000 "SIGN.IE=01737D10 mbam-setup-2.1.8.1057 (1).exe"=0x5341435001000000000000000700000028000000107D7301D31B7401010000000000000000000206000100006A920CE5B7BAD001000000000000000002000000280000000000000000000000000000000000000000000000000000004E702E00000000000100000001000000 "SIGN.IE=01737D10 mbam-setup-2.1.8.1057.exe"=0x5341435001000000000000000700000028000000107D7301D31B7401010000000000000000000206000100006A920CE5B7BAD0010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000043E70000000000000100000001000000 "SIGN.IE=0158AF0 GoogleChromePortable_45.0.2454.93_online.paf.exe"=0x5341435001000000000000000700000028000000F08A150042631600010000000000000000000106000100006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000020D90200000000000100000001000000 "SIGN.IE=0107530 unchecky_setup.exe"=0x53414350010000000000000007000000280000003075100058651100010000000000000000000306000100006A920CE5B7BAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000D6690000000000000100000001000000 "C:\Program Files\Canon\MyPrinter\BJMYDGN.EXE"=0x534143500100000000000000070000002800000048A5220047112300010000000000000000000106002100006A920CE5B7BAD00100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A5310200000000000100000001000000 "SIGN.IE=0217400 FRST64.exe"=0x5341435001000000000000000700000028000000007421009F36220001000000000000000000030600010000EDA4DCB1B3BAD00100000000000000000200000028000000000000000000004000000000000000000000000000000000B5AD1700000000000100000001000000 "SIGN.IE=0BC7B0 ReimageRepair.exe"=0x5341435001000000000000000700000028000000B0C70B0001860C0001000000000000000000000A002100006A920CE5B7BAD0010000000000000000020000002800000000000000000000400000000000000000000000000000000050180C00000000000100000001000000 "SIGN.IE=019AC00 adwcleaner_5.013.exe"=0x534143500100000000000000070000002800000000AC190000000000010000000000000000000306000100006A920CE5B7BAD00100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000620E0100000000000100000001000000 "SIGN.IE=015D8FD8 mbam-setup-2.2.0.1024.exe"=0x5341435001000000000000000700000028000000D88F5D01B6275E0101000000000000000000000A002100006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000043EFE600000000000200000002000000 "SIGN.IE=016F280 SkypeSetup.exe"=0x534143500100000000000000070000002800000080F216001540170001000000000000000000000A002100006A920CE5B7BAD0010000000000000000020000002800000000000000000000400000000000000000000000000000000069920400000000000100000001000000 "SIGN.IE=016F280 SkypeSetup (1).exe"=0x534143500100000000000000070000002800000080F216001540170001000000000000000000000A002100006A920CE5B7BAD0010000000000000000020000002800000000000000000000400000000000000000000000000000000074770300000000000100000001000000 "C:\Program Files (x86)\LibreOffice 4\program\sdraw.exe"=0x534143500100000000000000070000002800000020070100C42A010001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000003622D202000000002300000023000000 "C:\Users\Aralia\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x534143500100000000000000070000002800000000B21D001FD21D00010000000000000000000306000100006A920CE5B7BAD00100000000000000000200000028000000000000000000004000000000000000000000000000000000911F1D00000000000200000002000000 "SIGN.IE=0937578 TeamViewer_Setup_fr.exe"=0x5341435001000000000000000700000028000000787593003AF793000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000041C20100000000000200000002000000 "C:\Program Files (x86)\TeamViewer\TeamViewer.exe"=0x5341435001000000000000000700000028000000109B5B0133DE5B0101000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000096A50000000000000400000004000000 "C:\Users\Aralia\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C81A7B001C1B7B0001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\Aralia\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006A18030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C0200DEDE020001000000010000000000000A7122000019B4C529E312D1010000000000000000 "SIGN.IE=067D7C0 ccsetup_513.exe"=0x5341435001000000000000000700000028000000C0D76700144868000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000252DA900000000000100000001000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000A815830095B5830001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000012530000000000003000000030000000 "C:\Program Files (x86)\Toshiba TEMPRO\Tempro.exe"=0x534143500100000000000000070000002800000040280C0083840C0001000000000000000000000AF322000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F5E4B400000000000500000005000000 "SIGN.IE=0242C00 FRST64.exe"=0x5341435001000000000000000700000028000000002C2400A2A1240001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000021446200000000000200000002000000 "C:\Program Files\AVAST Software\Avast\setup\instup.exe"=0x534143500100000000000000070000002800000008DF0B000000000003000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B9B60100000000000200000002000000 "SIGN.IE=0123EE0 readerdc_fr_fb_install.exe"=0x5341435001000000000000000700000028000000E03E1200E33A13000100000000000000000001060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000100000000000000000000000000000A15D0000000000000100000001000000 "SIGN.IE=06174E8 wuinstall.exe"=0x5341435001000000000000000700000028000000E8746100241D620001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000554D0000000000000100000001000000 "SIGN.IE=04E3D08 spsetup128.exe"=0x5341435001000000000000000700000028000000083D4E00BA134F000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000004522500000000000200000002000000 "C:\Program Files\Speccy\Speccy64.exe"=0x534143500100000000000000070000002800000018296C003F596C0001000000000000000000000A7322000059193B14E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000060B06A00000000000200000002000000 "C:\Program Files\WinZip\WINZIP64.EXE"=0x5341435001000000000000000700000028000000E074660193ED660101000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000A420000000000000100000001000000 "SIGN.IE=0165480 SkypeSetup.exe"=0x5341435001000000000000000700000028000000805416009A8B160001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000003DDC0200000000000100000001000000 "C:\Program Files (x86)\LibreOffice 4\program\scalc.exe"=0x534143500100000000000000070000002800000020010100328C010001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000045540100000000000300000003000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D8E6100028D3110001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000087150100000000001000000010000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000B82621006CA121000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000051D00300000000001200000012000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C01702001B81020001000000000000000000000A6122000019B4C529E312D10100000000000000000200000028000000000000000000001000000000000000000000000000000000E66AD100000000000C0000000C000000 "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe"=0x534143500100000000000000070000002800000020291F004EEE1F0001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000009979B801000000001C0000001C000000 "C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe"=0x5341435001000000000000000700000028000000033D04005414D2010300000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A56C0000000000000100000001000000 "SIGN.IE=01D1E838 vlc-2.2.4-win32.exe"=0x534143500100000000000000070000002800000038E8D1015414D2010100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000042520100000000000100000001000000 "SIGN.IE=01B20E08 4kvideodownloader_4.1.exe"=0x5341435001000000000000000700000028000000080EB2016079B20101000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000B8BB1200000000000200000002000000 "SIGN.IE=09EFC72 free-youtube-downloader-installer.exe"=0x534143500100000000000000070000002800000072FC9E00000000000100000000000000000000067100000019B4C529E312D10100000000000000000200000028000000000000000008004000000000000000000000000000000000CAE20100000000000200000002000000 "SIGN.IE=0278EA30 FreeYouTubeDownload.exe"=0x534143500100000000000000070000002800000030EA780297AD790201000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000B5DC0D00000000000100000001000000 "C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe"=0x5341435001000000000000000700000028000000484207007851070001000000000000000000000A8021000059193B14E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000029F18300000000000100000001000000 "SIGN.IE=03B290 Firefox Setup Stub 47.0.exe"=0x534143500100000000000000070000002800000090B20300A20F04000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000AB810500000000000100000001000000 "C:\Program Files (x86)\Unchecky\unchecky.exe"=0x5341435001000000000000000700000028000000B8611C004C871C000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000022870000000000000200000002000000 "SIGN.IE=048600 Unlocker_Portable_1.9.2_32-64_Multilingual.exe"=0x534143500100000000000000070000002800000000860400000000000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000077E10000000000000100000001000000 "SIGN.IE=010753F Unlocker1.9.2.exe"=0x53414350010000000000000007000000280000003F751000000000000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000060AE0000000000000100000001000000 "C:\Users\Aralia\AppData\Local\Songr\Songr.exe"=0x534143500100000000000000070000002800000000C608000000000001000000000000000000000AF122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000028022D00000000000200000002000000 "C:\Program Files (x86)\Unchecky\uninstall.exe"=0x5341435001000000000000000700000028000000B8FD0900CA6F0A000300000000000000000003060001000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000080000000000000008000000000008B510000000000000100000001000000010000000400000001000000 "SIGN.IE=0CBE320 iobituninstaller.exe"=0x534143500100000000000000070000002800000020E3CB00786DCC000100000000000000000001060001000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005C510000000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\updater.exe"=0x5341435001000000000000000700000028000000C8990400B675050001000000000000000000000A0021000019B4C529E312D1010000008000000000020000002800000000000000000000400000000000000000000000000000000061580000000000000100000001000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x534143500100000000000000070000002800000048670E00A35F0F0001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8FB05008B07060001000000000000000000000A0021000019B4C529E312D1010000000100000000 "SIGN.IE=021D400 ZHPDiag3.exe"=0x534143500100000000000000070000002800000000D42100FB0022000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000A6E20200000000000200000002000000 "C:\Users\Aralia\AppData\Roaming\ZHP\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000D42100FB0022000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000046050200000000000100000001000000 "C:\Users\Aralia\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000EC210087A022000100000000000000000003060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BC059100000000000200000002000000 "C:\Program Files\7-Zip\Uninstall.exe"=0x5341435001000000000000000700000028000000003A00000000000003000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000032240000000000000100000001000000 "SIGN.IE=01508F6 7z1602-x64.exe"=0x5341435001000000000000000700000028000000F60815000000000001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000009C560000000000000100000001000000 "C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000541400AEF1140001000000010000000000000A0021000059193B14E312D1010000000000000000 "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000E0759700E487970001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000000B82200000000000200000002000000 "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"=0x53414350010000000000000007000000280000006A090B000000000003000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000066380000000000000100000001000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000B0C48700867D880001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000050050000000000000400000004000000 "C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x534143500100000000000000070000002800000080369301D65F930101000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F7D43B01000000000500000005000000 "C:\Users\Aralia\Downloads\TomTomHOME2winlatest.exe"=0x5341435001000000000000000700000028000000E8B2DA016566DB010100000000000000000001060001000019B4C529E312D10100000000000000000200000050000000000000000000000000000000000000000000000000000000A81B0300000000000100000001000000000000000000004000000000000000000000000000000000053B0000000000000100000000000000 "C:\Program Files (x86)\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0840C00AA250D0001000000010000000000000A0021000019B4C529E312D1010000000000000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0740C00B1CA0C0001000000010000000000000A0021000059193B14E312D1010000000000000000 "C:\Users\Aralia\Downloads\WOT-latest-fr-x64.msi"=0x53414350010000000000000007000000280000000002010066CD01000100000000000000000001050010000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000DA160200000000000100000001000000 "C:\Users\Aralia\Downloads\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000D42100FB0022000100000000000000000003060001000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001F640200000000000300000003000000 "C:\Users\Aralia\Desktop\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000D42100FB0022000100000000000000000003060001000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000002C751B00000000000500000005000000 "C:\Users\Aralia\Desktop\ZHPFix.exe"=0x534143500100000000000000070000002800000051BC35000000000001000000000000000000000A4122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000CC4E0000000000000100000001000000 "C:\Program Files (x86)\ZHPFix\ZHPhep.exe"=0x534143500100000000000000070000002800000000421D00000000000100000000000000000002067122000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000006CF00300000000000100000001000000 "C:\Users\Aralia\Desktop\FRST64.exe"=0x5341435001000000000000000700000028000000007C24009C86240001000000000000000000000A0021000059193B14E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000003E3B0B00000000000200000002000000 "C:\Users\Aralia\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A8E12000B5A1210001000000000000000000000A0021000019B4C529E312D1010000000000000000 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"=32 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=130957684527767852 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=0 "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0xF6B882D5732CD001 "DisableAntiVirus"=0 "OOBEInstallTime"=0x0CBF7C3C5241D101 "OneTimeSqmDataSent"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts 127.0.0.1 localhost ::1 localhost # unchecky_begin # These rules were added by the Unchecky program in order to block advertising software modules 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com [61] More lines ---------- | @ [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Cache_Update_Frequency"=Once_Per_Session "Local Page"=C:\WINDOWS\system32\blank.htm "Search Page"=http://www.google.com "NoUpdateCheck"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=https://www.google.fr/ "ImageStoreRandomFolder"=oi637cm "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0xFC8F4C99BEDDD101 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB0010000960000003004000076020000 "FormSuggest Passwords"=yes "Search Bar"=Preserve "ScriptDebugger_EnableHiddenTabs"=0 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "StatusBarWeb"=1 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "DisableRequiresActiveXPrompt"= "GotoIntranetSiteForSingleWordEntry"=0 "AutoSearch"=1 "SuppressScriptDebuggerDialog"=0 "PredictedViewExpansion"=100 "PredictedViewChangeThreshold"=10 "PredictedViewChangeThresholdPaint"=10 "ContentLayerCacheExpansion"=300 "RenderingLoopMaxTime"=250 "NscSingleExpand"=0 "Error Dlg Displayed On Every Error"=no "NotifyDownloadComplete"=yes "Friendly http errors"=yes "CSS_Compat"=doctype "Expand Alt Text"=no "Display Inline Videos"=1 "Print_Background"=no "Use Stylesheets"=1 "SmoothScroll"=1 "Show image placeholders"=0 "Disable Diagnostics Mode"=no "Move System Caret"=no "Enable AutoImageResize"=yes "UseThemes"=1 "UseHR"=0 "Q300829"=0 "Cleanup HTCs"=0 "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "JScriptProfileCacheEventDelay"=5000 "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "ScrollTimeoutInMS"=6000 "IE10RunOnceLastShown"=0 "IE10TourNoShow"=0 "IE10TourShown"=0 "IE10RecommendedSettingsNo"=0 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "HangRecovery"=1 "DesktopTransparentCoverWindowTime"=8 "TSEnable"=1 "Isolation64Bit"=0 "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "FrameShutdownDelay"=0 "MinIEEnabled"=1 "FormSuggest PW Ask"=yes "RefcountTracker"=0 "TabDragOnSingleProc"=0 "ForceBFCacheCandidacyPass"=0 "Fasterback"=1 "BackForwardInstrumentation"=0 "DisableFirstRunCustomize"=3 "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF82000000820000006A0400002C020000 "Default_Secondary_Page_URL"=http://toshiba.eu/symbaloo_c "IE10RunOnceLastShown_TIMESTAMP"=0x6D2287A999CDD101 "Isolation"=PMIL "RunSpartanBrowser"=0 "UseSWRender"=0 "DoNotTrack"=0 "Check_Associations"=yes "HideLocalHostIP"=0 "AutoHide"=yes "EdgeSwitchingOSBuildNumber"=10586.th2_release_sec.160630-1736 [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x4DFFC447CE4DD101 "EmailName"=IEUser@ "AutoConfigProxy"=wininet.dll "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "WarnOnPost"=0x01000000 "UseSchannelDirectly"=0x01000000 "EnableHttp1_1"=1 "UrlEncoding"=0 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "EnableAutodial"=0 "NoNetAutodial"=0 "ProxyHttp1.1"=1 "EnableSPDY3_0"=1 "BackgroundConnections"=1 "EnableSSL3Fallback"=1 "EnablePunycode"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "SyncMode5"=4 "PrivDiscUiShown"=1 "WarnOnIntranet"=1 "EnableHTTP2"=1 "DisableIDNPrompt"=0 "WarnOnPostRedirect"=1 "WarnonBadCertRecving"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "DisableRandomFlighting"=0 "EnableLegacyEdgeSwitching"=1 "Start Page"=http://www.google.com "TabProcGrowth"=Medium "DoNotTrack"=1 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://www.google.com "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | SSODL | SEH | URLSH | STS ---------- | Toolbar [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100002001800000001000000000700005E01000007000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000466557714D35C941AAE831F2EC22BF0D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=0xB1C218236549D4119B18009027A5CD4F "ITBar7Height"=47 "ITBar7Layout64"=0x13000000000000000000000004000000100002000000000001000000000000005E010000060000000801000000000000070000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1C218236549D4119B18009027A5CD4F466557714D35C941AAE831F2EC22BF0D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=0x466557714D35C941AAE831F2EC22BF0D [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "DownloadRetries"=4 "Version"=5 "UpgradeTime"=0x3F061FA0AC32D101 "DefaultPackCorrection"=1 "DoNotAskAgain"=yahoo.com "DefaultPackNTCorrection"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00 "{71576546-354D-41c9-AAE8-31F2EC22BF0D}"=WOT [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00 "{71576546-354D-41c9-AAE8-31F2EC22BF0D}"=WOT [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DoNotAskAgain"=yahoo.com "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] : () - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] : () - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101) - [] ---------- | SearchScopes [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{666133BA-EAD7-412A-A9BD-3350F46C8FF7}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{666133BA-EAD7-412A-A9BD-3350F46C8FF7}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{666133BA-EAD7-412A-A9BD-3350F46C8FF7}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TEJB : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> (Google Toolbar Helper) : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [06/05/2015 06:43:41] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}] -> (WOT Helper) : C:\Program Files (x86)\WOT\WOT.dll [09/06/2015 09:51:44] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}] -> (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [23/09/2015 03:14:22] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}] -> (Evernote extension) : C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [13/05/2014 16:22:56] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> (Google Toolbar Helper) : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [06/05/2015 06:43:41] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}] -> (WOT Helper) : C:\Program Files (x86)\WOT\WOT.dll [09/06/2015 09:51:44] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}] -> (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [23/09/2015 03:14:22] ---------- | Chrome C:\Users\Aralia\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\bhmmomiinigofkjcapegjjndpbikblnp = : __MSG_ext_description__ - short_name: Web of Trust - http://clients2.google.com/service/update2/crx C:\Users\Aralia\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx C:\Users\Aralia\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : Avast SafePrice - safe shopping extension. - Avast SafePrice - https://clients2.google.com/service/update2/crx C:\Users\Aralia\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - https://clients2.google.com/service/update2/crx C:\Users\Aralia\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\kngglkijfekbhidmchmlfmpkdffmedob = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx C:\Users\Aralia\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl = : Quickly access Skype for Web and Share on Skype through your browser - Skype - https://clients2.google.com/service/update2/crx C:\Users\Aralia\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl] ---------- | Opera ---------- | Firefox C:\Users\Aralia\AppData\Roaming\Mozilla\Firefox\Profiles\f2ebo9oy.default-1466721704570\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} : : WOT - : http://www.mywot.com/ C:\Users\Aralia\AppData\Roaming\Mozilla\Firefox\Profiles\f2ebo9oy.default-1466721704570\Extensions\{91A6D6AB-3E9A-4C00-A3CF-B08CBE803A2E}.xpi C:\Users\Aralia\AppData\Roaming\Mozilla\Firefox\Profiles\f2ebo9oy.default-1466721704570\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi C:\Users\Aralia\AppData\Roaming\Mozilla\Firefox\Profiles\f2ebo9oy.default-1466721704570\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin] - (Google Talk Plugin) : C:\Users\Aralia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\MozillaPlugins\@talk.google.com/O1DPlugin] - (Google Talk Plugin Video Renderer) : C:\Users\Aralia\AppData\Roaming\Mozilla\plugins\npo1d.dll [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Users\Aralia\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Users\Aralia\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 21.0.0.182 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 21.0.0.182 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@canon.com/EPPEX] - (Canon Easy-PhotoPrint EX) : C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\Aralia\AppData\Roaming\Mozilla\Firefox\Profiles\f2ebo9oy.default-1466721704570\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20160623154057"); user_pref("browser.startup.homepage_override.mstone", "47.0.1"); user_pref("extensions.adblockplus.currentVersion", "2.7.3"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1468723063366,\"softExpiration\":1468795386767,\"hardExpiration\":1468872283184,\"data\":{\"notifications\":[],\"version\":\"201607162004\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":11}"); user_pref("extensions.avastwrc.settings", "{\"current\":{\"callerId\":2018,\"userId\":\"16238bf02ea3e5332c758f47380ab5d2\",\"edition\":0,\"lastApplicationEventSent\":1468699472958},\"features\":{\"phishing\":true,\"dnt\":true,\"dntSocial\":false,\"dntAdTracking\":false,\"dntWebAnalytics\":false,\"dntOthers\":false,\"siteCorrect\":true,\"siteCorrectAuto\":false,\"safeZone\":false,\"communityIQ\":true,\"serp\":true,\"serpPopup\":true},\"siteCorrect\":{\"declined\":{}},\"safeZone\":{\"declined\":{}},\"phishing\":{\"trusted\":{}}}"); user_pref("extensions.avastwrc.whiteList", "{\"trk\":{\"apps.facebook.com\":{\"703\":false},\"avast.com\":{\"779\":false}}}"); user_pref("extensions.blocklist.pingCountTotal", 15); user_pref("extensions.blocklist.pingCountVersion", 11); user_pref("extensions.bootstrappedAddons", "{\"{91A6D6AB-3E9A-4C00-A3CF-B08CBE803A2E}\":{\"version\":\"5.20.3.1-signed\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\extensions\\\\{91A6D6AB-3E9A-4C00-A3CF-B08CBE803A2E}.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false},\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":{\"version\":\"5.6.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.7.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\features\\\\{2db9e329-62f6-47fc-8d21-21f1c0a32834}\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@getpocket.com\":{\"version\":\"1.0.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\features\\\\{2db9e329-62f6-47fc-8d21-21f1c0a32834}\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"loop@mozilla.org\":{\"version\":\"1.4.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\features\\\\{2db9e329-62f6-47fc-8d21-21f1c0a32834}\\\\loop@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"version\":\"8.3.0.9150\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false},\"wrc@avast.com\":{\"version\":\"10.3.3.44\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\",\"multiprocessCompatible\":false,\"runInSafeMode\":false}}"); user_pref("extensions.databaseSchema", 17); user_pref("extensions.display_notification", false); user_pref("extensions.dwhelper.last-version", "5.6.1"); user_pref("extensions.dwhelper.need-prefs-migration", false); user_pref("extensions.dwhelper.scrap.state", "stopped"); user_pref("extensions.dwhelper.toolbar-button", "maincomp"); user_pref("extensions.dwhelper.tpsr.state", "stopped"); user_pref("extensions.e10sBlockedByAddons", true); user_pref("extensions.enabledAddons", "%7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20151208,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:47.0.1"); user_pref("extensions.getAddons.cache.lastUpdate", 1468699777); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20160106.01"); user_pref("extensions.lastAppVersion", "47.0.1"); user_pref("extensions.lastPlatformVersion", "47.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.skype_ff_extension.installedVersion", "8.3.0.9150"); user_pref("extensions.sp@avast.com.sdk.baseURI", "resource://sp-at-avast-dot-com/"); user_pref("extensions.sp@avast.com.sdk.domain", "sp-at-avast-dot-com"); user_pref("extensions.sp@avast.com.sdk.load.reason", "enable"); user_pref("extensions.sp@avast.com.sdk.rootURI", "file:///C:/Program%20Files/AVAST%20Software/Avast/SafePrice/FF/"); user_pref("extensions.sp@avast.com.sdk.version", "10.3.5.39"); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{2db9e329-62f6-47fc-8d21-21f1c0a32834}\",\"addons\":{\"e10srollout@mozilla.org\":{\"version\":\"1.0\"},\"firefox@getpocket.com\":{\"version\":\"1.0.2\"},\"loop@mozilla.org\":{\"version\":\"1.4.2\"}}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.wrc@avast.com.sdk.baseURI", "resource://wrc-at-avast-dot-com/"); user_pref("extensions.wrc@avast.com.sdk.domain", "wrc-at-avast-dot-com"); user_pref("extensions.wrc@avast.com.sdk.load.reason", "startup"); user_pref("extensions.wrc@avast.com.sdk.rootURI", "file:///C:/Program%20Files/AVAST%20Software/Avast/WebRep/FF/"); user_pref("extensions.wrc@avast.com.sdk.version", "10.3.3.44"); user_pref("extensions.xpiState", "{\"app-profile\":{\"{91A6D6AB-3E9A-4C00-A3CF-B08CBE803A2E}\":{\"d\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\extensions\\\\{91A6D6AB-3E9A-4C00-A3CF-B08CBE803A2E}.xpi\",\"e\":true,\"v\":\"5.20.3.1-signed\",\"st\":1466723709358},\"{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\":{\"d\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\extensions\\\\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\",\"e\":true,\"v\":\"20151208\",\"st\":1467740770706,\"mt\":1467740731371},\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":{\"d\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi\",\"e\":true,\"v\":\"5.6.1\",\"st\":1466727129310},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.7.3\",\"st\":1466727442444}},\"app-system-addons\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\features\\\\{2db9e329-62f6-47fc-8d21-21f1c0a32834}\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1468274174871},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\features\\\\{2db9e329-62f6-47fc-8d21-21f1c0a32834}\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.2\",\"st\":1468274175990},\"loop@mozilla.org\":{\"d\":\"C:\\\\Users\\\\Aralia\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\f2ebo9oy.default-1466721704570\\\\features\\\\{2db9e329-62f6-47fc-8d21-21f1c0a32834}\\\\loop@mozilla.org.xpi\",\"e\":true,\"v\":\"1.4.2\",\"st\":1468274177238}},\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":false,\"v\":\"1.0\",\"st\":1467445858871},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":false,\"v\":\"1.0.2\",\"st\":1467445858857},\"loop@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\loop@mozilla.org.xpi\",\"e\":false,\"v\":\"1.3.2\",\"st\":1465096182256}},\"app-global\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi\",\"e\":true,\"v\":\"8.3.0.9150\",\"st\":1464161860000},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"47.0.1\",\"st\":1467445858881}},\"winreg-app-global\":{\"wrc@avast.com\":{\"d\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\",\"e\":true,\"v\":\"10.3.3.44\",\"st\":1467446212237,\"mt\":1467446161101},\"sp@avast.com\":{\"d\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\SafePrice\\\\FF\",\"e\":false,\"v\":\"10.3.5.39\",\"st\":1465253928370,\"mt\":1467446158346}}}"); user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.baseURI", "resource://82af8dca-6de9-405d-bd5e-43525bdad38a/"); user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.domain", "82af8dca-6de9-405d-bd5e-43525bdad38a"); user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.load.reason", "startup"); user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.rootURI", "jar:file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox/browser/extensions/%7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D.xpi!/"); user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.sdk.version", "8.3.0.9150"); user_pref("extensions.{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.sdk.baseURI", "resource://b9db16a4-6edc-47ec-a1f4-b86292ed211d/"); user_pref("extensions.{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.sdk.domain", "b9db16a4-6edc-47ec-a1f4-b86292ed211d"); user_pref("extensions.{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.sdk.load.reason", "startup"); user_pref("extensions.{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.sdk.rootURI", "jar:file:///C:/Users/Aralia/AppData/Roaming/Mozilla/Firefox/Profiles/f2ebo9oy.default-1466721704570/extensions/%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D.xpi!/"); user_pref("extensions.{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.sdk.version", "5.6.1"); user_pref("weboftrust.extension_id", "d3ea28642971029a723fab88d3a6acfd91107f8b"); ---------- | Active Connections TCP 192.168.1.28:49671 r-148-58-45-5.ff.avast.com:http CLOSE_WAIT 1956 TCP 192.168.1.28:49690 lon01.ff.avast.com:http ESTABLISHED 1956 TCP 192.168.1.28:49702 msnbot-191-232-139-118.search.msn.com:https ESTABLISHED 4756 TCP 192.168.1.28:50063 full-cdn-01.cluster007.ovh.net:http CLOSE_WAIT 3980 TCP 192.168.1.28:50064 full-cdn-01.cluster007.ovh.net:http CLOSE_WAIT 3980 TCP 192.168.1.28:50098 ns3016129.ip-149-202-79.eu:https CLOSE_WAIT 3980 TCP 192.168.1.28:50099 ns3016129.ip-149-202-79.eu:https CLOSE_WAIT 3980 TCP 192.168.1.28:50100 ns3016129.ip-149-202-79.eu:https CLOSE_WAIT 3980 TCP 192.168.1.28:50101 ns3016129.ip-149-202-79.eu:https CLOSE_WAIT 3980 TCP 192.168.1.28:50102 ns3016129.ip-149-202-79.eu:https CLOSE_WAIT 3980 TCP 192.168.1.28:50103 ns3016129.ip-149-202-79.eu:https CLOSE_WAIT 3980 TCP [2a01:e34:ef38:1a90:18b4:e811:5794:7482]:50014 wb-in-x5f.1e100.net:http CLOSE_WAIT 3980 TCP [2a01:e34:ef38:1a90:18b4:e811:5794:7482]:50015 wb-in-x5f.1e100.net:http CLOSE_WAIT 3980 TCP [2a01:e34:ef38:1a90:18b4:e811:5794:7482]:50020 [2400:cb00:2048:1::c629:d742]:http CLOSE_WAIT 3980 TCP [2a01:e34:ef38:1a90:18b4:e811:5794:7482]:50021 [2400:cb00:2048:1::c629:d742]:http CLOSE_WAIT 3980 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{29457d79-d8d0-4249-8764-d4626dd54dee}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{fca91d8e-c4f9-4803-adb3-ccfa35d9fdc3}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{29457d79-d8d0-4249-8764-d4626dd54dee}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{fca91d8e-c4f9-4803-adb3-ccfa35d9fdc3}] "DhcpNameServer"=192.168.1.1 192.168.1.1 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\xnview.exe] : "C:\Program Files (x86)\XnView\xnview.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\xnview.exe] : "C:\Program Files (x86)\XnView\xnview.exe" "%1" ---------- | Svchost - Netsvcs (Whitelisted) NetSetupSvc - %SystemRoot%\System32\NetSetupSvc.dll : %SystemRoot%\System32\svchost.exe -k netsvcs UserManager - %SystemRoot%\System32\usermgr.dll : %SystemRoot%\system32\svchost.exe -k netsvcs ---------- | Software [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\4kdownload.com] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\7-Zip] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\AdblockPlus] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Adobe] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\antiufo] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\AppDataLow] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\ATI] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\AVAST Software] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Borland] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Canon] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Clients] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\CyberLink] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Google] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Haali] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\IM Providers] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\LAV] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Macromedia] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\malavida] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Mozilla] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\MozillaPlugins] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\MPC-HC] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Nero] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Netscape] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Nico Mak Computing] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Piriform] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Policies] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\QtProject] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Realtek] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\RegisteredApplications] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Skype] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Synaptics] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\SyncEngines] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\sysinternals] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\TeamViewer] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\The Document Foundation] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\TomTom] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Toshiba] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Trolltech] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Unchecky] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\VSRevoGroup] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\WinZip Computing] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Wow6432Node] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\AppDataLow\Software\Against Intuition] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\Adblock Plus for IE] [HKLM\Software\AMD] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\Borland] [HKLM\Software\Broadcom] [HKLM\Software\Canon] [HKLM\Software\Clients] [HKLM\Software\Cyberlink] [HKLM\Software\Dell] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\IM Providers] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Macromedia] [HKLM\Software\McAfee.com] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Network Associates] [HKLM\Software\Nico Mak Computing] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\SonicFocus] [HKLM\Software\SRS Labs] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\Toshiba] [HKLM\Software\Toshiba Tempro] [HKLM\Software\ToshibaBlobDelivery] [HKLM\Software\Waves Audio] [HKLM\Software\WOW6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wswpnservice] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Borland] [HKLM\Software\WOW6432Node\Canon] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\DigitalWave] [HKLM\Software\WOW6432Node\DTS] [HKLM\Software\WOW6432Node\DTS, Inc.] [HKLM\Software\WOW6432Node\Evernote] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\HaaliMkx] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lake] [HKLM\Software\WOW6432Node\LibreOffice] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nero] [HKLM\Software\WOW6432Node\Network Associates] [HKLM\Software\WOW6432Node\Nico Mak Computing] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\TeamViewer] [HKLM\Software\WOW6432Node\The Document Foundation] [HKLM\Software\WOW6432Node\TomTom] [HKLM\Software\WOW6432Node\TOSHIBA] [HKLM\Software\WOW6432Node\Toshiba Corporation] [HKLM\Software\WOW6432Node\Unchecky] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\WildTangent] [HKLM\Software\WOW6432Node\XnView] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives H: [24/09/2014 11:32:43] - |SH| - (.-.) - [85] - (0.0.0.0) - H:\desktop.ini G: F: E: ---------- | C: [10/01/2015 03:28:31] - |SHD| - [960] - C:\$RECYCLE.BIN [10/06/2015 20:38:37] - |D| - [140135120] - C:\33958184c2521822f5fb5918 [14/10/2015 00:55:25] - |D| - [143481208] - C:\88adb500c62648c21b [22/06/2016 15:37:07] - |D| - [989266] - C:\AdwCleaner [MD5.55272FE96AD87017755FD82F7928FDA0] - [22/08/2013 17:44:03] - |RASH| - (.-.) - [398356] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [22/08/2013 17:44:04] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [30/07/2015 23:51:49] - |SHD| - [0] - C:\Documents and Settings [04/02/2016 17:33:44] - |D| - [111384642] - C:\FRST [MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/12/2015 11:07:39] - |ASH| - (.-.) - [1486974976] - (0.0.0.0) - C:\hiberfil.sys [10/09/2015 07:53:54] - |D| - [13201408] - C:\Logs [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/05/2015 18:32:45] - |ASH| - (.-.) - [738197504] - (0.0.0.0) - C:\pagefile.sys [30/10/2015 09:24:24] - |D| - [0] - C:\PerfLogs [30/10/2015 08:28:30] - |RD| - [3225866527] - C:\Program Files [30/10/2015 08:28:30] - |RD| - [3492885769] - C:\Program Files (x86) [30/10/2015 09:24:24] - |HD| - [3748907580] - C:\ProgramData [17/07/2016 10:18:57] - |D| - [262073] - C:\QuickDiag [MD5.EB73025871513D911953D4D53CBECDBE] - [17/07/2016 10:19:28] - |A| - (.-.) - [169918] - (0.0.0.0) - C:\QuickDiag.txt [28/12/2015 10:39:55] - |SHD| - [971] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/05/2015 18:32:46] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [15/09/2014 19:48:16] - |SHD| - [0] - C:\System Volume Information [09/09/2014 20:12:39] - |AD| - [97599] - C:\Toshiba [30/10/2015 08:28:30] - |RD| - [138314731434] - C:\Users [30/10/2015 08:28:30] - |D| - [28829027614] - C:\Windows ---------- | C:\WINDOWS [30/10/2015 09:24:24] - |D| - [802] - C:\WINDOWS\addins [22/08/2013 17:36:31] - |D| - [0] - C:\WINDOWS\ADFS [30/10/2015 09:24:24] - |D| - [20133174] - C:\WINDOWS\appcompat [30/10/2015 09:24:24] - |D| - [12671694] - C:\WINDOWS\AppPatch [30/10/2015 09:24:24] - |D| - [0] - C:\WINDOWS\AppReadiness [30/10/2015 09:24:24] - |RD| - [851621792] - C:\WINDOWS\assembly [MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/12/2015 10:47:54] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin [MD5.7EFB1577EFBD72521E670188AA546C7D] - [02/07/2016 09:56:19] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.1.3076.0) - C:\WINDOWS\avastSS.scr [30/10/2015 09:24:24] - |D| - [241412] - C:\WINDOWS\bcastdvr [MD5.DE3C720C11A91557E1DFDFF0DB2AA3C2] - [30/10/2015 09:17:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61952] - (10.0.10586.0) - C:\WINDOWS\bfsvc.exe [MD5.7FDE6771C64AC3B14FEE4997509D1735] - [08/09/2014 18:38:13] - |A| - (.-.) - [2359350] - (0.0.0.0) - C:\WINDOWS\Bluestream.bmp [30/10/2015 09:24:24] - |D| - [32730625] - C:\WINDOWS\Boot [MD5.B748DAB2B47C6EAA5A2BB1648BE9F24A] - [28/12/2015 10:43:05] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [30/10/2015 09:24:24] - |D| - [2384472] - C:\WINDOWS\Branding [30/10/2015 09:11:39] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.F59060E298148DE24DEBB3E8321C4407] - [30/10/2015 21:03:30] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.0505315076F50DE128B8256927B94722] - [18/03/2014 11:38:12] - |A| - (.-.) - [35851] - (0.0.0.0) - C:\WINDOWS\CoreConnectedSingleLanguage.xml [MD5.6A0E063E56DC78B0B83BF5E33E945A4A] - [09/09/2014 20:12:55] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\CSUP.TXT [30/10/2015 09:24:24] - |D| - [8970858] - C:\WINDOWS\Cursors [30/10/2015 09:24:24] - |D| - [13121437] - C:\WINDOWS\debug [30/10/2015 09:24:24] - |RD| - [21974] - C:\WINDOWS\DesktopTileResources [30/10/2015 09:24:24] - |RD| - [3037040] - C:\WINDOWS\DevicesFlow [MD5.F955ACDA319098480A9387D86E179232] - [20/09/2015 02:07:03] - |A| - (.-.) - [19053] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [30/10/2015 09:24:24] - |D| - [4493044] - C:\WINDOWS\diagnostics [MD5.F955ACDA319098480A9387D86E179232] - [20/09/2015 02:07:03] - |A| - (.-.) - [19053] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [30/10/2015 21:00:07] - |D| - [0] - C:\WINDOWS\DigitalLocker [30/10/2015 09:24:24] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [30/10/2015 09:24:24] - |HD| - [44568] - C:\WINDOWS\ELAMBKUP [30/10/2015 21:00:07] - |D| - [116736] - C:\WINDOWS\en-US [MD5.E396258CFD8F84E8F2C24930E6D88C67] - [13/07/2016 13:58:14] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4515256] - (10.0.10586.494) - C:\WINDOWS\explorer.exe [30/10/2015 09:24:24] - |RSD| - [398097686] - C:\WINDOWS\Fonts [30/10/2015 21:00:07] - |D| - [134144] - C:\WINDOWS\fr-FR [30/10/2015 09:24:24] - |D| - [20838848] - C:\WINDOWS\Globalization [30/10/2015 09:24:24] - |D| - [3105174] - C:\WINDOWS\Help [MD5.430DE1635CE173440D34ABA1676113D7] - [13/07/2016 13:56:42] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [994816] - (10.0.10586.494) - C:\WINDOWS\HelpPane.exe [MD5.C7228F24B9130C64DCF4C390A04A775C] - [30/10/2015 09:17:54] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.10586.0) - C:\WINDOWS\hh.exe [30/10/2015 09:24:24] - |D| - [173197918] - C:\WINDOWS\IME [30/10/2015 09:24:24] - |RD| - [6847709] - C:\WINDOWS\ImmersiveControlPanel [30/10/2015 09:21:47] - |D| - [64971361] - C:\WINDOWS\INF [30/10/2015 09:24:24] - |D| - [931024796] - C:\WINDOWS\InfusedApps [30/10/2015 09:24:24] - |D| - [36258450] - C:\WINDOWS\InputMethod [30/10/2015 09:24:24] - |SHD| - [1906002265] - C:\WINDOWS\Installer [30/10/2015 09:24:24] - |D| - [89407] - C:\WINDOWS\L2Schemas [30/10/2015 09:24:24] - |D| - [7359004] - C:\WINDOWS\LiveKernelReports [30/10/2015 08:31:03] - |D| - [37268954] - C:\WINDOWS\Logs [30/10/2015 09:24:24] - |RSD| - [20176750] - C:\WINDOWS\Media [22/08/2013 17:36:31] - |D| - [1619968] - C:\WINDOWS\MediaViewer [MD5.23AF90D2355D8C83AA4567EF1763B467] - [30/10/2015 09:17:40] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [30/10/2015 09:24:24] - |D| - [782747377] - C:\WINDOWS\Microsoft.NET [30/10/2015 09:24:24] - |D| - [2371] - C:\WINDOWS\Migration [30/10/2015 09:24:24] - |RD| - [474897] - C:\WINDOWS\MiracastView [30/10/2015 09:24:24] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.60336413E419C2EA5E215F1A32061E40] - [30/10/2015 09:19:28] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [244736] - (10.0.10586.0) - C:\WINDOWS\notepad.exe [30/10/2015 21:00:47] - |D| - [199124] - C:\WINDOWS\OCR [10/01/2015 04:22:43] - |D| - [5370972] - C:\WINDOWS\OemDrv [30/10/2015 09:24:24] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [28/12/2015 10:39:50] - |DC| - [155596541] - C:\WINDOWS\Panther [30/10/2015 09:24:24] - |D| - [29291608] - C:\WINDOWS\Performance [MD5.88E5F27A9938577615551678B1752BFB] - [12/07/2016 02:03:58] - |A| - (.-.) - [1448] - (0.0.0.0) - C:\WINDOWS\PFRO.log [30/10/2015 09:24:24] - |D| - [1283900] - C:\WINDOWS\PLA [30/10/2015 09:24:24] - |D| - [3159650] - C:\WINDOWS\PolicyDefinitions [28/12/2015 10:42:12] - |D| - [16463767] - C:\WINDOWS\Prefetch [30/10/2015 09:24:24] - |RD| - [1963312] - C:\WINDOWS\PrintDialog [30/10/2015 09:24:24] - |D| - [1297393] - C:\WINDOWS\Provisioning [31/10/2015 14:29:47] - |D| - [73728] - C:\WINDOWS\pss [30/10/2015 09:24:24] - |RD| - [775095] - C:\WINDOWS\PurchaseDialog [MD5.D9D56AFAA121BD6B4206F7FF3DA84BBA] - [30/10/2015 09:17:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [320512] - (10.0.10586.0) - C:\WINDOWS\regedit.exe [30/10/2015 09:24:24] - |D| - [1117876] - C:\WINDOWS\Registration [30/10/2015 09:24:24] - |D| - [3426280] - C:\WINDOWS\rescache [30/10/2015 09:24:24] - |D| - [4227771] - C:\WINDOWS\Resources [MD5.FFC77870402F6DDD5BB8172C6A55DFB3] - [10/01/2015 03:36:22] - |A| - (.Copyright (C) 2014 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2080472] - (1.0.5.3) - C:\WINDOWS\RtlExUpd.dll [30/10/2015 09:24:24] - |D| - [0] - C:\WINDOWS\SchCache [30/10/2015 09:24:24] - |D| - [121229] - C:\WINDOWS\schemas [30/10/2015 09:24:24] - |D| - [3719168] - C:\WINDOWS\security [30/10/2015 21:07:12] - |D| - [76698497] - C:\WINDOWS\ServiceProfiles [30/10/2015 08:28:30] - |D| - [169235360] - C:\WINDOWS\servicing [30/10/2015 09:26:37] - |D| - [42] - C:\WINDOWS\Setup [30/10/2015 21:03:03] - |D| - [4544] - C:\WINDOWS\ShellNew [30/10/2015 21:00:30] - |D| - [3070736] - C:\WINDOWS\SKB [10/01/2015 03:31:06] - |D| - [361826883] - C:\WINDOWS\SoftwareDistribution [30/10/2015 09:24:24] - |D| - [103546827] - C:\WINDOWS\Speech [30/10/2015 09:24:24] - |D| - [50814701] - C:\WINDOWS\Speech_OneCore [MD5.3BB80AF91D069F97006DCCC031164903] - [30/10/2015 09:18:09] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [128000] - (10.0.10586.0) - C:\WINDOWS\splwow64.exe [MD5.71CC8AE7CE8FD12D342EF2D168ADEF69] - [08/09/2014 20:21:47] - |A| - (.-.) - [43] - (0.0.0.0) - C:\WINDOWS\spotify.preload [MD5.2664EEEE55F34BC4FAAA8EE41393D2CD] - [31/07/2015 00:25:21] - |A| - (.-.) - [31856] - (0.0.0.0) - C:\WINDOWS\Starter.xml [30/10/2015 09:24:24] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 15:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [30/10/2015 08:28:30] - |D| - [6502999815] - C:\WINDOWS\System32 [30/10/2015 09:24:25] - |D| - [156040368] - C:\WINDOWS\SystemApps [30/10/2015 09:24:25] - |D| - [18858677] - C:\WINDOWS\SystemResources [30/10/2015 08:28:37] - |D| - [1439289805] - C:\WINDOWS\SysWOW64 [30/10/2015 09:24:25] - |D| - [0] - C:\WINDOWS\TAPI [22/08/2013 17:36:30] - |D| - [6452] - C:\WINDOWS\Tasks [10/01/2015 03:34:43] - |D| - [21007] - C:\WINDOWS\tbaseregistry [30/10/2015 09:24:25] - |D| - [301554] - C:\WINDOWS\Temp [22/08/2013 17:36:30] - |RD| - [0] - C:\WINDOWS\ToastData [MD5.C5AC39CDA2E384ED3798715162F60235] - [06/09/2013 01:02:28] - |A| - (.Copyright (C) 2012-2013 Toshiba Corporation. - Support peak shift import/export, Peak shift module..) - [86880] - (1.0.0.4) - C:\WINDOWS\TPSCCfg.exe [30/10/2015 09:24:25] - |D| - [0] - C:\WINDOWS\tracing [30/10/2015 09:24:25] - |D| - [14885674] - C:\WINDOWS\twain_32 [MD5.669A44C0BCA67D8CDE111F7FBA91EE86] - [30/10/2015 09:19:30] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [60416] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [22/08/2013 17:36:30] - |D| - [0] - C:\WINDOWS\vpnplugins [30/10/2015 09:24:25] - |D| - [12420] - C:\WINDOWS\Vss [30/10/2015 09:24:25] - |D| - [15864532] - C:\WINDOWS\Web [MD5.93779FF61C8548F9DAD74647C7B45199] - [22/08/2013 15:25:43] - |A| - (.-.) - [208] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [30/10/2015 09:18:16] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [12/07/2016 00:31:26] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.8C459D003560EA9817F7CDB29AA55382] - [30/10/2015 09:18:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.10586.0) - C:\WINDOWS\winhlp32.exe [30/10/2015 08:28:30] - |D| - [14336111037] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [30/10/2015 09:18:41] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.E9C22DCE95A6E5B6C37FED42B3749E32] - [30/10/2015 09:18:14] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.10586.0) - C:\WINDOWS\write.exe ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [26/10/2015 21:05:07] - C:\WINDOWS\Installer\137cd5.msi : (WinZip Compression Utility - Copyright (c) 1991-2015 WinZip International LLC - All Rights Reserved) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/12/2015 01:15:40] - C:\WINDOWS\Installer\15cf395b.msi : (Google Talk Plugin Installer - Google) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/09/2014 20:19:11] - C:\WINDOWS\Installer\18dfa.msi : (Evernote v. 5.4 - Evernote Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/09/2014 20:18:44] - C:\WINDOWS\Installer\18e06.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2016 20:39:17] - C:\WINDOWS\Installer\191cb22f.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/06/2016 05:10:58] - C:\WINDOWS\Installer\1fa241.msi : (Google Drive - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/04/2016 17:40:34] - C:\WINDOWS\Installer\1fe095c0.msi : ( - TomTom) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2013 12:46:32] - C:\WINDOWS\Installer\26460.msi : (TOSHIBA Service Station - Toshiba Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/07/2016 11:05:36] - C:\WINDOWS\Installer\275f200.msi : ( - Oliver Carr) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/07/2016 11:04:50] - C:\WINDOWS\Installer\275f204.msi : (Blank Project Template - TomTom) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/06/2014 13:38:58] - C:\WINDOWS\Installer\2d097.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/12/2013 13:08:46] - C:\WINDOWS\Installer\305d0.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/02/2014 17:18:32] - C:\WINDOWS\Installer\305d4.msi : (TOSHIBA PC Health Monitor - Toshiba Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/07/2014 17:22:14] - C:\WINDOWS\Installer\305d8.msi : (TOSHIBA eco Utility - Toshiba Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/12/2013 13:42:48] - C:\WINDOWS\Installer\305dc.msi : (TOSHIBA System Settings - Toshiba Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/03/2014 19:48:06] - C:\WINDOWS\Installer\32e4c.msi : (DESKTO~1|Start Screen Option - Toshiba Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/05/2016 03:04:08] - C:\WINDOWS\Installer\3d105a2.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\3d8a30d2.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/07/2016 15:43:28] - C:\WINDOWS\Installer\416f9df.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:49:40] - C:\WINDOWS\Installer\4427b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:42:32] - C:\WINDOWS\Installer\44280.msi : (AMD Catalyst Install Manager Installer (64 bit) - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/04/2014 14:58:50] - C:\WINDOWS\Installer\44284.msi : (PSP Application Installer - Advanced Micro Devices Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:50:56] - C:\WINDOWS\Installer\44288.msi : (AMD Start Now Installation package - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/08/2013 22:52:42] - C:\WINDOWS\Installer\4428c.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:50:24] - C:\WINDOWS\Installer\44290.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:47:20] - C:\WINDOWS\Installer\44294.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:47:24] - C:\WINDOWS\Installer\44298.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:47:30] - C:\WINDOWS\Installer\4429c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:47:38] - C:\WINDOWS\Installer\442a0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:47:44] - C:\WINDOWS\Installer\442a4.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:47:50] - C:\WINDOWS\Installer\442a8.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:47:56] - C:\WINDOWS\Installer\442ac.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:02] - C:\WINDOWS\Installer\442b0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:08] - C:\WINDOWS\Installer\442b4.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:14] - C:\WINDOWS\Installer\442b8.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:20] - C:\WINDOWS\Installer\442bc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:26] - C:\WINDOWS\Installer\442c0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:32] - C:\WINDOWS\Installer\442c4.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:38] - C:\WINDOWS\Installer\442c8.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:42] - C:\WINDOWS\Installer\442cc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:50] - C:\WINDOWS\Installer\442d0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:48:56] - C:\WINDOWS\Installer\442d4.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:49:02] - C:\WINDOWS\Installer\442d8.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:49:08] - C:\WINDOWS\Installer\442dc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:49:14] - C:\WINDOWS\Installer\442e0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:49:20] - C:\WINDOWS\Installer\442e4.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:49:26] - C:\WINDOWS\Installer\442e8.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:49:34] - C:\WINDOWS\Installer\442ec.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:49:52] - C:\WINDOWS\Installer\442f0.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:47:12] - C:\WINDOWS\Installer\442f5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/04/2014 13:50:34] - C:\WINDOWS\Installer\442f9.msi : (AMD Accelerated Video Transcoding INstallation package - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/11/2015 14:18:11] - C:\WINDOWS\Installer\5f67946.msi : (Toshiba support and information tool - Toshiba) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/01/2015 03:45:49] - C:\WINDOWS\Installer\73589.msi : (DTS Premium Sound - DTS, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/01/2015 03:46:05] - C:\WINDOWS\Installer\7358e.msi : (TOSHIBA System Driver - Toshiba Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/06/2016 19:49:01] - C:\WINDOWS\Installer\92f206d.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2015 09:56:44] - C:\WINDOWS\Installer\a55406d.msi : (Adblock Plus for IE - Eyeo GmbH) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/05/2015 06:43:42] - C:\WINDOWS\Installer\b91157c.msi : (Google Toolbar for Internet Explorer - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/06/2015 16:08:40] - C:\WINDOWS\Installer\c57240c.msi : (TOSHIBA Display Utility - Toshiba Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/07/2016 17:58:32] - C:\WINDOWS\Installer\e17cda.msi : (WOT pour Internet Explorer - WOT Services Oy) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/07/2016 17:58:32] - C:\WINDOWS\Installer\e17cdc.msi : (WOT pour Internet Explorer - WOT Services Oy) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [30/10/2015 09:18:41] - [3458] - C:\WINDOWS\System32\ieuinit.inf [20/09/2015 03:40:39] - [1848398] - C:\WINDOWS\System32\PerfStringBackup.INI [30/10/2015 09:18:09] - [60124] - C:\WINDOWS\System32\tcpmon.ini [30/10/2015 09:17:49] - [2269] - C:\WINDOWS\System32\WimBootCompress.ini [30/10/2015 09:19:39] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [30/10/2015 09:18:25] - [2269] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | [Aralia] [05/01/2016 02:03:38] - |RD| - [3875642] - C:\Users\Aralia\3D Objects [28/12/2015 10:54:08] - |HD| - [2129091663] - C:\Users\Aralia\AppData [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\Application Data [01/05/2015 19:16:34] - |RD| - [412] - C:\Users\Aralia\Contacts [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\Cookies [01/05/2015 19:15:58] - |RD| - [10814950] - C:\Users\Aralia\Desktop [01/05/2015 19:15:58] - |RD| - [929423212] - C:\Users\Aralia\Documents [01/05/2015 19:15:58] - |RD| - [2494600] - C:\Users\Aralia\Downloads [23/05/2016 02:07:15] - |D| - [0] - C:\Users\Aralia\dwhelper [01/05/2015 19:15:58] - |RD| - [978758] - C:\Users\Aralia\Favorites [01/05/2015 19:15:58] - |RD| - [2514] - C:\Users\Aralia\Links [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\Local Settings [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\Menu Démarrer [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\Mes documents [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\Modèles [01/05/2015 19:15:58] - |RD| - [19929904] - C:\Users\Aralia\Music [28/12/2015 10:54:08] - |ASH| - [7077888] - C:\Users\Aralia\NTUSER.DAT [28/12/2015 10:54:08] - |ASH| - [1773568] - C:\Users\Aralia\ntuser.dat.LOG1 [28/12/2015 10:54:08] - |ASH| - [1736704] - C:\Users\Aralia\ntuser.dat.LOG2 [28/12/2015 10:54:08] - |ASH| - [65536] - C:\Users\Aralia\NTUSER.DAT{9b024f5a-ad3e-11e5-9961-d44d0159e8eb}.TM.blf [28/12/2015 10:54:08] - |ASH| - [524288] - C:\Users\Aralia\NTUSER.DAT{9b024f5a-ad3e-11e5-9961-d44d0159e8eb}.TMContainer00000000000000000001.regtrans-ms [28/12/2015 10:54:08] - |ASH| - [524288] - C:\Users\Aralia\NTUSER.DAT{9b024f5a-ad3e-11e5-9961-d44d0159e8eb}.TMContainer00000000000000000002.regtrans-ms [28/12/2015 11:29:06] - |SH| - [20] - C:\Users\Aralia\ntuser.ini [20/09/2015 04:05:26] - |RD| - [809105] - C:\Users\Aralia\OneDrive [01/05/2015 19:15:58] - |RD| - [131384349111] - C:\Users\Aralia\Pictures [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\Recent [01/05/2015 19:15:58] - |RD| - [282] - C:\Users\Aralia\Saved Games [01/05/2015 19:16:35] - |RD| - [1872] - C:\Users\Aralia\Searches [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\SendTo [03/09/2015 06:34:13] - |A| - [0] - C:\Users\Aralia\Sti_Trace.log [06/05/2015 12:54:54] - |D| - [65863680] - C:\Users\Aralia\Tracing [01/05/2015 19:15:58] - |RD| - [504] - C:\Users\Aralia\Videos [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\Voisinage d'impression [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\Voisinage réseau [02/07/2016 19:41:29] - |A| - [2228224] - C:\Users\Aralia\ZHPDiag3.exe [01/05/2015 19:16:24] - |D| - [3992524] - C:\Users\Aralia\AppData\Roaming\Adobe [01/05/2015 19:28:38] - |D| - [0] - C:\Users\Aralia\AppData\Roaming\ATI [09/05/2015 19:20:31] - |D| - [13096483] - C:\Users\Aralia\AppData\Roaming\AVAST Software [03/09/2015 06:32:13] - |D| - [54232] - C:\Users\Aralia\AppData\Roaming\Canon [15/05/2016 11:40:02] - |D| - [509] - C:\Users\Aralia\AppData\Roaming\dvdcss [09/05/2015 20:29:17] - |D| - [0] - C:\Users\Aralia\AppData\Roaming\Google [06/05/2015 13:29:07] - |D| - [0] - C:\Users\Aralia\AppData\Roaming\Identities [12/05/2015 03:02:27] - |D| - [2502593] - C:\Users\Aralia\AppData\Roaming\LibreOffice [05/05/2015 15:20:23] - |D| - [291] - C:\Users\Aralia\AppData\Roaming\Macromedia [28/12/2015 10:54:08] - |SD| - [600184] - C:\Users\Aralia\AppData\Roaming\Microsoft [05/05/2015 15:40:51] - |D| - [159793045] - C:\Users\Aralia\AppData\Roaming\Mozilla [21/05/2015 03:15:56] - |D| - [50451] - C:\Users\Aralia\AppData\Roaming\Nero [05/05/2015 15:35:13] - |D| - [82162951] - C:\Users\Aralia\AppData\Roaming\Skype [05/11/2015 13:30:23] - |D| - [0] - C:\Users\Aralia\AppData\Roaming\TeamViewer [07/07/2016 11:08:04] - |D| - [6877314] - C:\Users\Aralia\AppData\Roaming\TomTom [29/05/2015 10:09:07] - |D| - [93361] - C:\Users\Aralia\AppData\Roaming\vlc [16/05/2015 17:27:46] - |D| - [491] - C:\Users\Aralia\AppData\Roaming\WildTangent [30/12/2015 21:27:56] - |D| - [0] - C:\Users\Aralia\AppData\Roaming\WinBatch [06/05/2015 13:29:20] - |D| - [295] - C:\Users\Aralia\AppData\Roaming\Windows Live Writer [03/06/2015 10:12:23] - |D| - [25216] - C:\Users\Aralia\AppData\Roaming\XnView [13/11/2015 18:53:07] - |D| - [13496535] - C:\Users\Aralia\AppData\Roaming\ZHP [09/07/2016 16:07:56] - |D| - [23552] - C:\Users\Aralia\AppData\Local\4kdownload.com [28/12/2015 11:31:17] - |D| - [0] - C:\Users\Aralia\AppData\Local\ActiveSync [10/08/2015 03:41:39] - |D| - [10639419] - C:\Users\Aralia\AppData\Local\Adobe [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\AppData\Local\Application Data [01/05/2015 19:28:38] - |D| - [68328] - C:\Users\Aralia\AppData\Local\ATI [10/08/2015 03:54:48] - |D| - [0] - C:\Users\Aralia\AppData\Local\CEF [24/05/2015 11:05:43] - |D| - [328736058] - C:\Users\Aralia\AppData\Local\Chromium [20/09/2015 03:51:19] - |D| - [24236469] - C:\Users\Aralia\AppData\Local\Comms [19/12/2015 10:59:24] - |D| - [0] - C:\Users\Aralia\AppData\Local\CrashDumps [03/06/2015 22:27:26] - |A| - [6144] - C:\Users\Aralia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [03/05/2015 20:24:27] - |D| - [387144] - C:\Users\Aralia\AppData\Local\Diagnostics [07/07/2016 11:04:50] - |D| - [27650048] - C:\Users\Aralia\AppData\Local\Downloaded Installations [29/01/2016 20:19:07] - |D| - [0] - C:\Users\Aralia\AppData\Local\ElevatedDiagnostics [07/05/2015 09:35:10] - |SHD| - [0] - C:\Users\Aralia\AppData\Local\EmieBrowserModeList [05/05/2015 15:24:52] - |SHD| - [0] - C:\Users\Aralia\AppData\Local\EmieSiteList [05/05/2015 15:24:52] - |SHD| - [0] - C:\Users\Aralia\AppData\Local\EmieUserList [01/05/2015 19:28:32] - |D| - [202596514] - C:\Users\Aralia\AppData\Local\Google [02/06/2015 06:54:04] - |D| - [71] - C:\Users\Aralia\AppData\Local\GWX [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\AppData\Local\Historique [17/07/2016 09:45:50] - |AH| - [138105] - C:\Users\Aralia\AppData\Local\IconCache.db [17/09/2015 17:43:18] - |D| - [0] - C:\Users\Aralia\AppData\Local\Macromedia [28/12/2015 10:54:08] - |D| - [908019651] - C:\Users\Aralia\AppData\Local\Microsoft [20/09/2015 04:21:11] - |D| - [87469] - C:\Users\Aralia\AppData\Local\MicrosoftEdge [09/05/2015 17:43:51] - |D| - [8974] - C:\Users\Aralia\AppData\Local\Mozilla [20/09/2015 04:07:38] - |D| - [0] - C:\Users\Aralia\AppData\Local\NetworkTiles [05/01/2016 14:28:21] - |D| - [26] - C:\Users\Aralia\AppData\Local\Nico Mak Computing [01/05/2015 19:16:24] - |D| - [218178352] - C:\Users\Aralia\AppData\Local\Packages [06/05/2015 06:16:06] - |D| - [0] - C:\Users\Aralia\AppData\Local\Programs [20/09/2015 03:54:05] - |D| - [0] - C:\Users\Aralia\AppData\Local\Publishers [05/05/2015 15:35:27] - |D| - [0] - C:\Users\Aralia\AppData\Local\Skype [16/09/2015 11:03:55] - |D| - [39509938] - C:\Users\Aralia\AppData\Local\Songr [16/10/2015 21:09:20] - |D| - [940] - C:\Users\Aralia\AppData\Local\speech [23/06/2015 03:33:04] - |D| - [0] - C:\Users\Aralia\AppData\Local\TeamViewer [15/07/2016 22:24:41] - |D| - [178089] - C:\Users\Aralia\AppData\Local\Temp [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\AppData\Local\Temporary Internet Files [20/09/2015 03:50:35] - |D| - [11935744] - C:\Users\Aralia\AppData\Local\TileDataLayer [15/06/2016 04:07:50] - |D| - [3360045] - C:\Users\Aralia\AppData\Local\TomTom [01/05/2015 19:18:02] - |D| - [1673] - C:\Users\Aralia\AppData\Local\TOSHIBA [01/05/2015 19:16:22] - |D| - [0] - C:\Users\Aralia\AppData\Local\VirtualStore [06/05/2015 12:38:53] - |D| - [20480] - C:\Users\Aralia\AppData\Local\Windows Live [06/05/2015 13:29:20] - |D| - [650003] - C:\Users\Aralia\AppData\Local\Windows Live Writer [05/01/2016 14:28:00] - |D| - [25863668] - C:\Users\Aralia\AppData\Local\WinZip [16/07/2016 20:28:13] - |D| - [0] - C:\Users\Aralia\AppData\Local\{B19D49FB-178C-45C6-B623-590615515C4D} [01/05/2015 19:16:34] - |ASH| - [174] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [28/12/2015 10:54:08] - |SHD| - [0] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [28/12/2015 10:54:08] - |RD| - [33170] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [28/12/2015 10:54:08] - |RD| - [3888] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [28/12/2015 10:54:08] - |RD| - [2936] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [01/05/2015 19:16:35] - |RD| - [174] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/06/2016 14:12:05] - |A| - [279] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Corbeille.lnk [28/12/2015 11:29:43] - |ASH| - [174] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [28/12/2015 10:54:08] - |D| - [170] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [20/09/2015 04:05:25] - |A| - [2462] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [24/05/2015 11:13:45] - |D| - [5091] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [23/09/2015 07:50:27] - |A| - [1200] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Songr.lnk [01/05/2015 19:16:35] - |RD| - [174] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [28/12/2015 10:54:08] - |RD| - [5318] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [25/09/2015 05:28:39] - |A| - [490] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TI31378800A (C).lnk [25/05/2015 07:29:22] - |D| - [3576] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [28/12/2015 10:54:08] - |RSD| - [7238] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [01/05/2015 19:16:35] - |ASH| - [174] - C:\Users\Aralia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [10/09/2015 07:54:19] - |RHD| - [41328] - C:\Users\Public\AccountPictures [10/01/2015 03:58:04] - |D| - [0] - C:\Users\Public\CyberLink [22/08/2013 17:36:30] - |RD| - [20437] - C:\Users\Public\Desktop [30/10/2015 09:24:29] - |ASH| - [174] - C:\Users\Public\desktop.ini [22/08/2013 17:36:30] - |RD| - [278] - C:\Users\Public\Documents [22/08/2013 17:36:30] - |RD| - [174] - C:\Users\Public\Downloads [30/10/2015 09:24:24] - |RHD| - [1135] - C:\Users\Public\Libraries [22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Music [03/07/2015 01:07:36] - |A| - [262144] - C:\Users\Public\NTUSER.DAT [03/07/2015 01:07:36] - |ASH| - [8192] - C:\Users\Public\NTUSER.DAT.LOG1 [03/07/2015 01:07:36] - |ASH| - [8192] - C:\Users\Public\NTUSER.DAT.LOG2 [03/07/2015 01:07:36] - |ASH| - [65536] - C:\Users\Public\NTUSER.DAT{994b71f3-1e93-11e5-8290-acb57d6d0e4a}.TM.blf [03/07/2015 01:07:36] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{994b71f3-1e93-11e5-8290-acb57d6d0e4a}.TMContainer00000000000000000001.regtrans-ms [03/07/2015 01:07:36] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{994b71f3-1e93-11e5-8290-acb57d6d0e4a}.TMContainer00000000000000000002.regtrans-ms [22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Pictures [22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [10/08/2015 03:46:42] - |D| - [231641853] - C:\ProgramData\Adobe [10/01/2015 03:32:55] - |D| - [306640] - C:\ProgramData\AMD [28/12/2015 11:27:54] - |SHD| - [37981858524] - C:\ProgramData\Application Data [09/05/2015 19:16:06] - |D| - [107203193] - C:\ProgramData\AVAST Software [16/05/2015 17:29:02] - |D| - [757] - C:\ProgramData\BlueStacks [20/09/2015 03:48:49] - |SHD| - [20437] - C:\ProgramData\Bureau [03/09/2015 06:02:27] - |HD| - [24949014] - C:\ProgramData\CanonBJ [03/09/2015 06:26:24] - |HD| - [0] - C:\ProgramData\CanonEPP [05/01/2016 16:12:25] - |D| - [169] - C:\ProgramData\CanonIJ [03/09/2015 10:49:36] - |HD| - [114] - C:\ProgramData\CanonIJEGV [03/09/2015 06:26:24] - |HD| - [0] - C:\ProgramData\CanonIJEPPEX2 [03/09/2015 06:23:25] - |D| - [2675] - C:\ProgramData\CanonIJMSetup [10/01/2016 11:01:56] - |HD| - [116] - C:\ProgramData\CanonIJMyPrinter [28/12/2015 12:41:30] - |D| - [3038] - C:\ProgramData\CanonIJPLM [03/09/2015 06:34:12] - |HD| - [2536] - C:\ProgramData\CanonIJScan [03/09/2015 06:26:37] - |HD| - [1788] - C:\ProgramData\CanonIJSolutionMenuEX [03/09/2015 06:22:21] - |D| - [67887] - C:\ProgramData\CanonIJWSpt [30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\Comms [10/01/2015 03:56:24] - |D| - [66795] - C:\ProgramData\CyberLink [28/12/2015 11:27:54] - |SHD| - [278] - C:\ProgramData\Documents [28/12/2015 10:48:51] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [06/05/2015 06:43:37] - |D| - [12722] - C:\ProgramData\Google [10/01/2015 03:56:22] - |D| - [569003] - C:\ProgramData\install_clap [16/05/2015 07:21:11] - |D| - [23991] - C:\ProgramData\IsolatedStorage [21/09/2015 01:57:32] - |D| - [11093790] - C:\ProgramData\Malwarebytes [20/09/2015 03:48:49] - |SHD| - [192102] - C:\ProgramData\Menu Démarrer [30/10/2015 09:24:24] - |SD| - [3185768563] - C:\ProgramData\Microsoft [10/09/2015 07:54:48] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [20/09/2015 03:48:49] - |SHD| - [0] - C:\ProgramData\Modèles [09/05/2015 17:43:39] - |D| - [34457] - C:\ProgramData\Mozilla [21/05/2015 03:08:38] - |D| - [576] - C:\ProgramData\Nero [21/06/2016 11:37:44] - |RASH| - [290] - C:\ProgramData\ntuser.pol [10/01/2015 03:31:09] - |D| - [14104342] - C:\ProgramData\Package Cache [30/10/2015 09:24:24] - |AD| - [2042] - C:\ProgramData\regid.1991-06.com.microsoft [18/12/2015 21:40:37] - |D| - [522391] - C:\ProgramData\RogueKiller [08/09/2014 20:20:45] - |D| - [150671360] - C:\ProgramData\Skype [30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\SoftwareDistribution [10/01/2015 03:45:53] - |D| - [275837] - C:\ProgramData\SRS Labs [10/01/2015 03:56:24] - |D| - [42280] - C:\ProgramData\Temp [07/07/2016 11:08:09] - |D| - [0] - C:\ProgramData\TomTom [08/09/2014 20:19:57] - |D| - [19498876] - C:\ProgramData\TOSHIBA [16/05/2015 07:21:11] - |D| - [618499] - C:\ProgramData\TOSHIBA Tempro [08/05/2015 20:45:53] - |D| - [3729] - C:\ProgramData\ToshibaEurope [23/09/2015 13:40:36] - |D| - [2582] - C:\ProgramData\Unchecky [30/10/2015 09:24:24] - |D| - [2262] - C:\ProgramData\USOPrivate [30/07/2015 23:53:14] - |D| - [1994752] - C:\ProgramData\USOShared [10/01/2015 04:02:48] - |D| - [604983] - C:\ProgramData\WildTangent [23/09/2015 13:30:20] - |D| - [28] - C:\ProgramData\WinZip ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [30/10/2015 09:24:28] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [20/09/2015 03:48:49] - |SHD| - [189730] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [30/10/2015 09:24:24] - |RD| - [189730] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [05/01/2016 14:28:12] - |A| - [2198] - C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [03/07/2016 17:10:36] - |D| - [1579] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [30/10/2015 09:24:24] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [30/10/2015 09:24:24] - |RD| - [15666] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [10/08/2015 03:48:00] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [30/10/2015 09:24:24] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [07/06/2016 01:00:03] - |A| - [1990] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [03/09/2015 06:19:52] - |D| - [1673] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series [03/09/2015 06:20:08] - |D| - [3756] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual [03/09/2015 06:20:42] - |D| - [25645] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [01/01/2016 14:30:28] - |D| - [974] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [30/10/2015 09:24:28] - |ASH| - [1140] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/10/2015 09:18:13] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk [30/10/2015 09:19:28] - |RAS| - [2197] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk [10/01/2015 03:45:53] - |D| - [2070] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS, Inc [10/01/2016 10:56:58] - |D| - [4365] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enregistrement utilisateur de Canon MP280 series [08/09/2014 20:19:23] - |D| - [2541] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [10/01/2015 04:02:53] - |RD| - [98] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [05/05/2015 15:50:45] - |A| - [2281] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [08/09/2014 20:18:56] - |D| - [7582] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [30/10/2015 09:19:28] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [12/05/2015 03:01:01] - |D| - [9728] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4 [30/10/2015 09:24:24] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [04/07/2016 19:59:20] - |D| - [5315] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [08/09/2014 20:16:43] - |A| - [2064] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk [06/05/2015 23:10:33] - |D| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [30/10/2015 09:17:57] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [09/05/2015 17:43:40] - |A| - [1239] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [30/10/2015 09:19:28] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [30/10/2015 09:18:07] - |RAS| - [1588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk [10/12/2015 18:06:48] - |D| - [2108] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [12/04/2016 14:05:42] - |D| - [946] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [30/10/2015 09:24:24] - |RD| - [6509] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [30/10/2015 09:24:24] - |RD| - [4033] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [30/10/2015 21:03:03] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [13/01/2016 14:28:41] - |A| - [1123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk [15/06/2016 04:07:47] - |D| - [7070] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [08/09/2014 20:22:10] - |RD| - [20945] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA [23/09/2015 13:40:36] - |D| - [2166] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky [20/06/2016 13:05:36] - |D| - [7254] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [23/05/2015 02:28:55] - |A| - [1485] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [28/12/2015 11:05:22] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [05/01/2016 14:28:13] - |D| - [2210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [03/06/2015 07:40:35] - |D| - [2169] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [15/07/2016 22:22:04] - |D| - [1947] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [30/10/2015 09:24:28] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [05/01/2016 14:28:11] - |A| - [2053] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [05/01/2016 14:28:14] - |A| - [2238] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [05/01/2016 14:28:12] - |A| - [2044] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk ---------- | C:\Program Files (x86) [10/08/2015 03:47:26] - |D| - [220701544] - C:\Program Files (x86)\Adobe [10/01/2015 03:32:54] - |D| - [717552] - C:\Program Files (x86)\AMD AVT [10/01/2015 03:31:22] - |AD| - [16551564] - C:\Program Files (x86)\ATI Technologies [03/09/2015 06:17:47] - |D| - [346224358] - C:\Program Files (x86)\Canon [30/10/2015 08:28:30] - |D| - [568393985] - C:\Program Files (x86)\Common Files [30/10/2015 09:24:28] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [10/01/2015 03:45:53] - |D| - [3959496] - C:\Program Files (x86)\DTS, Inc [10/01/2015 04:02:17] - |D| - [1219358] - C:\Program Files (x86)\eBay [08/09/2014 20:19:15] - |D| - [223571346] - C:\Program Files (x86)\Evernote [21/06/2016 11:37:59] - |D| - [20643052] - C:\Program Files (x86)\FreeCodecPack [08/09/2014 20:18:44] - |D| - [613779646] - C:\Program Files (x86)\Google [08/09/2014 20:22:05] - |HD| - [34980546] - C:\Program Files (x86)\InstallShield Installation Information [30/10/2015 09:24:24] - |D| - [2164631] - C:\Program Files (x86)\Internet Explorer [12/05/2015 02:58:45] - |AD| - [457689357] - C:\Program Files (x86)\LibreOffice 4 [04/07/2016 19:59:12] - |AD| - [59499473] - C:\Program Files (x86)\Malwarebytes Anti-Malware [03/06/2015 01:33:32] - |D| - [4086913] - C:\Program Files (x86)\Microsoft [08/09/2014 20:16:34] - |D| - [2280024] - C:\Program Files (x86)\Microsoft Office [06/05/2015 23:07:30] - |D| - [42886030] - C:\Program Files (x86)\Microsoft Silverlight [03/06/2015 01:36:37] - |D| - [135821] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [30/10/2015 09:24:24] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [16/10/2015 11:57:35] - |AD| - [97056646] - C:\Program Files (x86)\Mozilla Firefox [09/05/2015 17:43:38] - |D| - [250853] - C:\Program Files (x86)\Mozilla Maintenance Service [28/12/2015 10:00:08] - |D| - [25757] - C:\Program Files (x86)\MSBuild [15/06/2016 04:07:28] - |AD| - [84625950] - C:\Program Files (x86)\MyDrive Connect [10/01/2015 03:36:23] - |D| - [18295020] - C:\Program Files (x86)\Realtek [28/12/2015 10:00:08] - |D| - [38450433] - C:\Program Files (x86)\Reference Assemblies [23/09/2015 13:27:53] - |RD| - [87331900] - C:\Program Files (x86)\Skype [13/01/2016 14:28:23] - |AD| - [86236540] - C:\Program Files (x86)\TeamViewer [10/01/2015 03:36:23] - |HD| - [0] - C:\Program Files (x86)\Temp [07/07/2016 11:07:29] - |AD| - [51513696] - C:\Program Files (x86)\TomTom HOME 2 [15/06/2016 04:07:46] - |D| - [44972] - C:\Program Files (x86)\TomTom International B.V [10/01/2015 03:46:05] - |D| - [93363232] - C:\Program Files (x86)\TOSHIBA [24/12/2015 18:54:02] - |AD| - [25745280] - C:\Program Files (x86)\Toshiba TEMPRO [23/09/2015 13:40:36] - |AD| - [5382764] - C:\Program Files (x86)\Unchecky [29/05/2015 10:07:05] - |D| - [126872787] - C:\Program Files (x86)\VideoLAN [24/05/2015 11:13:45] - |D| - [6840319] - C:\Program Files (x86)\VS Revo Group [10/01/2015 04:02:48] - |D| - [22954657] - C:\Program Files (x86)\WildTangent Games [30/10/2015 09:24:24] - |D| - [1549824] - C:\Program Files (x86)\Windows Defender [23/05/2015 02:23:27] - |AD| - [73070755] - C:\Program Files (x86)\Windows Live [30/10/2015 09:24:24] - |D| - [5961728] - C:\Program Files (x86)\Windows Mail [30/10/2015 09:24:24] - |D| - [3423311] - C:\Program Files (x86)\Windows Media Player [30/10/2015 09:24:24] - |D| - [220064] - C:\Program Files (x86)\Windows Multimedia Platform [30/10/2015 09:24:24] - |D| - [7626810] - C:\Program Files (x86)\Windows NT [30/10/2015 09:24:24] - |D| - [5529792] - C:\Program Files (x86)\Windows Photo Viewer [30/10/2015 09:24:24] - |D| - [220064] - C:\Program Files (x86)\Windows Portable Devices [30/10/2015 09:24:24] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [30/10/2015 09:24:24] - |SD| - [3777126] - C:\Program Files (x86)\WindowsPowerShell [14/07/2016 18:00:36] - |D| - [1705472] - C:\Program Files (x86)\WOT [03/06/2015 07:40:05] - |AD| - [18067952] - C:\Program Files (x86)\XnView [15/07/2016 22:22:01] - |D| - [7233260] - C:\Program Files (x86)\ZHPFix ---------- | C:\Program Files [03/07/2016 17:10:29] - |AD| - [4982184] - C:\Program Files\7-Zip [06/05/2015 06:21:33] - |AD| - [7333437] - C:\Program Files\Adblock Plus for IE [28/12/2015 10:47:45] - |D| - [153248] - C:\Program Files\AMD [10/01/2015 03:31:24] - |D| - [27534035] - C:\Program Files\ATI [10/01/2015 03:32:21] - |AD| - [173130] - C:\Program Files\ATI Technologies [09/05/2015 19:17:28] - |D| - [660452953] - C:\Program Files\AVAST Software [10/01/2015 03:44:07] - |D| - [34043243] - C:\Program Files\Broadcom [10/01/2016 10:29:47] - |D| - [6167980] - C:\Program Files\Canon [01/01/2016 14:30:26] - |AD| - [18324752] - C:\Program Files\CCleaner [30/10/2015 08:28:30] - |D| - [93107634] - C:\Program Files\Common Files [30/10/2015 09:24:28] - |ASH| - [174] - C:\Program Files\desktop.ini [20/09/2015 03:48:49] - |SHD| - [93107634] - C:\Program Files\Fichiers communs [06/05/2015 06:43:45] - |D| - [549520] - C:\Program Files\Google [30/10/2015 09:24:24] - |D| - [2785922] - C:\Program Files\Internet Explorer [06/05/2015 23:07:30] - |AD| - [55717262] - C:\Program Files\Microsoft Silverlight [28/12/2015 10:00:08] - |D| - [25757] - C:\Program Files\MSBuild [28/12/2015 10:47:59] - |D| - [43369312] - C:\Program Files\Realtek [28/12/2015 10:00:08] - |D| - [36850857] - C:\Program Files\Reference Assemblies [12/04/2016 14:05:40] - |AD| - [15217952] - C:\Program Files\Speccy [28/12/2015 10:48:55] - |D| - [137110046] - C:\Program Files\Synaptics [08/09/2014 20:22:05] - |D| - [129770733] - C:\Program Files\TOSHIBA [30/07/2015 23:52:28] - |HD| - [0] - C:\Program Files\Uninstall Information [25/05/2015 07:29:22] - |D| - [269199] - C:\Program Files\Unlocker [30/10/2015 09:24:24] - |D| - [11681596] - C:\Program Files\Windows Defender [30/10/2015 21:03:03] - |D| - [9089656] - C:\Program Files\Windows Journal [23/05/2015 02:23:17] - |D| - [43896] - C:\Program Files\Windows Live [30/10/2015 09:24:24] - |D| - [6322176] - C:\Program Files\Windows Mail [30/10/2015 09:24:24] - |D| - [5523571] - C:\Program Files\Windows Media Player [30/10/2015 09:24:24] - |D| - [258280] - C:\Program Files\Windows Multimedia Platform [30/10/2015 09:24:24] - |D| - [7913530] - C:\Program Files\Windows NT [30/10/2015 09:24:24] - |D| - [6426816] - C:\Program Files\Windows Photo Viewer [30/10/2015 09:24:24] - |D| - [258280] - C:\Program Files\Windows Portable Devices [30/10/2015 09:24:24] - |SHD| - [0] - C:\Program Files\Windows Sidebar [30/10/2015 09:24:24] - |HD| - [1629421248] - C:\Program Files\WindowsApps [30/10/2015 09:24:24] - |SD| - [3966517] - C:\Program Files\WindowsPowerShell [23/09/2015 13:29:55] - |AD| - [268972774] - C:\Program Files\WinZip [14/07/2016 18:00:36] - |D| - [2050128] - C:\Program Files\WOT ---------- | C:\Program Files (x86)\Common Files [10/08/2015 03:47:26] - |AD| - [9245307] - C:\Program Files (x86)\Common Files\Adobe [10/01/2015 03:32:54] - |D| - [2350080] - C:\Program Files (x86)\Common Files\ATI Technologies [20/12/2015 23:50:55] - |D| - [7675831] - C:\Program Files (x86)\Common Files\Borland Shared [10/01/2015 03:36:17] - |D| - [2106564] - C:\Program Files (x86)\Common Files\InstallShield [30/10/2015 09:24:24] - |D| - [374984487] - C:\Program Files (x86)\Common Files\Microsoft Shared [30/10/2015 09:24:24] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [09/04/2016 16:06:38] - |AD| - [2399872] - C:\Program Files (x86)\Common Files\Skype [30/10/2015 09:24:24] - |D| - [9964939] - C:\Program Files (x86)\Common Files\System [06/05/2015 12:38:52] - |D| - [159664203] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [28/12/2015 10:47:46] - |D| - [8535896] - C:\Program Files\Common files\ATI Technologies [03/09/2015 06:22:31] - |D| - [560] - C:\Program Files\Common files\CANON [10/01/2015 04:09:50] - |D| - [3617664] - C:\Program Files\Common files\McAfee [30/10/2015 09:24:24] - |D| - [70166161] - C:\Program Files\Common files\microsoft shared [30/10/2015 09:24:24] - |D| - [2702] - C:\Program Files\Common files\Services [30/10/2015 09:24:24] - |D| - [10784651] - C:\Program Files\Common files\System ---------- | Tasks [MD5.B7C5DA533DD000C2048A062930FD5F6C] - [17/09/2015 17:42:54] - |A| - [1002] - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [MD5.A93C7170F6D3092B71368D40B1B1A6EC] - [08/09/2014 20:18:45] - |A| - [1094] - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [MD5.13416EE12B1A8AB75788954E717C20C6] - [08/09/2014 20:18:48] - |A| - [1096] - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [MD5.A059B615CBBA76F6AB21B7816FAB22AB] - [05/05/2015 15:29:47] - |A| - [1098] - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d087378e33205e.job [MD5.82678BAA077B6903ABB7C768B706F0C7] - [05/05/2015 15:40:18] - |A| - [1052] - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-93316058-2836923639-1887713213-1001Core.job [MD5.1CCAD854422E515AC1915529B6FEE02C] - [05/05/2015 15:40:18] - |A| - [1104] - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-93316058-2836923639-1887713213-1001UA.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [28/12/2015 11:17:43] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.75AE4497B54A528BB29D085C5DD22292] - [10/08/2015 03:48:22] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.6B9D2539290AD3ADAD9975B796F72568] - [17/09/2015 17:42:54] - |A| - [3990] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.BAF50403B2FBFB7153BCCD348D42F1AC] - [09/05/2015 19:19:00] - |A| - [4004] - C:\WINDOWS\System32\Tasks\avast! Emergency Update : C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [MD5.21F4437651F3E9D5BE8FD7EA419E87AF] - [17/09/2015 08:39:29] - |A| - [2486] - C:\WINDOWS\System32\Tasks\avastBCLRestart_chrome.exe : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [MD5.6CC90183A1B950EF416428519FE1D713] - [01/01/2016 14:30:30] - |A| - [2862] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.526E80F8AC960EA18639984F8DCCE862] - [08/09/2014 20:18:46] - |A| - [3924] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.C565F8867D4B53273FED43E62F5A0CBC] - [08/09/2014 20:18:48] - |A| - [3692] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.8D3B17FF72243DEE78CD05297C6359AA] - [05/05/2015 15:29:47] - |A| - [4186] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d087378e33205e : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.608BFB4095A59831DB851B3C00D18026] - [05/05/2015 15:40:18] - |A| - [3566] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-93316058-2836923639-1887713213-1001Core : C:\Users\Aralia\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.B81D73B386F50BF67C4469A3A1308B0B] - [05/05/2015 15:40:18] - |A| - [3834] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-93316058-2836923639-1887713213-1001UA : C:\Users\Aralia\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [30/06/2015 16:31:14] - |D| - [0] - C:\WINDOWS\System32\Tasks\McAfee [MD5.00000000000000000000000000000000] - [30/10/2015 09:24:25] - |D| - [490622] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.3FD30AF217CE8A8C1DB6158E082DA81A] - [08/09/2014 18:44:01] - |A| - [3594] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-677294859-1429382601-3833195206-500 : C:\Users\Aralia\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.9B281EA0B7DB9B4E41D829C0DB34B2B7] - [01/05/2015 19:28:13] - |A| - [2936] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-93316058-2836923639-1887713213-1001 : C:\Users\Aralia\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.0BCCA1FF131B409B1530F4E7C96870DA] - [10/01/2015 03:21:59] - |A| - [2934] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-93316058-2836923639-1887713213-500 : C:\Users\Aralia\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.5E64708196B89FB2EB75A771341D8F03] - [10/01/2015 03:41:11] - |A| - [2048] - C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [MD5.00000000000000000000000000000000] - [10/01/2015 03:55:03] - |D| - [5658] - C:\WINDOWS\System32\Tasks\TOSHIBA [MD5.3B15A8AB72683CDB706231973401595B] - [01/05/2015 19:19:16] - |A| - [4164] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{520C1FC6-6E8B-4E25-8F29-5C1D8E745D4E} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [01/05/2015 19:17:47] - |D| - [3758] - C:\WINDOWS\System32\Tasks\WPD [MD5.00000000000000000000000000000000] - [30/10/2015 09:24:25] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "vm-monitoring-dcom"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=RpcSs|Name=@icsvc.dll,-709|Desc=@icsvc.dll,-710|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv4"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Name=@icsvc.dll,-701|Desc=@icsvc.dll,-702|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv6"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Name=@icsvc.dll,-703|Desc=@icsvc.dll,-704|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-nb-session"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=139|Name=@icsvc.dll,-705|Desc=@icsvc.dll,-706|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-rpc"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Schedule|Name=@icsvc.dll,-707|Desc=@icsvc.dll,-708|EmbedCtxt=@icsvc.dll,-700| "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "DeliveryOptimization-TCP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "MDNS-In-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "{4C82FBFE-F677-4213-ACAB-3D3678CFE2BA}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name='Firefox' (C:\Program Files (x86)\Mozilla Firefox)| "{9C022B8F-4FAD-483C-98F0-4B619A0F908C}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name='Firefox' (C:\Program Files (x86)\Mozilla Firefox)| "{3159C23B-E9A9-4BF0-8BA7-384F2BBB01AC}"=v2.24|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Skype\Phone\Skype.exe|Name=Skype| "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ| "{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ| "{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ| "{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ| "{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7E85A1F6-7A39-46FB-8E75-AFB55ED4CE8B}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{B654D882-48C7-4FA3-BB17-8A685B76533C}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{A383A8CD-88D8-4A00-935E-84A17237AAD3}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{F70382BA-9783-4429-82CD-6D2D5A4BF27F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE| "{197B5BAF-7245-4592-ADE0-3A98C7F9A957}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)| "{5C547ECB-EB16-498A-BC00-75840073F680}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)| "{3F2A8257-4699-4233-B4AD-8A893C197605}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{8B4600F4-2D8C-4AAD-966A-5D7EB39FA068}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Desc=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/Description}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-3137318289-415437605-3491609480-3741388289-878520165-689859088-69748861|EmbedCtxt=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{4A1D9412-815B-451D-98D2-99B73514A513}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Name=@{Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7155379F-3CFE-4BEF-A2F0-11632DF6198C}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{6FFEB9EB-33A3-4FF7-A580-E3EB6480095C}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.XboxIdentityProvider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Desc=@{Microsoft.XboxIdentityProvider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-3833609522-3861047620-3675164185-1739081557-594447883-3111017752-456581032|EmbedCtxt=@{Microsoft.XboxIdentityProvider_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{AFFDBEA5-DD55-4A57-9D3E-4AAED5CC8CE0}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.XboxGameCallableUI_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{A50EF0DC-ECA8-47FD-B9A6-89EE9E84A45F}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.WindowsFeedback_10.0.10240.16393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Desc=@{Microsoft.WindowsFeedback_10.0.10240.16393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-1322174799-1054373777-2441082058-564842223-2721992343-4124100487-3261661085|EmbedCtxt=@{Microsoft.WindowsFeedback_10.0.10240.16393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Platform=2:6:2|Platform2=GTEQ| "{03C25F40-D890-445D-A1D5-6F57A6150193}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{FB0D795A-4DB1-4C19-A6B3-28B90AD98006}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{1F87036B-3543-416D-A4A9-951EE7B4802A}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{4549DDB0-CF6F-440F-83B5-9894B5FA3ED2}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{69A71498-EF15-4892-96AC-E24936784865}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{F974E193-608B-48FD-9434-DE8FB28CB86B}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.10240.16384_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{04D37D2B-B719-4F82-BC8B-A8D7BCE82403}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Name=@{Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{99B480B5-CFA5-4FD7-83CC-C8B878B15859}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{E836FF40-A0C4-4105-9F8A-18FA47889D99}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{DA0CF2D6-6D58-4E42-A332-8FEE29B753D2}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10240.16384.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{F7301179-B1EE-4F2B-9F8E-7D24CE576220}"=v2.24|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{8D317590-5338-4843-8BF3-2617A4FFEB8C}"=v2.24|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{8EC04265-7F5C-43A1-95CA-AD7C5A3E0E63}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{F949F001-18A1-4591-B217-74249B992AC4}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{E56A1163-ACD9-4D78-9FC4-FB478491A962}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{67D7462C-D63C-4937-9DE1-F008AA0C61B2}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{C7CBE8CA-04C4-413E-BEF3-CA2C90E9A3E2}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Desc=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1322174799-1054373777-2441082058-564842223-2721992343-4124100487-3261661085|EmbedCtxt=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Platform=2:6:2|Platform2=GTEQ| "{9F82E065-C121-43BF-B2C2-9A520248D604}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{237F4A3C-80EF-4A7A-AD93-0B3596C099AA}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{EA603FA4-CBB7-4DD5-88E4-81EBAD11AB42}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{44B72F04-D000-4F2A-BE52-C67E0E1178CC}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{A8B67B57-DBB3-423F-9D99-5FD8614F5103}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{7CBFAEF2-7129-4E0D-8857-9B45F419E100}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{B2A2E8A2-D067-4C5F-9427-6C98BD32BDBC}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{DB9713F7-8E27-4B6E-883A-A8DB41E0BC3A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{24A92483-89FB-4124-8C3C-6A7531D75813}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{45A6C5DB-743E-4E1A-9A5D-EA33B1D99EB5}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{2CFC3CA5-982E-4920-9D43-8A95E4F8C71A}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Desc=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3833609522-3861047620-3675164185-1739081557-594447883-3111017752-456581032|EmbedCtxt=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{4D8301CD-499E-4601-BE8F-39CD80058286}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{82344D17-BF4B-4955-854D-322C3A7176DC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D5695253-BB35-4B0D-89E3-FB33920B5E3A}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Desc=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/Description}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3137318289-415437605-3491609480-3741388289-878520165-689859088-69748861|EmbedCtxt=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{6D54808A-FC21-4320-A31B-EDB28EBC5241}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Skyscanner|Desc=Skyscanner|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2555703240-2471106452-143325701-3185885714-4255077407-2218198453-1439275595|EmbedCtxt=Skyscanner|Platform=2:6:2|Platform2=GTEQ| "{F3509117-8E4C-471B-8632-B2A2B3A2B81C}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Skype WiFi|Desc=Skype WiFi|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1130433679-1990454374-3129277160-3980110769-2827371475-140345195-2323808612|EmbedCtxt=Skype WiFi|Platform=2:6:2|Platform2=GTEQ| "{724827A4-C0CF-41EF-9877-CAC5272D619F}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/BrandedAppTitle}|Desc=@{Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppDescription}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2870191891-2241688837-171142518-109998219-184790337-3361571429-3188846544|EmbedCtxt=@{Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/BrandedAppTitle}|Platform=2:6:2|Platform2=GTEQ| "{AF25CEB1-8FE3-48D1-B51C-8C2C1299AC36}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingHealthAndFitness/resources/apptitle}|Desc=HealthAndFitness|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1138804039-612586356-661925973-101396967-3526483782-2490177615-3594119953|EmbedCtxt=@{Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingHealthAndFitness/resources/apptitle}|Platform=2:6:2|Platform2=GTEQ| "{2E09393A-31BC-4698-895A-48B961189B0E}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Desc=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3232211935-909325347-210818523-1333736584-3758124246-283266685-1557978965|EmbedCtxt=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Platform=2:6:2|Platform2=GTEQ| "{D992AED8-BE38-4F9D-A2BC-0DA3ECEA477D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{1C9797C6-FB41-4525-A930-18A349B80280}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{2AABD9FA-ABB9-4B23-8CB2-14D0CDE3EF0A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{1645F836-9317-4850-8B17-50E0549B4EB5}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{DD76E71D-1310-4712-ABBF-FC4F2B321D59}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=My Toshiba|Desc=My Toshiba|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-424246520-577669998-4170525719-3784591981-4149666592-305500746-1899904221|EmbedCtxt=My Toshiba|Platform=2:6:2|Platform2=GTEQ| "{CBDBE3AA-DDD5-4BE7-8C8E-88A5F36A9AE6}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Desc=@{Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3981118486-977731610-4260702232-2292029000-2544493239-2660358776-1526570402|EmbedCtxt=@{Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{4A6EEFD5-20E1-4A54-868B-1AFFC045C8CD}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Desc=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{A5A4B8C8-2C1A-4CB6-950C-6C116BBED075}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Desc=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{23C351C0-37BD-4DD2-BF62-BD4D013464FB}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Desc=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1485202841-4094060947-262313417-955497226-1243708313-1027065603-2694978511|EmbedCtxt=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{60EBCDB0-00E5-452E-AD01-2FB3D341E088}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ| "{030820F7-0E87-49B5-802C-31A133C03CAC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{67DA0625-B51E-4703-87A8-048D2C4B6D28}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Flipboard|Desc=Flipboard|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-864994224-3030340628-3329202063-153121207-2255414721-17657611-2370319705|EmbedCtxt=Flipboard|Platform=2:6:2|Platform2=GTEQ| "{0754936B-0EB8-4D57-A6D6-44DD1AEDA96A}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.3DBuilder_11.1.8.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Desc=@{Microsoft.3DBuilder_11.1.8.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=@{Microsoft.3DBuilder_11.1.8.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{2D5018B5-149D-4D61-AA5E-9002504C38F5}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{BCC381FF-CA58-42F2-B9F8-4A77A1DFEE13}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{89F1FB8C-AEEE-46A9-A92A-0ADBA15D8A05}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{59804FD5-3593-4A0E-B34B-1C440483329D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{FB07A236-E00A-4699-A305-CEF17F349F4F}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{16D51933-7421-4FBB-A423-563FB9D87ABA}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{DF5AF81C-620C-414A-AF07-ECA8B1B345C4}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|Desc=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-253023354-1127976746-3906962265-362626003-4127939218-3835539868-2341249685|EmbedCtxt=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|Platform=2:6:2|Platform2=GTEQ| "{1B5443E9-A276-4254-8FDF-CF1248BFCCBC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|Desc=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-253023354-1127976746-3906962265-362626003-4127939218-3835539868-2341249685|EmbedCtxt=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|Platform=2:6:2|Platform2=GTEQ| "{CFC60158-2A49-490E-B1EB-00226CAE3F07}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Desc=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1239072475-3687740317-1842961305-3395936705-4023953123-1525404051-2779347315|EmbedCtxt=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{DCDF473B-607E-40C9-B284-994D5223EE80}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{7AF32153-6B8A-4828-9F35-7FAA3CA4036F}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{8384FD86-15ED-4828-AB40-F6CDAF3CAE77}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsPhone_10.1605.1661.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Desc=@{Microsoft.WindowsPhone_10.1605.1661.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1227535392-783678415-19788749-859698564-2515149781-2716591593-3518111838|EmbedCtxt=@{Microsoft.WindowsPhone_10.1605.1661.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{7EF50B83-69F0-4969-A39C-F4169B9425B3}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Getstarted_3.11.1.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Desc=@{Microsoft.Getstarted_3.11.1.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1930852602-715273891-2259524165-1460409268-4224052142-2029744616-1797406285|EmbedCtxt=@{Microsoft.Getstarted_3.11.1.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{FBCC1B5D-D8BB-48B9-B675-0337594EF756}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{EA1ECFB7-96BF-4555-A227-1A1DEECA7421}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{92927309-7ABC-4F71-B2B6-4542BE202114}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{3F64C104-C6AE-45E2-A244-A25C8A731C80}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{CE25A968-B4BD-43C3-822E-4DD097DBDD51}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{AF54ECB3-1439-40BF-912C-A28F35ED6C0E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{EDCF096E-F87E-4321-9A96-CA44FA8AA353}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Saga|Desc=Candy Crush Saga|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2599857031-3789198952-3515498744-3120614410-3826243417-3816649221-455961092|EmbedCtxt=Candy Crush Saga|Platform=2:6:2|Platform2=GTEQ| "{6E04F6C0-F6CE-4F7F-BFEA-223A19B009CA}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{3F910DA8-E697-4F14-A163-D6EF406B1C41}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{4D87A2F2-5A25-4079-9100-C6ADB83B5C43}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{62838EC8-12DD-43BD-A870-CA7288A7BE2C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{A6FA3CB9-9B3F-4C6C-9EE2-40724E7DF66A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{529B954C-8D50-4690-83A5-BCC27B1582FA}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "{7D10761D-7D26-40D7-BB47-42F3E78C1290}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{32A60165-F6D3-45A8-BA48-F6A198CD97B7}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{F05DC562-C837-400E-A35F-D14CF2F7B14C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{FD5BBB22-53AA-4678-B87C-3736533C4D80}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{EF4BDADB-AF04-41EF-8439-D5E0DE2F34FB}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{495D9E0F-A205-409D-92CC-37A4EA9A12B9}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{CC0062F7-E2A4-482A-BBC4-DFA1D49D62DE}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{44E64BE8-0DB7-4881-923A-D8A35CED5AA2}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{5C846180-8A0B-434C-8338-E241AF51F632}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneVideo_3.6.22501.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_3.6.22501.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_3.6.22501.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{1BC64C76-D701-42A2-BA67-23DD9088B111}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneVideo_3.6.22501.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_3.6.22501.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-93316058-2836923639-1887713213-1001|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_3.6.22501.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{A80137C5-6CBA-412B-A1EC-D72343F79773}C:\Users\Aralia\Desktop\QuickDiag.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Aralia\Desktop\QuickDiag.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User| "UDP Query User{8086F52E-78FA-489A-B2C4-2168ADE624EB}C:\Users\Aralia\Desktop\QuickDiag.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Aralia\Desktop\QuickDiag.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User| [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list] "C:\Users\Aralia\Desktop\QuickDiag.exe"=C:\Users\Aralia\Desktop\QuickDiag.exe:*:Enabled:QuickDiag ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security Accelerator [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C777C165-D422-426D-8EBF-6EAF3FB83ADF}] : (aswNdisFlt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [10/01/2015 03:50:47] - (1.0.1.2) - (TOSHIBA Corporation - TOSHIBA TVALZ Filter Driver) - C:\WINDOWS\System32\Drivers\TVALZFL.sys [15/08/2013 11:13:32] - (2.0.0.3) - (TOSHIBA Corporation - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - C:\WINDOWS\System32\drivers\TVALZ_O.SYS [20/09/2015 04:02:11] - (19.0.16.3) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys [20/09/2015 03:15:22] - (19.0.16.3) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [01/11/2013 12:22:28] - (9.0.928.0) - (TOSHIBA Corporation - TOSHIBA Bluetooth EC Driver) - C:\WINDOWS\System32\drivers\tosrfec.sys [10/01/2015 03:51:31] - (1.0.0.8) - (TOSHIBA Corporation - TOSHIBA Firmware Linkage 64-bit Driver) - C:\WINDOWS\System32\drivers\FwLnk.sys [29/07/2015 15:54:54] - (9.1.0.1) - (Toshiba Corporation - Toshiba Hotkey Driver) - C:\WINDOWS\System32\drivers\Thotkey.sys [15/06/2016 02:32:25] - (5.1.2.248) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\WINDOWS\System32\ATMFD.DLL ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - 3ware () -> System32\drivers\3ware.sys R0 - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys R0 - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys S0 - ADP80XX () -> System32\drivers\ADP80XX.SYS S0 - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys R0 - amdkmpfd (@oem23.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter) -> System32\drivers\amdkmpfd.sys R0 - amdpsp (@oem30.inf,%amdpsp.SVCDESC%;AMD PSP Service) -> system32\DRIVERS\amdpsp.sys S0 - amdsata () -> System32\drivers\amdsata.sys S0 - amdsbs () -> System32\drivers\amdsbs.sys S0 - amdxata () -> System32\drivers\amdxata.sys S0 - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys R0 - aswRvrt (avast! Revert) -> (?) R0 - aswVmm (avast! VM Monitor) -> (?) S0 - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys S0 - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys R0 - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys R0 - CNG () -> System32\Drivers\cng.sys R0 - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys S0 - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys S0 - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys S0 - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys S0 - Fs_Rec () -> (?) R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys S0 - gagp30kx (@agp.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys S0 - HpSAMD () -> System32\drivers\HpSAMD.sys S0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys S0 - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys S0 - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys S0 - intelide () -> System32\drivers\intelide.sys S0 - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys S0 - isapnp () -> System32\drivers\isapnp.sys R0 - KSecDD () -> System32\Drivers\ksecdd.sys R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys S0 - LSI_SAS () -> System32\drivers\lsi_sas.sys S0 - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys S0 - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys S0 - LSI_SSS () -> System32\drivers\lsi_sss.sys S0 - megasas () -> System32\drivers\megasas.sys S0 - megasr () -> System32\drivers\megasr.sys R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys R0 - msisadrv () -> System32\drivers\msisadrv.sys R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys S0 - mvumis () -> System32\drivers\mvumis.sys R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys S0 - nvraid () -> System32\drivers\nvraid.sys S0 - nvstor () -> System32\drivers\nvstor.sys S0 - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys R0 - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys S0 - pciide () -> System32\drivers\pciide.sys S0 - pcmcia () -> System32\drivers\pcmcia.sys R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys R0 - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys S0 - percsas2i () -> System32\drivers\percsas2i.sys S0 - percsas3i () -> System32\drivers\percsas3i.sys R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys S0 - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys S0 - SiSRaid2 () -> System32\drivers\SiSRaid2.sys S0 - SiSRaid4 () -> System32\drivers\sisraid4.sys R0 - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys S0 - stexstor () -> System32\drivers\stexstor.sys R0 - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys S0 - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys S0 - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys S0 - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys S0 - storvsc () -> System32\drivers\storvsc.sys R0 - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys R0 - TVALZ (@oem18.inf,%TVALZ.SvcDesc%;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) -> System32\drivers\TVALZ_O.SYS R0 - TVALZFL (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver) -> System32\Drivers\TVALZFL.sys S0 - uagp35 (@agp.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys S0 - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys R0 - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys S0 - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys R0 - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys R0 - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys S0 - vsmraid () -> System32\drivers\vsmraid.sys S0 - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys R0 - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys R0 - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys R0 - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys R0 - Wof (Windows Overlay File System Filter Driver) -> (?) R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys R1 - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys R1 - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys R1 - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys R1 - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys R1 - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys R1 - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys R1 - Beep (Beep) -> (?) R1 - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys S1 - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys R1 - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys R1 - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys R1 - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys R1 - Msfs () -> (?) R1 - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys R1 - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys R1 - Npfs () -> (?) R1 - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys R1 - Null () -> (?) R1 - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys R1 - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys R2 - AdobeARMservice (Adobe Acrobat Update Service) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" R2 - AMD External Events Utility () -> %SystemRoot%\system32\atiesrxx.exe R2 - aswHwid (avast! HardwareID) -> \SystemRoot\system32\drivers\aswHwid.sys R2 - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys R2 - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys R2 - AudioEndpointBuilder (@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - avast! Antivirus (Avast Antivirus) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" R2 - BcmBtRSupport (@oem13.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service) -> %SystemRoot%\system32\BtwRSupportService.exe R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - BrokerInfrastructure (@%windir%\system32\bisrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - c2cautoupdatesvc (Skype Click to Call Updater) -> "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service R2 - c2cpnrsvc (Skype Click to Call PNR Service) -> "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service R2 - CoreMessagingRegistrar (@%SystemRoot%\system32\coremessaging.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DcomLaunch (@combase.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - DeviceAssociationService (@%SystemRoot%\system32\das.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - DiagTrack (@%SystemRoot%\system32\diagtrack.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService S2 - DoSvc (@%systemroot%\system32\dosvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork R2 - dts_apo_service (DTS APO Service) -> "C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe" R2 - EFS (@%SystemRoot%\system32\efssvc.dll,-100) -> %SystemRoot%\System32\lsass.exe R2 - EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService S2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - gupdate (Google Update Service (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc R2 - IJPLMSVC (Canon Inkjet Printer/Scanner/Fax Extended Survey Program) -> C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys R2 - LSM (@%windir%\system32\lsm.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys S2 - MapsBroker (@%SystemRoot%\System32\moshost.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys R2 - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys R2 - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService S2 - OneSyncSvc (@%SystemRoot%\system32\APHostRes.dll,-10002) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_10289f5e (Hôte de synchronisation_10289f5e) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_17366f4 (Hôte de synchronisation_17366f4) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_18df792 (Hôte de synchronisation_18df792) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_23377e (Hôte de synchronisation_23377e) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_27579d1 (Hôte de synchronisation_27579d1) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_28a2968 (Hôte de synchronisation_28a2968) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_2b9c01b (Hôte de synchronisation_2b9c01b) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_3205c (Hôte de synchronisation_3205c) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_34c45 (Hôte de synchronisation_34c45) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_37306 (Hôte de synchronisation_37306) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_3785f (Hôte de synchronisation_3785f) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_415c8 (Hôte de synchronisation_415c8) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_431e8 (Hôte de synchronisation_431e8) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup R2 - OneSyncSvc_43321 (Hôte de synchronisation_43321) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_48b12 (Hôte de synchronisation_48b12) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_49a5e (Hôte de synchronisation_49a5e) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_4ca748e (Hôte de synchronisation_4ca748e) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_4dfe568 (Hôte de synchronisation_4dfe568) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_517944f (Hôte de synchronisation_517944f) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_57c06f9 (Hôte de synchronisation_57c06f9) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_5bb38 (Hôte de synchronisation_5bb38) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_5f12b28 (Hôte de synchronisation_5f12b28) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_727e1d (Hôte de synchronisation_727e1d) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_75f6058 (Hôte de synchronisation_75f6058) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_94d219b (Hôte de synchronisation_94d219b) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_9787818 (Hôte de synchronisation_9787818) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_cdf1c5 (Hôte de synchronisation_cdf1c5) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS R2 - RpcSs (@combase.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss R2 - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs S2 - SkypeUpdate (Skype Updater) -> "C:\Program Files (x86)\Skype\Updater\Updater.exe" R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe R2 - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc R2 - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys R2 - SynTPEnhService (SynTPEnh Caller Service) -> "C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe" R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - SystemEventsBroker (@%windir%\system32\SystemEventsBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - tbaseprovisioning () -> %SystemRoot%\SysWOW64\tbaseprovisioning.exe R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - tiledatamodelsvc (@%SystemRoot%\system32\tileobjserver.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel R2 - TomTomHOMEService (TomTomHOMEService) -> "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" R2 - TOSHIBA eco Utility Service (TOSHIBA eco Utility Service) -> "C:\Program Files\TOSHIBA\Teco\TecoService.exe" R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - Unchecky (Unchecky) -> "C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe" R2 - UserManager (@%systemroot%\system32\usermgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs S2 - WbioSrvc (@%systemroot%\system32\wbiosrvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k WbioSvcGroup R2 - Wcmsvc (@%SystemRoot%\System32\wcmsvc.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - WlanSvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding ---------- | System files (Microsoft Files whitelisted) [MD5.2C5B3035B86770ADD2FE9BFBAF5B35A4] - [30/10/2015 09:17:22] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys [MD5.F7D0CD345D2DA42E7042ABCD73662403] - [30/10/2015 09:17:22] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys [MD5.221F279A2F5CD903801A0B3E14872B24] - [08/10/2015 22:34:13] - (.© Advanced Micro Devices. - AMD ACP Binaries.) - [309.22 Ko] - (2.15.30.19) - C:\WINDOWS\System32\Drivers\amdacpksd.sys [MD5.C3E8F88B4D196110673DA03E2E95D83B] - [05/05/2014 04:24:19] - (.(C) 2012-2013 Advanced Micro Devices, INC. - AMD AS4 Driver.) - [17.23 Ko] - (1.1.0.22) - C:\WINDOWS\System32\Drivers\AmdAS4.sys [MD5.63DBE05B7EE2040F3E4C443057150D75] - [23/06/2015 19:39:28] - (.Copyright (c) 2013 - 2015 Advanced Micro Devices, Inc. - amdkmcsp sys.) - [98.73 Ko] - (2.21.0.0) - C:\WINDOWS\System32\Drivers\amdkmcsp.sys [MD5.C04F35935BF6274F5593B78C7B295760] - [10/01/2015 03:32:13] - (.Copyright (C) 2011 Advanced Micro Devices, Inc. - AMD PCI Root Bus Lower Filter.) - [35.75 Ko] - (8.14.1.6020) - C:\WINDOWS\System32\Drivers\amdkmpfd.sys [MD5.A6A2F105FCCEF4CC07CD61CC004D8951] - [23/06/2015 19:39:28] - (.Copyright (c) 2013 - 2015 Advanced Micro Devices, Inc. - amdpsp sys.) - [270.74 Ko] - (2.21.0.0) - C:\WINDOWS\System32\Drivers\amdpsp.sys [MD5.5B30BCFE6E02E45D3EE268FF001BC5E0] - [30/10/2015 09:17:22] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys [MD5.F20B30F35A5C7888441B4DCA001ECF8E] - [30/10/2015 09:17:22] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys [MD5.AFE838D7576C581D6483529621AB10CC] - [30/10/2015 09:17:22] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys [MD5.E3FE8F610B1CC12BC3B2E6BC43DC97E2] - [30/10/2015 09:17:22] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys [MD5.A629E4799D4CD6361D1B5D573EA5C2CD] - [09/05/2015 19:18:37] - (.Copyright (c) 2014 AVAST Software - avast! HWID.) - [36.77 Ko] - (12.1.3076.0) - C:\WINDOWS\System32\Drivers\aswHwid.sys [MD5.9C6C17C495E960E52EDE5D038EE92AE1] - [09/05/2015 19:18:37] - (.Copyright (c) 2014 AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) - [105.77 Ko] - (12.1.3076.0) - C:\WINDOWS\System32\Drivers\aswMonFlt.sys [MD5.8F492911129B1B32818BF894DC0C2C73] - [09/05/2015 19:18:37] - (.Copyright (c) 2014 AVAST Software - avast! WFP Redirect Driver.) - [100.65 Ko] - (12.1.3076.0) - C:\WINDOWS\System32\Drivers\aswRdr2.sys [MD5.4ABDD84A67378E866BC15DDC9916BA71] - [09/05/2015 19:18:37] - (.Copyright (c) 2014 AVAST Software - avast! Revert.) - [72.8 Ko] - (12.1.3076.0) - C:\WINDOWS\System32\Drivers\aswRvrt.sys [MD5.409CDD1400B404F655EEC1B5850FD3BE] - [09/05/2015 19:18:37] - (.Copyright (c) 2014 AVAST Software - avast! Virtualization Driver.) - [1045.8 Ko] - (12.1.3076.0) - C:\WINDOWS\System32\Drivers\aswSnx.sys [MD5.CDB1BE967AFF65D8395B6DF2EA8CBCCF] - [09/05/2015 19:18:37] - (.Copyright (c) 2014 AVAST Software - avast! self protection module.) - [462.49 Ko] - (12.1.3076.7) - C:\WINDOWS\System32\Drivers\aswsp.sys [MD5.F6B5E463A0BB934C26FB319EDC726F65] - [09/05/2015 19:18:37] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [159.09 Ko] - (12.1.3076.0) - C:\WINDOWS\System32\Drivers\aswStm.sys [MD5.DA7B392FB478EB42BE925433D27940F8] - [09/05/2015 19:18:37] - (.Copyright (c) 2014 AVAST Software - avast! VM Monitor.) - [283.29 Ko] - (12.1.3076.0) - C:\WINDOWS\System32\Drivers\aswVmm.sys [MD5.0966FD5BAB1F9BE200875E9EED0A0A13] - [28/05/2015 16:00:44] - (.© Advanced Micro Devices. - AMD High Definition Audio Function Driver.) - [100.5 Ko] - (10.0.0.0) - C:\WINDOWS\System32\Drivers\AtihdWT6.sys [MD5.87619BBB5DB23AD12D717FBA15F1CE07] - [08/10/2015 22:34:22] - (.Copyright (C) 1998-2012 Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - [21146.02 Ko] - (8.1.1.1500) - C:\WINDOWS\System32\Drivers\atikmdag.sys [MD5.5F72D93E780AB93609070182ECB50338] - [08/10/2015 22:34:26] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) - [670 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\Drivers\atikmpag.sys [MD5.6FED40EC0DB11DF1B2AD08621FBDDED6] - [27/03/2015 19:33:14] - (.Copyright (C) 2000-2012, Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) - [169.25 Ko] - (12.0.1.410) - C:\WINDOWS\System32\Drivers\bcbtums.sys [MD5.3F5523DCEFE42B385659C5CB46A6B810] - [30/10/2015 09:17:22] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys [MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [30/10/2015 09:17:22] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys [MD5.F911E9C5539145C842BBC33C2C124298] - [10/01/2015 03:44:08] - (.1998-2012, Broadcom Corp. All Rights Rsvd - Broadcom 802.11 Network Adapter wireless driver.) - [7368.17 Ko] - (6.30.223.227) - C:\WINDOWS\System32\Drivers\BCMWL63a.SYS [MD5.8B8B304DF17084338326BC4ACC2716C5] - [27/03/2015 19:33:20] - (.Copyright (C) 2000-2012, Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter.) - [183.75 Ko] - (12.0.1.410) - C:\WINDOWS\System32\Drivers\btwampfl.sys [MD5.6447BA6FA709514B6C803D159B4C7D1E] - [30/10/2015 09:17:22] - (.(c) COPYRIGHT 2001-2012 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [518.84 Ko] - (7.4.14.0) - C:\WINDOWS\System32\Drivers\bxvbda.sys [MD5.491275B864B704B54EC08168344E0F38] - [30/10/2015 09:17:22] - (.(c) COPYRIGHT 2014-2015 QLogic Corporation - QLogic 10 GigE VBD.) - [3356.34 Ko] - (7.12.2.3) - C:\WINDOWS\System32\Drivers\evbda.sys [MD5.114920A7332F358AFA448F49EB107AB9] - [10/01/2015 03:51:31] - (.Copyright (c) TOSHIBA Corp. 2013 - TOSHIBA Firmware Linkage 64-bit Driver.) - [9 Ko] - (1.0.0.8) - C:\WINDOWS\System32\Drivers\FwLnk.sys [MD5.FF442DCDCE1F6E9FAA9C8AD0CD1D199B] - [30/10/2015 09:17:22] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys [MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [30/10/2015 09:17:18] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys [MD5.59A20F5AD9F4AE54098154359519408E] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [162 Ko] - (30.63.1519.7) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys [MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys [MD5.EB82A11613326691508D9ED9A4FE29E7] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys [MD5.6B0029A0253098CCE28EACCFDB9E7208] - [30/10/2015 09:17:22] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys [MD5.9652E1E35A92D8C75710C17A63B15796] - [30/10/2015 09:17:22] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys [MD5.FFADF691F7BF727AF5C863454A372723] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [414.84 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\ibbus.sys [MD5.961F28D879D345BFA50AF51285C90F2E] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys [MD5.6BFB8D1B3407518BE06B6F81F92FA0F5] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [102.34 Ko] - (2.0.76.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys [MD5.BE0E47988D78F731DEC2C0CB03E765CB] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [96.84 Ko] - (2.50.96.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys [MD5.F99BF02BE9219986817BF094981EEB18] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys [MD5.78BFF5425E044086E74E78650A359FBB] - [04/07/2016 19:59:12] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [26.38 Ko] - (0.1.16.0) - C:\WINDOWS\System32\Drivers\mbam.sys [MD5.1239597BAB7EED2BB16D035AF87E65D9] - [04/07/2016 19:59:12] - (.© Malwarebytes. - Malwarebytes Chameleon Protection Driver.) - [137.38 Ko] - (1.1.22.0) - C:\WINDOWS\System32\Drivers\mbamchameleon.sys [MD5.78488AF2AB2111D67B3C4044707A519B] - [04/07/2016 19:59:44] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [187.71 Ko] - (0.3.0.4) - C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [MD5.2ED29B635F35E31A1C0D3DDB7DD2AD03] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys [MD5.22E3CB85870879CBAE13C5095A8B12E3] - [30/10/2015 09:17:23] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys [MD5.D41920FBFFF2BBCBBC69A5B383AD022E] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [688.84 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys [MD5.218705233D02776AE4D19CC37D985C1B] - [30/10/2015 09:17:23] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys [MD5.898415AC0B5F1D2A9A48ABCB68A6DC4B] - [04/07/2016 19:59:12] - (.© Malwarebytes Corporation. - Malwarebytes Web Access Control.) - [63.88 Ko] - (1.0.6.0) - C:\WINDOWS\System32\Drivers\mwac.sys [MD5.B57CE307DA101C739885B7CC0678077F] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [74.34 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys [MD5.604D27CC38CC23493F218D0BB834B3FF] - [30/10/2015 09:17:23] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys [MD5.8B50D897657AB4A15FD9E251BBF7D107] - [30/10/2015 09:17:23] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys [MD5.1398A85E59698067CBBE1D66A9C13ADF] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2014 - MEGASAS RAID Controller Driver for Windows.) - [56.84 Ko] - (6.803.21.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys [MD5.35F7C7AD709D909D618D9EDF987FC3ED] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.602.12.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys [MD5.7CC0D898D00675F14BA0C4BF056C1CF4] - [10/01/2015 03:42:20] - (.Copyright (C) 2013 Realtek Semiconductor Corporation. All Right Reserved. - Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver .) - [820.21 Ko] - (8.24.1218.2013) - C:\WINDOWS\System32\Drivers\Rt630x64.sys [MD5.3D2128DB25312418FEF7AC2844F5F50B] - [10/01/2015 03:36:32] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [3773.59 Ko] - (6.0.1.7173) - C:\WINDOWS\System32\Drivers\RTKVHD64.sys [MD5.C8173EAA7EDAC1DB9063139A5FD57BF4] - [05/06/2015 11:12:54] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8.) - [303.25 Ko] - (6.3.9600.29088) - C:\WINDOWS\System32\Drivers\RtsP2Stor.sys [MD5.ABBE803FE0BDAE0E5BE74DDEFBE62F23] - [30/10/2015 09:17:23] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys [MD5.6043DF55CFE3C7ACF477645FA64DEA98] - [30/10/2015 09:17:23] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys [MD5.039936230D3F54BC0BABF115DE5D365A] - [20/09/2015 03:15:22] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics SMBus Driver.) - [41.2 Ko] - (19.0.16.3) - C:\WINDOWS\System32\Drivers\Smb_driver_AMDASF.sys [MD5.039936230D3F54BC0BABF115DE5D365A] - [20/09/2015 04:02:03] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics SMBus Driver.) - [41.2 Ko] - (19.0.16.3) - C:\WINDOWS\System32\Drivers\Smb_driver_AMDASF_Aux.sys [MD5.AFD8361E4BEB91D0F4BCA30272C80C31] - [20/09/2015 04:02:03] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics SMBus Driver.) - [41.7 Ko] - (19.0.16.3) - C:\WINDOWS\System32\Drivers\Smb_driver_Intel_Aux.sys [MD5.CCDA497C880AD16D87EDFAEFCFB2EDF5] - [30/10/2015 09:17:23] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys [MD5.335776A556ADBFCDC5FBEB39B1B9E3D3] - [20/09/2015 04:02:11] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics Touchpad Win64 Driver.) - [604.2 Ko] - (19.0.16.3) - C:\WINDOWS\System32\Drivers\SynTP.sys [MD5.04F4382FF6CF40F4DB99EF01448AAAF5] - [29/07/2015 15:54:54] - (.Copyright © 2015 TOSHIBA Corporation. - Toshiba Hotkey Driver.) - [53.15 Ko] - (9.1.0.1) - C:\WINDOWS\System32\Drivers\Thotkey.sys [MD5.A884A627C0B6E8B238759FC73C1AAAAF] - [01/11/2013 12:22:28] - (.Copyright (C)1999-2012, TOSHIBA Corporation. - TOSHIBA Bluetooth EC Driver.) - [26.4 Ko] - (9.0.928.0) - C:\WINDOWS\System32\Drivers\tosrfec.sys [MD5.5BD389925662396A52AEB64901D3C952] - [18/12/2015 21:40:47] - (.-.) - [30.13 Ko] - (2.0.1.0) - C:\WINDOWS\System32\Drivers\TrueSight.sys [MD5.7B05B5B492E6E248C2B38CD04B4D3A96] - [10/01/2015 03:50:47] - (.Copyright (C) 2008-2013 TOSHIBA Corporation - TOSHIBA TVALZ Filter Driver.) - [16.8 Ko] - (1.0.1.2) - C:\WINDOWS\System32\Drivers\TVALZFL.sys [MD5.54BDBF3D4DED58DA78B702471C68D4CA] - [15/08/2013 11:13:32] - (.Copyright (C) 2006-2009 TOSHIBA Corporation - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver.) - [32.06 Ko] - (2.0.0.3) - C:\WINDOWS\System32\Drivers\TVALZ_O.SYS [MD5.D48ED0A08BD2FD25A833E6AC99623091] - [30/10/2015 09:17:23] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys [MD5.6990D4AFDF545669D4E6C232F26DE1FB] - [30/10/2015 09:17:23] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS [MD5.4A53441C1C4D2878BEF27E381138BB2D] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [26.34 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\winmad.sys [MD5.40A3E8D729F458B2C9A8BD9380FF83D5] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [57.84 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\winverbs.sys ---------- | Uninstall [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\8e10483dd925454a4db40976edf96769] : (.-.) -> [HKU\S-1-5-21-93316058-2836923639-1887713213-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Songr] : (Songr.-.Xamasoft) -> C:\Users\Aralia\AppData\Local\Songr\Uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\7-Zip] : (7-Zip 16.02 (x64).-.Igor Pavlov) -> C:\Program Files\7-Zip\Uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Broadcom 802.11 Network Adapter] : (Broadcom 802.11 Network Adapter.-.Broadcom Corporation) -> "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter" driver [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Speccy] : (Speccy.-.Piriform) -> "C:\Program Files\Speccy\uninst.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SynTPDeinstKey] : (Synaptics Pointing Device Driver.-.Synaptics Incorporated) -> rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Unlocker] : (Unlocker 1.9.2.-.Cedrick Collomb) -> C:\Program Files\Unlocker\uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0060BA9B-B068-3324-BD81-E0754D9D5E51}] : (AMD Start Now.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}] : (TOSHIBA Start Screen Option.-.Toshiba Corporation) -> MsiExec.exe /X{06B71035-F19F-4F76-9875-FFCCD4FC3F83} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0B39C39A-3ECE-4582-9C91-842D22819A24}] : (TOSHIBA Display Utility.-.Toshiba Corporation) -> MsiExec.exe /X{0B39C39A-3ECE-4582-9C91-842D22819A24} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series] : (Canon MP280 series MP Drivers.-.) -> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series /L0x000c [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}] : (TOSHIBA Function Key.-.Toshiba Corporation) -> MsiExec.exe /X{1844CFE2-EBA3-490A-8A5E-9BFC646342FD} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1C9A24E0-CA21-414D-8D21-22BF8981FC9F}] : (Adblock Plus pour IE (32-bits et 64-bits).-.Eyeo GmbH) -> MsiExec.exe /X{1C9A24E0-CA21-414D-8D21-22BF8981FC9F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{373B90E1-A28C-434C-92B6-7281AFA6115A}] : (WOT pour Internet Explorer.-.WOT Services Oy) -> MsiExec.exe /X{373B90E1-A28C-434C-92B6-7281AFA6115A} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{67A59C73-4786-E304-BE89-20DB7E0BDB29}] : (AMD Accelerated Video Transcoding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{67A59C73-4786-E304-BE89-20DB7E0BDB29} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8DB698FB-2E57-A223-0169-911CA8736440}] : (PSP Application.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{8DB698FB-2E57-A223-0169-911CA8736440} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{94D2A899-0C34-4420-880E-AE337E635AB0}] : (TOSHIBA eco Utility.-.Toshiba Corporation) -> MsiExec.exe /X{94D2A899-0C34-4420-880E-AE337E635AB0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{99213849-249E-7726-EBA7-ADFCA48E2246}] : (AMD Catalyst Install Manager.-.Advanced Micro Devices, Inc.) -> msiexec /q/x{99213849-249E-7726-EBA7-ADFCA48E2246} REBOOT=ReallySuppress [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}] : (TOSHIBA PC Health Monitor.-.Toshiba Corporation) -> MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}] : (TOSHIBA Service Station.-.Toshiba Corporation) -> MsiExec.exe /X{BFE4C813-4DD4-4B1C-97F4-76A459055C8D} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C4CDCEF0-0A7A-4425-887C-33E39533D758}] : (TOSHIBA Desktop Assist.-.Toshiba Corporation) -> MsiExec.exe /X{C4CDCEF0-0A7A-4425-887C-33E39533D758} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C51DCF0E-EDC6-C863-A623-0936DB107904}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}] : (WinZip 20.0.-.WinZip Computing, S.L.) -> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 21 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Avast] : (Avast Antivirus Gratuit.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CANONIJPLM100] : (Canon Inkjet Printer/Scanner/Fax Extended Survey Program.-.) -> C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CanonMyPrinter] : (Canon My Printer.-.) -> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CanonSolutionMenuEX] : (Canon Solution Menu EX.-.) -> "C:\Program Files (x86)\Canon\Solution Menu EX\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\Solution Menu EX\uninst.ini [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Easy-LayoutPrint] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Easy-PhotoPrint EX] : (Canon Easy-PhotoPrint EX.-.) -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Enregistrement utilisateur de Canon MP280 series] : (Enregistrement utilisateur de Canon MP280 series.-.) -> C:\Program Files (x86)\Canon\IJEREG\MP280 series\UNINST.EXE [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\Installer\setup.exe" --uninstall --multi-install --chrome --system-level [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] : (Malwarebytes Anti-Malware version 2.2.1.1043.-.Malwarebytes) -> "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 47.0.1 (x86 fr)] : (Mozilla Firefox 47.0.1 (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MP Navigator EX 4.0] : (Canon MP Navigator EX 4.0.-.) -> "C:\Program Files (x86)\Canon\MP Navigator EX 4.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 4.0\uninst.ini [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MyDriveConnect] : (TomTom MyDrive Connect 4.1.0.2658.-.TomTom) -> C:\Program Files (x86)\MyDrive Connect\Uninstall TomTom MyDrive Connect.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Revo Uninstaller] : (Revo Uninstaller 1.95.-.VS Revo Group) -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamViewer] : (TeamViewer 11.-.TeamViewer) -> C:\Program Files (x86)\TeamViewer\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Unchecky] : (Unchecky v0.4.3.-.RaMMicHaeL) -> "C:\Program Files (x86)\Unchecky\Uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-genres] : (.-.WildTangent, Inc.) -> "C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\Uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-main] : (.-.WildTangent, Inc.) -> "C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\Uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-touch] : (.-.WildTangent, Inc.) -> "C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - touch\Uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\winsearch] : (Yahoo! Powered.-.) -> "C:\Users\Aralia\AppData\Local\{16E920B5-3241-4C0D-5FD9-69E57BB1957D}\uninst.exe" -FN="C:\Users\Aralia\AppData\Local\{16B4200F-33E6-4D79-58D0-6AAB84029795}\synctask.exe"-P=/Uninstall /s /noun /DelSelfDir [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\XnView_is1] : (XnView 2.32.-.Gougelet Pierre-e) -> "C:\Program Files (x86)\XnView\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ZHPFix_is1] : (ZHPFix 2015.-.Nicolas Coolman) -> "C:\Program Files (x86)\ZHPFix\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{036B9DA5-5D6F-8805-8519-B2A8631ECF40}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07443BEC-D674-7604-AD94-AC09F7D9E106}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{09A70E81-6B61-E33E-6860-746414BD72E9}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0F412FEE-D8AF-37F3-8A0F-8772FF4E4BD3}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11E172B2-901D-7BE4-04B1-7663939FBDFD}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] : (Google Toolbar for Internet Explorer.-.Google Inc.) -> MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E6A96A1-2BAB-43EF-8087-30437593C66C}] : (TOSHIBA System Driver.-.Toshiba Corporation) -> MsiExec.exe /X{1E6A96A1-2BAB-43EF-8087-30437593C66C} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] : (Google Toolbar for Internet Explorer.-.Google Inc.) -> "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F3B2E431EE169D71.exe" /uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{30DEC598-FF27-B09B-AF84-85E3242DBB63}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3EC111E8-61FD-3DD6-F6D1-DFC744B36776}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4412F224-3849-4461-A3E9-DEEF8D252790}] : (Visual Studio C++ 10.0 Runtime.-.TomTom International B.V.) -> MsiExec.exe /I{4412F224-3849-4461-A3E9-DEEF8D252790} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{45BA0847-2371-DE76-2C8E-26A581ABBB96}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A7C1A78-CEF6-AFAD-4877-E4975BECB010}] : (Catalyst Control Center Graphics Previews Common.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4AF7B472-A1D9-55AB-EE62-E04525366A96}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4B1C97BA-5820-C4AA-04DD-C23AB0D77E32}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}] : (TOSHIBA System Settings.-.Toshiba Corporation) -> MsiExec.exe /X{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{59071464-DAEE-11E3-9080-00163E98E7D0}] : (Evernote v. 5.4.-.Evernote Corp.) -> MsiExec.exe /X{59071464-DAEE-11E3-9080-00163E98E7D0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\Setup.exe" -runfromtemp -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}] : (TomTom HOME.-.Nom de votre société) -> MsiExec.exe /I{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{613426BE-94AE-81E7-C1E8-837E32004ED8}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{628A874E-005E-F15A-6988-7515294CCC76}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{67A19706-FE77-5C7F-2208-7097982AFDD0}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6CF90C5E-38BF-0C39-6032-87312FFC1D47}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{709316AD-161C-4D5C-9AE7-0B3A822DA271}] : (Google Drive.-.Google, Inc.) -> MsiExec.exe /X{709316AD-161C-4D5C-9AE7-0B3A822DA271} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7D5EC21D-54FA-7549-844B-881D4BC89124}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver.-.Realtek) -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{895D0391-459F-4D45-B8DD-13F0DE70C66E}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8D571645-AB9B-FC86-D985-7350BB5D71EA}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}] : (TomTom HOME Visual Studio Merge Modules.-.TomTom International B.V.) -> MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}] : (TOSHIBA Manuals.-.TOSHIBA) -> "C:\Program Files (x86)\InstallShield Installation Information\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{99A395EF-A310-40BB-B7A3-E3FF07CC38FC}] : (LibreOffice 4.4.2.2.-.The Document Foundation) -> MsiExec.exe /I{99A395EF-A310-40BB-B7A3-E3FF07CC38FC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}] : (DTS Sound.-.DTS, Inc.) -> MsiExec.exe /X{9B17BBEC-CF31-4C23-949E-E65A14365CE1} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9C131572-AF7D-8DD1-CA2D-43E7C2A040DB}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9F41C954-7FDE-23EC-28FA-7022E4AB8CBC}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A1EE965D-A02D-EB1A-2A17-7D2473581963}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824161310}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824166751}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824184103}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824191728}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824191728} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AD29E049-CAA6-4EC0-9553-19B375DB8658}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{AD29E049-CAA6-4EC0-9553-19B375DB8658} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B0F1B758-60D6-41F7-93D9-212A448813FE}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B1786E63-C1C7-42EF-9D0A-7B3F7B470C88}] : (TOSHIBA Password Utility.-.Toshiba Corporation) -> "C:\Program Files (x86)\InstallShield Installation Information\{B1786E63-C1C7-42EF-9D0A-7B3F7B470C88}\setup.exe" -runfromtemp -l0x0409 -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B651C000-4CAA-E2BB-5B5C-C9ADF590F6EA}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}] : (TOSHIBA Recovery Media Creator.-.Toshiba Corporation) -> C:\Program Files (x86)\InstallShield Installation Information\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}\setup.exe -runfromtemp -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B92C82A9-F8D2-5E24-BA44-2402DE8260D0}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CB6A9271-B941-651B-6FCD-9BE6FC42CE3C}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CC329C8C-4065-2816-0203-53AE3017C212}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D42F0194-203E-354A-88B2-43AA0DC2F4B6}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}] : (Toshiba TEMPRO.-.Toshiba Europe GmbH) -> MsiExec.exe /X{E4C7D9D7-19D4-4623-AF0C-EA313C466411} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F7393448-7A8B-BF45-31A0-B8322D857440}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{f761359c-9ced-45ae-9a51-9d6605cd55c4}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F9B579C2-D854-300A-BE62-A09EB9D722E4}] : (Google Talk Plugin.-.Google) -> MsiExec.exe /I{F9B579C2-D854-300A-BE62-A09EB9D722E4} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.25.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6} ---------- | Installer [HKCR\Installer\Products\000C156BAAC4BB2EB5C59CDA5F096FAE] : CCC Help Czech -> C:\Windows\Installer\{B651C000-4CAA-E2BB-5B5C-C9ADF590F6EA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0E42A9C112ACD414D81222FB9818CFF9] : Adblock Plus pour IE (32-bits et 64-bits) -> C:\WINDOWS\Installer\{1C9A24E0-CA21-414D-8D21-22BF8981FC9F}\program_icon [HKCR\Installer\Products\0FECDC4CA7A0524488C7333E59337D85] : TOSHIBA Desktop Assist -> C:\Windows\Installer\{C4CDCEF0-0A7A-4425-887C-33E39533D758}\ARPPRODUCTICON.exe [HKCR\Installer\Products\166F59DC4C5A5F446AAACEDD192C04FE] : WinZip 20.0 [HKCR\Installer\Products\1729A6BC149BB156F6DCB96ECF24ECC3] : CCC Help English -> C:\Windows\Installer\{CB6A9271-B941-651B-6FCD-9BE6FC42CE3C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0] : Google Toolbar for Internet Explorer [HKCR\Installer\Products\18E07A9016B6E33E8606474641DB279E] : CCC Help Portuguese -> C:\Windows\Installer\{09A70E81-6B61-E33E-6860-746414BD72E9}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1A69A6E1BAB2FE340878033457396CC6] : TOSHIBA System Driver -> C:\Windows\Installer\{1E6A96A1-2BAB-43EF-8087-30437593C66C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1E09B373C82AC434296B2718FA6A11A5] : WOT pour Internet Explorer -> C:\WINDOWS\Installer\{373B90E1-A28C-434C-92B6-7281AFA6115A}\ProductIcon [HKCR\Installer\Products\274B7FA49D1ABA55EE260E545263A669] : Catalyst Control Center Localization All -> C:\Windows\Installer\{4AF7B472-A1D9-55AB-EE62-E04525366A96}\ARPPRODUCTICON.exe [HKCR\Installer\Products\275131C9D7FA1DD8ACD2347E2C0A04BD] : CCC Help Spanish -> C:\Windows\Installer\{9C131572-AF7D-8DD1-CA2D-43E7C2A040DB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\27DE75D410B6DB04C99A10B2F80CC9BE] : TOSHIBA System Settings -> C:\Windows\Installer\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2B271E11D1094EB7401B673639F9DBDF] : CCC Help Greek -> C:\Windows\Installer\{11E172B2-901D-7BE4-04B1-7663939FBDFD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2EFC44813ABEA094A8E5B9CF463624DF] : TOSHIBA Function Key -> C:\Windows\Installer\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\318C4EFB4DD4C1B4794F674A9550C5D8] : TOSHIBA Service Station -> C:\Windows\Installer\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}\Main.ico [HKCR\Installer\Products\37C95A766874403EEB9802BDE7B0BD92] : AMD Accelerated Video Transcoding -> C:\Windows\Installer\{67A59C73-4786-E304-BE89-20DB7E0BDB29}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3BE2BCD5DA78E624D847B8299C7D134C] : TomTom HOME -> C:\WINDOWS\Installer\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\422F2144948316443A9EEDFED8527209] : Visual Studio C++ 10.0 Runtime [HKCR\Installer\Products\459C14F9EDF7CE3282AF07224EBAC8CB] : CCC Help Italian -> C:\Windows\Installer\{9F41C954-7FDE-23EC-28FA-7022E4AB8CBC}\ARPPRODUCTICON.exe [HKCR\Installer\Products\46417095EEAD3E1109080061E3897E0D] : Evernote v. 5.4 -> C:\Windows\Installer\{59071464-DAEE-11E3-9080-00163E98E7D0}\Evernote.ico [HKCR\Installer\Products\4910F24DE302A453882B34AAD02C4F6B] : CCC Help Chinese Traditional -> C:\Windows\Installer\{D42F0194-203E-354A-88B2-43AA0DC2F4B6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\52744B0D6663D294EB6F85A741DBB99D] : MSVCRT_amd64 [HKCR\Installer\Products\53017B60F91F67F48957FFCC4DCFF338] : TOSHIBA Start Screen Option -> C:\Windows\Installer\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}\ARPPRODUCTICON.exe [HKCR\Installer\Products\546175D8B9BA68CF9D583705BBD517AE] : CCC Help Hungarian -> C:\Windows\Installer\{8D571645-AB9B-FC86-D985-7350BB5D71EA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5AD9B630F6D5508858912B8A36E1FC04] : CCC Help Chinese Standard -> C:\Windows\Installer\{036B9DA5-5D6F-8805-8519-B2A8631ECF40}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5C13C3F8A3C98AA4E8AF1792A0A75D33] : TomTom HOME Visual Studio Merge Modules [HKCR\Installer\Products\60791A7677EFF7C52280077989A2DF0D] : CCC Help Finnish -> C:\Windows\Installer\{67A19706-FE77-5C7F-2208-7097982AFDD0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA408033019195008142917182] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824191728}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\7480AB54173267EDC2E8625A18BABB69] : CCC Help Turkish -> C:\Windows\Installer\{45BA0847-2371-DE76-2C8E-26A581ABBB96}\ARPPRODUCTICON.exe [HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.25 -> C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10 [HKCR\Installer\Products\7D9D7C4E4D913264FAC0AE13C3644611] : Toshiba TEMPRO [HKCR\Installer\Products\7E0BA6F1DDC839B4A832AAE92BEFCF4E] : Junk Mail filter update [HKCR\Installer\Products\8443937FB8A754FB130A8B23D2584704] : CCC Help Swedish -> C:\Windows\Installer\{F7393448-7A8B-BF45-31A0-B8322D857440}\ARPPRODUCTICON.exe [HKCR\Installer\Products\87A1C7A46FECDAFA84774E79B5CE0B01] : Catalyst Control Center Graphics Previews Common -> C:\Windows\Installer\{4A7C1A78-CEF6-AFAD-4877-E4975BECB010}\ARPPRODUCTICON.exe [HKCR\Installer\Products\895CED0372FFB90BFA48583E42D2BB36] : Catalyst Control Center InstallProxy -> C:\Windows\Installer\{30DEC598-FF27-B09B-AF84-85E3242DBB63}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8E111CE3DF166DD36F1DFD7C443B7667] : AMD Catalyst Control Center -> C:\Windows\Installer\{3EC111E8-61FD-3DD6-F6D1-DFC744B36776}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\940E92DA6AAC0CE45935913B57BD6885] : Catalyst Control Center - Branding -> C:\Windows\Installer\{AD29E049-CAA6-4EC0-9553-19B375DB8658}\ARPPRODUCTICON.exe [HKCR\Installer\Products\94831299E9426277BE7ADACF4AE82264] : AMD Catalyst Install Manager -> C:\Windows\Installer\{99213849-249E-7726-EBA7-ADFCA48E2246}\ARPPRODUCTICON.exe [HKCR\Installer\Products\998A2D4943C0024488E0EA33E736A50B] : TOSHIBA eco Utility -> C:\Windows\Installer\{94D2A899-0C34-4420-880E-AE337E635AB0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9A1221D6FB710CE4182F723DE03C7010] : Skype Click to Call -> C:\WINDOWS\Installer\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}\ICON_PRODUCT [HKCR\Installer\Products\9A28C29B2D8F42E5AB444220ED28060D] : CCC Help French -> C:\Windows\Installer\{B92C82A9-F8D2-5E24-BA44-2402DE8260D0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9F0DCED98E3D0B843A09C10FF9453E4A] : TOSHIBA PC Health Monitor -> C:\Windows\Installer\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT [HKCR\Installer\Products\A93C93B0ECE32854C91948D22218A942] : TOSHIBA Display Utility -> C:\WINDOWS\Installer\{0B39C39A-3ECE-4582-9C91-842D22819A24}\ARPPRODUCTICON.exe [HKCR\Installer\Products\AB79C1B40285AA4C40DD2CA30B7DE723] : CCC Help Thai -> C:\Windows\Installer\{4B1C97BA-5820-C4AA-04DD-C23AB0D77E32}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B9AB0600860B4233DB180E57D4D9E515] : AMD Start Now -> C:\Windows\Installer\{0060BA9B-B068-3324-BD81-E0754D9D5E51}\ARPPRODUCTICON.exe [HKCR\Installer\Products\BF896BD875E2322A109619C18A374604] : PSP Application -> C:\Windows\Installer\{8DB698FB-2E57-A223-0169-911CA8736440}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C8C923CC56046182203035EA03712C21] : CCC Help Norwegian -> C:\Windows\Installer\{CC329C8C-4065-2816-0203-53AE3017C212}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CEB34470476D4067DA49CA907F9D1E60] : CCC Help Danish -> C:\Windows\Installer\{07443BEC-D674-7604-AD94-AC09F7D9E106}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CEBB71B913FC32C449E96EA54163C51E] : DTS Sound -> C:\Windows\Installer\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D12CE5D7AF45945748B488D1B48C1942] : CCC Help Polish -> C:\Windows\Installer\{7D5EC21D-54FA-7549-844B-881D4BC89124}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D569EE1AD20AA1BEA271D74237859136] : CCC Help Japanese -> C:\Windows\Installer\{A1EE965D-A02D-EB1A-2A17-7D2473581963}\ARPPRODUCTICON.exe [HKCR\Installer\Products\DA613907C161C5D4A97EB0A328D22A17] : Google Drive -> C:\WINDOWS\Installer\{709316AD-161C-4D5C-9AE7-0B3A822DA271}\DriveIcon [HKCR\Installer\Products\E0FCD15C6CDE368C6A329063BD019740] : ccc-utility64 -> C:\Windows\Installer\{C51DCF0E-EDC6-C863-A623-0936DB107904}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E478A826E500A51F9688575192C4CC67] : CCC Help Russian -> C:\Windows\Installer\{628A874E-005E-F15A-6988-7515294CCC76}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E5C09FC6FB8393C006237813F2CFD174] : CCC Help Korean -> C:\Windows\Installer\{6CF90C5E-38BF-0C39-6032-87312FFC1D47}\ARPPRODUCTICON.exe [HKCR\Installer\Products\EB624316EA497E181C8E38E72300E48D] : CCC Help Dutch -> C:\Windows\Installer\{613426BE-94AE-81E7-C1E8-837E32004ED8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\EEF214F0FA8D3F73A8F07827FFE4B43D] : CCC Help German -> C:\Windows\Installer\{0F412FEE-D8AF-37F3-8A0F-8772FF4E4BD3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FE593A99013ABB047B3A3EFF70CC83CF] : LibreOffice 4.4.2.2 -> C:\Windows\Installer\{99A395EF-A310-40BB-B7A3-E3FF07CC38FC}\soffice.ico ---------- | ADS ---------- | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Windows Information: (build 9200), 64-bit Base Board Manufacturer: TOSHIBA BIOS Manufacturer: Insyde Corp. System Manufacturer: TOSHIBA System Product Name: SATELLITE C70D-B Logical Drives Mask: 0x000000fc Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x1730 Heure de début de l’application défaillante : 0x01d1dffff8c9fe7f Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 0176a4c6-b3da-4c9a-8436-04b5b9b2e553 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0xa28 Heure de début de l’application défaillante : 0x01d1dffe218a0496 Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : fd325db0-2639-4692-934d-a72d2cadf151 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x16f0 Heure de début de l’application défaillante : 0x01d1df8903b7d0e2 Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : dab57852-1d40-41b8-b215-67421cb7ee70 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x1adc Heure de début de l’application défaillante : 0x01d1df46c77ea660 Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : a474bd3a-0c60-4d02-b7c4-110414c961ac Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x1bc8 Heure de début de l’application défaillante : 0x01d1df37397d1b3d Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 3205160f-9b4e-41a2-bb45-e7f6d596d574 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x964 Heure de début de l’application défaillante : 0x01d1ded59c93fcd1 Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 26426872-4efc-48e2-b7c0-a4109bd6030a Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x19a8 Heure de début de l’application défaillante : 0x01d1dead751f95ca Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : b91e5897-b89d-4193-b66f-83fd9dce68f1 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x19b8 Heure de début de l’application défaillante : 0x01d1de9a3f60e141 Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : dfd0fc1a-4757-425e-83cc-5176850e0518 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Windows ne parvient pas à charger la DLL de compteur extensible rdyboost. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante IEXPLORE.EXE, version : 11.0.10586.494, horodatage : 0x5775e39f Nom du module défaillant : WOT.dll_unloaded, version : 15.6.9.0, horodatage : 0x55768cff Code d’exception : 0xc0000005 Décalage d’erreur : 0x0003ec6b ID du processus défaillant : 0x1634 Heure de début de l’application défaillante : 0x01d1de021b067066 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Chemin d’accès du module défaillant: WOT.dll ID de rapport : 4e9830e9-0d8b-4bd9-914e-268a92bfa3d4 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x1544 Heure de début de l’application défaillante : 0x01d1de01077a2875 Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 2446ca97-d170-4c12-8b32-b92caade0892 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Nom de l’application défaillante unchecky_svc.exe, version : 0.4.3.0, horodatage : 0x56dea6dc Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x007d002a ID du processus défaillant : 0x8f8 Heure de début de l’application défaillante : 0x01d1ddc6afe60120 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe Chemin d’accès du module défaillant: unknown ID de rapport : 1a80eb36-20a8-4d79-937c-5f55f02d2dc5 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante AdblockPlusEngine.exe, version : 1.5.0.0, horodatage : 0x56017eff Nom du module défaillant : AdblockPlusEngine.exe, version : 1.5.0.0, horodatage : 0x56017eff Code d’exception : 0xc0000005 Décalage d’erreur : 0x00000000000fcd55 ID du processus défaillant : 0x1b4 Heure de début de l’application défaillante : 0x01d1ddc75a7b673e Chemin d’accès de l’application défaillante : C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe Chemin d’accès du module défaillant: C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe ID de rapport : d82b2e27-9af6-406d-ae56-ef42fd4fc045 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x16e4 Heure de début de l’application défaillante : 0x01d1ddc79914a579 Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : c8f68c52-5119-437d-bcfd-3b6de430e178 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x1250 Heure de début de l’application défaillante : 0x01d1dd9f5b111d9c Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 46692432-1a85-439d-972f-48ea77020344 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0xab4 Heure de début de l’application défaillante : 0x01d1dd250c84dbe4 Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : e004ce4a-4359-428c-a736-e93cdf216bc7 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante TPCHSrv.exe, version : 1.0.0.28, horodatage : 0x52fd56d1 Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ee6fc ID du processus défaillant : 0x148c Heure de début de l’application défaillante : 0x01d1dd0eef4dfadb Chemin d’accès de l’application défaillante : C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 23d43bc0-94ee-4933-970f-f550b0b83ba6 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ ----------( EOF)---------- - 3876 | 10:37:34