--------------- QuickDiag | g3n-h@ckm@n | V3_27.01.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 31/01/2017 08:29:45 Updated 27/01/2017 | 15.40 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Nathange (Administrator)] - [NATHANGE] (S-1-5-21-2256402154-31552669-3576289504) System: Microsoft Windows 10 Famille - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: X751LJ - ASUSTeK COMPUTER INC. - IdNumber: FAN0WU200759436 - UUID: 7C0E7E14-9A52-D94A-865A-65B84CA56AE1 Processor : X64 - 2197 Mhz - Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz X751LJ.704 - en|US|iso8859-1 - American Megatrends Inc. - S/N: FAN0WU200759436 - X751LJ.704 - _ASUS_ - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0233&SUBSYS_1043138F&REV_1000\4&3736C420&0&0001 ---------- | Video Intel(R) HD Graphics 5500 - Resolution: 1600x900 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll,igdumdim32,igd10iumd32,igd10iumd32,igd12umd32 - PNPDeviceID: PCI\VEN_8086&DEV_1616&SUBSYS_241A1043&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 NVIDIA GeForce 920M - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvd3dumx,C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvwgf2umx,C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvwgf2umx,C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvwgf2umx,C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvd3dum,C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_1299&SUBSYS_241A1043&REV_A1\4&7D4D19&0&00E4 - AdapterCompatibility: NVIDIA - RAM: -2147483648 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 5500 - DriverVersion: 20.19.15.4549 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:15 % CPU #2 value:9 % CPU #3 value:0 % CPU #4 value:15 % Total Overall CPU Usage value:9 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros AR956x Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Reusable ISATAP Interface {91CD394B-1F95-419D-98F8-BA4490A50C53} : SENT:0 bytes/sec / RECVD:0 bytes/sec Connexion au réseau local* 5 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:9 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Qualcomm Atheros AR956x Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0036&SUBSYS_21301A3B&REV_01\4&1014AD79&0&00E3 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_200F1043&REV_12\20075943684CE00001 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&19171F93&0&11 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&32E18B63&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&32E18B63&0&2 Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0 Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE Microsoft ISATAP Adapter - - - Status: - PnPID : WAN Miniport (SSTP) - - - Status: - PnPID : WAN Miniport (IKEv2) - - - Status: - PnPID : WAN Miniport (L2TP) - - - Status: - PnPID : WAN Miniport (PPTP) - - - Status: - PnPID : WAN Miniport (PPPOE) - - - Status: - PnPID : WAN Miniport (IP) - - - Status: - PnPID : WAN Miniport (IPv6) - - - Status: - PnPID : WAN Miniport (Network Monitor) - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 4062 | Free (MB) : 1540 Pagefile = Total (MB) : 5110 | Free (MB) : 2150 Virtual = Total (MB) : 4194 | Free (MB) : 3965 Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: - Manufacturer: Hynix/Hyundai - PartNumber: HMT451S6BFR8A-PB - S/N: 00000000 ---------- | SID Users Administrateur : [S-1-5-21-2256402154-31552669-3576289504-500] DefaultAccount : [S-1-5-21-2256402154-31552669-3576289504-503] Invité : [S-1-5-21-2256402154-31552669-3576289504-501] Nathange : [S-1-5-21-2256402154-31552669-3576289504] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [OS] | Total : 371.85 Go | Free : 298.83 Go -> NTFS [SATA] D:\ -> [Fixed] | [DATA] | Total : 558.91 Go | Free : 553.34 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_ST1000LM&PROD_024_HN-M101MBB\4&3D19D56&0&000000 ---------- | Windows updates No detected update !!! Windows Is Activated ---------- | Browsers IE : 11.0.14393.0 (© Microsoft Corporation. Tous droits réservés.) FF : 52.0.0.6233 (©Firefox and Mozilla Developers; available under the MPL 2 license.) Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" ---------- | FlashPlayer FlashPlayer ActiveX : 24.0.0.194 FlashPlayer Plugin : 24.0.0.194 ---------- | Security FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 468 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 12:42:27] CPU Usage:0 % 768 | [Owner : | Parent : 580() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 12:42:27] CPU Usage:0 % 844 | [Owner : | Parent : 768(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.14393.479) = C:\Windows\System32\services.exe [09/12/2016 20:19:26] CPU Usage:0 % 852 | [Owner : | Parent : 768(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [26/09/2016 13:39:13] CPU Usage:0 % 952 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 84 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 440 | [Owner : | Parent : 760() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.14393.594) = C:\Windows\System32\winlogon.exe [11/01/2017 10:49:45] CPU Usage:0 % 904 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 372 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1048 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1108 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1360 | [Owner : | Parent : 844(services.exe) | ?????] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4549) = C:\Windows\System32\igfxCUIService.exe [18/08/2015 04:14:19] CPU Usage:0 % 1472 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1716 | [Owner : | Parent : 844(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 369.09.) - (8.17.13.6909) = C:\Windows\System32\nvvsvc.exe [29/09/2016 15:04:53] CPU Usage:0 % 1772 | [Owner : | Parent : 1716(nvvsvc.exe) | ?????] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [29/09/2016 15:04:53] CPU Usage:0 % 1868 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1912 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1956 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 2052 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 2200 | [Owner : | Parent : 844(services.exe) | ?????] - (.AVAST Software - avast! Service.) - (12.3.3154.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [14/11/2016 21:24:22] CPU Usage:0 % 2208 | [Owner : | Parent : 844(services.exe) | ?????] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.87.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [07/07/2015 15:06:56] CPU Usage:0 % 2216 | [Owner : | Parent : 844(services.exe) | ?????] - (.ASUSTek Computer Inc. - GFNEXSrv.) - (1.0.12.2) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [01/04/2015 18:01:32] CPU Usage:0 % 2424 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.351) = C:\Windows\System32\spoolsv.exe [28/10/2016 12:21:16] CPU Usage:0 % 2640 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 2876 | [Owner : | Parent : 844(services.exe) | ?????] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.1.10602.174) = C:\Windows\syswow64\esif_uf.exe [22/10/2015 01:28:35] CPU Usage:0 % 2884 | [Owner : | Parent : 844(services.exe) | ?????] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (6.2.9200.16384) = C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [29/07/2015 20:36:16] CPU Usage:0 % 2892 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 2916 | [Owner : | Parent : 844(services.exe) | ?????] - (.ASUS - ASUS GiftBox Desktop.) - (1.1.1.128) = C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe [20/07/2015 15:02:32] CPU Usage:0 % 2928 | [Owner : | Parent : 844(services.exe) | ?????] - (.ASUS Cloud Corporation - Asus WebStorage Windows Service.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [31/05/2015 17:15:16] CPU Usage:0 % 2292 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1696 | [Owner : | Parent : 844(services.exe) | ?????] - (.Protexis Inc. - PsiService PsiService.) - (3.0.2.15) = C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [10/03/2010 13:26:48] CPU Usage:0 % 1756 | [Owner : | Parent : 844(services.exe) | ?????] - (.- RichVideo Module.) - (2.0.1.7413) = C:\Program Files\CyberLink\Shared files\RichVideo64.exe [22/10/2015 02:00:21] CPU Usage:0 % 1632 | [Owner : | Parent : 844(services.exe) | ?????] - (.arvato digital services llc - PsiService PsiService.) - (3.1.0.56) = C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [30/11/2010 12:27:58] CPU Usage:0 % 2348 | [Owner : | Parent : 844(services.exe) | ?????] - (.- nTitles PSIService.) - (2.0.0.1) = C:\Windows\syswow64\PSIService.exe [05/06/2007 12:20:32] CPU Usage:0 % 2356 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 3248 | [Owner : | Parent : 844(services.exe) | ?????] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.415) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [30/01/2017 08:10:38] CPU Usage:0 % 3392 | [Owner : | Parent : 844(services.exe) | ?????] - (.RaMMicHaeL - Unchecky Service.) - (1.0.2.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [21/11/2016 18:33:44] CPU Usage:0 % 4112 | [Owner : Nathange | Parent : 1108(svchost.exe) | 20.72 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 12:42:09] CPU Usage:0 % 4132 | [Owner : | Parent : 2208(AsLdrSrv.exe) | ?????] - (.ASUSTek Computer Inc. - HControl.) - (1.0.87.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [07/07/2015 15:06:56] CPU Usage:0 % 4184 | [Owner : Nathange | Parent : 844(services.exe) | 28.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 4212 | [Owner : Nathange | Parent : 2876(esif_uf.exe) | 4.06 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.1.10602.174) = C:\Windows\Temp\DPTF\esif_assist_64.exe [30/01/2017 18:21:03] CPU Usage:0 % 4264 | [Owner : Nathange | Parent : 1108(svchost.exe) | 0.38 Mo] - (.ASUS - ACMON.) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [09/06/2015 20:25:58] CPU Usage:0 % 4272 | [Owner : Nathange | Parent : 1108(svchost.exe) | 15.24 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 12:42:36] CPU Usage:0 % 4348 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8763) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [26/09/2016 13:28:40] CPU Usage:0 % 4420 | [Owner : Aucun | Parent : 1108(svchost.exe) | 0.51 Mo] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) - (4.1.5.0) = C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [25/05/2015 13:20:18] CPU Usage:0 % 4428 | [Owner : Nathange | Parent : 3392(unchecky_svc.exe) | 8.61 Mo] - (.RaMMicHaeL - Unchecky Background Process.) - (1.0.2.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe [21/11/2016 18:33:44] CPU Usage:0 % 5080 | [Owner : Nathange | Parent : 4544() | 7.52 Mo] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.33.3) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [21/05/2015 14:52:36] CPU Usage:0 % 5088 | [Owner : Nathange | Parent : 4556() | 6.83 Mo] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.22.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [22/04/2015 10:28:24] CPU Usage:0 % 5244 | [Owner : Nathange | Parent : 2256(HPSupportSolutionsFrameworkService.exe) | 11.18 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4549) = C:\Windows\System32\igfxEM.exe [18/08/2015 04:14:20] CPU Usage:0 % 5328 | [Owner : Nathange | Parent : 2256(HPSupportSolutionsFrameworkService.exe) | 7.95 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4549) = C:\Windows\System32\igfxHK.exe [18/08/2015 04:14:20] CPU Usage:0 % 5360 | [Owner : Nathange | Parent : 2256(HPSupportSolutionsFrameworkService.exe) | 10.11 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe [18/08/2015 04:14:20] CPU Usage:0 % 5516 | [Owner : Nathange | Parent : 1772(nvxdsync.exe) | 9.18 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [29/09/2016 15:04:53] CPU Usage:0 % 5700 | [Owner : | Parent : 844(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.206) = C:\Windows\System32\SearchIndexer.exe [29/09/2016 21:59:49] CPU Usage:0 % 5412 | [Owner : Nathange | Parent : 440(winlogon.exe) | 88.9 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.479) = C:\Windows\explorer.exe [09/12/2016 20:18:29] CPU Usage:4 % 4304 | [Owner : Nathange | Parent : 952(svchost.exe) | 42.95 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [09/11/2016 21:01:40] CPU Usage:0 % 5300 | [Owner : Nathange | Parent : 952(svchost.exe) | 52.18 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.693) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [11/01/2017 10:49:02] CPU Usage:0 % 4336 | [Owner : Nathange | Parent : 952(svchost.exe) | 51.54 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 12:42:05] CPU Usage:0 % 6184 | [Owner : Nathange | Parent : 5412(explorer.exe) | 10.41 Mo] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.0.12.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [22/10/2015 01:34:17] CPU Usage:0 % 6228 | [Owner : Nathange | Parent : 5412(explorer.exe) | 9.88 Mo] - (.Corel, Inc. - Corel Photo Downloader.) - (2.1.0.0) = C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [28/08/2007 11:00:00] CPU Usage:0 % 6284 | [Owner : Nathange | Parent : 5412(explorer.exe) | 16.66 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.912) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [30/01/2017 08:10:36] CPU Usage:0 % 6316 | [Owner : Nathange | Parent : 5412(explorer.exe) | 26.64 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6743.1212) = C:\Users\Nathange\AppData\Local\Microsoft\OneDrive\OneDrive.exe [29/09/2016 15:52:05] CPU Usage:0 % 6392 | [Owner : Nathange | Parent : 5412(explorer.exe) | 11.53 Mo] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) - (28.0.1315.0) = C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [17/10/2012 04:29:50] CPU Usage:0 % 6428 | [Owner : Aucun | Parent : 6384() | 16.37 Mo] - (.Piriform Ltd - CCleaner.) - (5.26.0.5937) = C:\Program Files\CCleaner\CCleaner64.exe [21/12/2016 18:49:42] CPU Usage:0 % 6864 | [Owner : Nathange | Parent : 6776() | 18.58 Mo] - (.AVAST Software - avast! Antivirus.) - (12.3.3154.23) = C:\Program Files\AVAST Software\Avast\avastui.exe [16/11/2016 09:24:59] CPU Usage:0 % 6948 | [Owner : Nathange | Parent : 952(svchost.exe) | 22.74 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe [16/07/2016 12:42:40] CPU Usage:0 % 6980 | [Owner : Nathange | Parent : 6776() | 5.47 Mo] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [30/05/2013 14:50:10] CPU Usage:0 % 7156 | [Owner : Nathange | Parent : 6776() | 6.36 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [12/12/2016 19:21:48] CPU Usage:0 % 2256 | [Owner : | Parent : 844(services.exe) | ?????] - (.HP Inc. - HP Support Solutions Framework Service.) - (8.5.32.203) = C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [04/07/2016 06:12:08] CPU Usage:0 % 5696 | [Owner : | Parent : 844(services.exe) | ?????] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.0.1162) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [07/08/2015 01:07:56] CPU Usage:0 % 6456 | [Owner : | Parent : 844(services.exe) | ?????] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.0.0.1162) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [07/08/2015 01:09:18] CPU Usage:0 % 7728 | [Owner : Nathange | Parent : 6832() | 26.8 Mo] - (.ASUS Cloud Corporation -.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSPanel.exe [31/05/2015 17:15:24] CPU Usage:0 % 3028 | [Owner : | Parent : 844(services.exe) | ?????] - (.Intel Corporation - Intel(R) Security Assist.) - (1.0.0.532) = C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [19/05/2015 09:11:00] CPU Usage:0 % 7296 | [Owner : Nathange | Parent : 952(svchost.exe) | 68.3 Mo] - (.-.) - (1.0.1611.18000) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [23/11/2016 08:05:22] CPU Usage:0 % 8020 | [Owner : | Parent : 1868(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 12:42:22] CPU Usage:0 % 7364 | [Owner : Nathange | Parent : 952(svchost.exe) | 55.89 Mo] - (.Microsoft Corporation - Hôte Microsoft WWA.) - (10.0.14393.187) = C:\Windows\System32\WWAHost.exe [26/09/2016 13:39:01] CPU Usage:0 % 2252 | [Owner : Nathange | Parent : 952(svchost.exe) | 9.41 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.14393.0) = C:\Windows\System32\dllhost.exe [16/07/2016 12:42:27] CPU Usage:0 % 6820 | [Owner : Nathange | Parent : 5412(explorer.exe) | 844.99 Mo] - (.Mozilla Corporation - Firefox.) - (51.0.1.6234) = C:\Program Files\Mozilla Firefox\firefox.exe [18/11/2016 09:45:54] CPU Usage:0 % 9164 | [Owner : Nathange | Parent : 952(svchost.exe) | 3.68 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.594) = C:\Windows\System32\SettingSyncHost.exe [11/01/2017 10:49:12] CPU Usage:0 % 9072 | [Owner : Nathange | Parent : 6864(avastui.exe) | 8.35 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.14393.0) = C:\Windows\syswow64\ctfmon.exe [16/07/2016 12:43:04] CPU Usage:0 % 9136 | [Owner : | Parent : 5700(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.206) = C:\Windows\System32\SearchProtocolHost.exe [29/09/2016 21:59:45] CPU Usage:0 % 5140 | [Owner : Système | Parent : 5700(SearchIndexer.exe) | 6.25 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.206) = C:\Windows\System32\SearchFilterHost.exe [29/09/2016 21:59:41] CPU Usage:0 % 5392 | [Owner : Nathange | Parent : 952(svchost.exe) | 23.91 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.321) = C:\Windows\System32\smartscreen.exe [12/10/2016 16:13:22] CPU Usage:0 % 9640 | [Owner : Aucun | Parent : 6820(firefox.exe) | 31.27 Mo] - (.SosVirus - QuickDiag.) - (27.1.17.1) = C:\Users\Nathange\Downloads\QuickDiag.exe [31/01/2017 08:28:44] CPU Usage:0 % ---------- | MD5 [MD5.4E10FB1A015B49AC68F76C1A3F4D9C0F] - [09/12/2016 20:18:29] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4563.77 Ko] - (10.0.14393.479) : C:\WINDOWS\Explorer.exe [MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 12:42:36] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe [MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe [MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe [MD5.6955067712F2F4752CA12192B08EF860] - [16/07/2016 12:42:16] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [683.48 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Kernel32.dll [MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [26/09/2016 13:39:13] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe [MD5.7BD259FC59CF9C2AE1B979564B374CC6] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Distributed COM Services.) - [867.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rpcss.dll [MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 12:42:42] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe [MD5.3C69CC28665854F1AAB4B4005005FA31] - [09/12/2016 20:19:26] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [443.94 Ko] - (10.0.14393.479) : C:\WINDOWS\System32\services.exe [MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe [MD5.C46EA86BF0E7C96235E9064CBAD6ED26] - [13/12/2016 20:28:18] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1426.95 Ko] - (10.0.14393.576) : C:\WINDOWS\System32\user32.dll [MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe [MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe [MD5.917F081E2AB667C44F7D96DE1D16DFAE] - [11/01/2017 10:49:45] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [658 Ko] - (10.0.14393.594) : C:\WINDOWS\System32\Winlogon.exe [MD5.323AA1953ED9C01E23F740FA891FE064] - [28/10/2016 12:20:07] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.0D1D392ED2597F295956D058D33BD7C3] - [12/10/2016 16:12:49] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [141.5 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 12:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 12:41:54] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 12:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - [26/09/2016 13:39:08] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [439.84 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.D5564FC81350458ED570528C4E3B1CCF] - [12/10/2016 16:12:48] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1153.84 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.DB69C6DA8B3DDFDC547D455CA23A8250] - [09/11/2016 21:00:59] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2202.84 Ko] - (10.0.14393.447) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 12:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 12:44:03] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.4F25E481124059CC593B4C68BC485640] - [28/10/2016 12:20:25] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2478.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.9D2DD64A0B51C56285512DC9454340F6] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.ASUS Cloud Corporation..-.AsusWSShellExt64.) - (1.1.0.27) -- C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll (.AVAST Software.-.avast! Shell Extension.) - (12.3.3154.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (20.19.15.4549) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll (.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (20.19.15.4549) -- C:\WINDOWS\SYSTEM32\igdusc64.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.Hewlett-Packard.-.Hewlett-Packard WIA 2.0 scanner driver.) - (27.0.142.0) -- C:\WINDOWS\system32\HPWia2_DJ3520.dll (.Hewlett-Packard Co..-.HPScanTRDrv Module.) - (27.0.820.0) -- C:\WINDOWS\system32\HPScanTRDrv_DJ3520.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDrive - ("C:\Users\Nathange\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-2256402154-31552669-3576289504-1001\SOFTWARE\...\Run]) - User: NATHANGE\Nathange CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-2256402154-31552669-3576289504-1001\SOFTWARE\...\Run]) - User: NATHANGE\Nathange HP Deskjet 3520 series (NET) - ("C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3671G2PP05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 [HKU\S-1-5-21-2256402154-31552669-3576289504-1001\SOFTWARE\...\Run]) - User: NATHANGE\Nathange NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Corel Photo Downloader - ("C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [HKLM\SOFTWARE\...\Run]) - User: Public Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup "Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [30/01/2017 08:10:36] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "WindowsDefender"=0x040000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "WebStorage"=0x040000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/09/2016 15:43:23] "Common AppData"=C:\ProgramData [29/09/2016 15:43:23] "Common Desktop"=C:\Users\Public\Desktop [10/07/2015 12:04:22] "Common Documents"=C:\Users\Public\Documents [10/07/2015 12:04:22] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [29/09/2016 15:43:23] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [29/09/2016 15:43:23] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2016 15:43:23] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [10/07/2015 12:04:22] "CommonMusic"=C:\Users\Public\Music [10/07/2015 12:04:22] "CommonPictures"=C:\Users\Public\Pictures [10/07/2015 12:04:22] "CommonVideo"=C:\Users\Public\Videos [10/07/2015 12:04:22] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D255C50DCC143C [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "WebStorage"=C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [31/05/2015 17:15:20] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [30/05/2013 14:50:10] ""= "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/09/2016 15:43:23] "Common AppData"=C:\ProgramData [29/09/2016 15:43:23] "Common Desktop"=C:\Users\Public\Desktop [10/07/2015 12:04:22] "Common Documents"=C:\Users\Public\Documents [10/07/2015 12:04:22] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [29/09/2016 15:43:23] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [29/09/2016 15:43:23] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2016 15:43:23] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [10/07/2015 12:04:22] "CommonMusic"=C:\Users\Public\Music [10/07/2015 12:04:22] "CommonPictures"=C:\Users\Public\Pictures [10/07/2015 12:04:22] "CommonVideo"=C:\Users\Public\Videos [10/07/2015 12:04:22] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=946083bc-9ef7-47c8-9a35-85c4bf1 "GlassSessionId"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=3 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [22/01/2016 15:28:16] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "fullprivilegeauditing"=0x80 "LsaPid"=852 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 "SamConnectedAccountsExist"=1 ---------- | .LNK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=2 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=Prompt "GlobalAssocChangedCounter"=15 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=2 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=38 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"=NATHANGE "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "LastLogOffEndTimePerfCounter"=79997061586 "ShutdownFlags"=2147483687 "scremoveoption"=0 "DisableCad"=1 "USERINIT"=C:\Windows\system32\userinit.exe, "AutoAdminLogon"=1 "DefaultUserName"=Nathange "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-2256402154-31552669-3576289504 "LastUsedUsername"=Nathange [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWow64\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWow64\mshta.exe "%1" %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/07/2016 12:43:06] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/07/2016 12:43:06] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser ---------- | AppcompatFlags [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"=32 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131196313520720046 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "InstallLocation"=C:\Program Files\Windows Defender\ "TrustedImageIdentifier"={28943447-asus-cj86-gji4-asuscomputer} "InstallTime"=0x99176B335F0CD101 "ManagedDefenderProductType"=0 "ProductStatus"=0 "OOBEInstallTime"=0x41FEFD59601AD201 "DisableAntiSpyware"=1 "DisableAntiVirus"=1 "PassiveMode"=0 "OneTimeSqmDataSent"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts # This HOSTS file cured by Dr.Web Anti-rootkit API # This HOSTS file cured by Dr.Web Anti-rootkit API # This HOSTS file cured by Dr.Web Anti-rootkit API # This HOSTS file cured by Dr.Web Anti-rootkit API # unchecky_begin # These rules were added by the Unchecky program in order to block advertising software modules 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com [64] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.fr [2a00:1450:4007:810::2003] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:810::2003?: temps=38 ms R?ponse de 2a00:1450:4007:810::2003?: temps=37 ms R?ponse de 2a00:1450:4007:810::2003?: temps=38 ms R?ponse de 2a00:1450:4007:810::2003?: temps=38 ms Statistiques Ping pour 2a00:1450:4007:810::2003: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 37ms, Maximum = 38ms, Moyenne = 37ms ---------- | @ [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "DisableRandomFlighting"=0 "EnableLegacyEdgeSwitching"=1 "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_B] - {6D4133E5-0742-4ADC-8A8C-9303440F7191} -- C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [22/04/2015 14:59:34] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_O] - {64174815-8D98-4CE6-8646-4C039977D809} -- C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [22/04/2015 14:59:34] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_U] - {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} -- C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [22/04/2015 14:59:34] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [14/11/2016 21:24:26] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [16/07/2016 12:42:17] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- ---------- | Toolbar [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) - [] ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE : ---------- | Browser Helper Objects [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [30/01/2017 08:20:05] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}] -> (Evernote extension) : C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [30/04/2015 13:16:50] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [30/01/2017 08:20:04] ---------- | Chrome ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 24.0.0.194 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 24.0.0.194 Plugin) : C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6cd0246c-92f8-4a55-a46e-04e07fdd546e}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{ce0dc356-379f-4949-9732-d6c7a22bd403}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6cd0246c-92f8-4a55-a46e-04e07fdd546e}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ce0dc356-379f-4949-9732-d6c7a22bd403}] "DhcpNameServer"=192.168.0.254 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\Corel Paint Shop Pro Photo.exe] : "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde [HKLM\SOFTWARE\Classes\Applications\Corel PaintShop Pro.exe] : "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\et.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\office6\et.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\LaunchWinApp.exe] : "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\wpp.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\office6\wpp.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\wps.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\office6\wps.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Corel Paint Shop Pro Photo.exe] : "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Corel PaintShop Pro.exe] : "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\et.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\office6\et.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\LaunchWinApp.exe] : "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wpp.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\office6\wpp.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wps.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\office6\wps.exe" "%1" ---------- | SvcHost [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "bthaudiosvc"=BthHFSrv "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay SystemEventsBroker DeviceInstall DcomLaunch "defragsvc"=defragsvc "LocalServiceNetworkRestricted"=TimeBrokerSvc wscsvc LmHosts AppIDSvc homegroupprovider wcmsvc NgcCtnrSvc icssvc AJRouter eventlog AudioSrv RmSvc vmictimesync DHCP "RPCSS"=RpcEptMapper RpcSs "sdrsvc"=sdrsvc "utcsvc"=DiagTrack "WepHostSvcGroup"=WepHostSvc "LocalService"=nsi WdiServiceHost EventSystem RemoteRegistry SstpSvc netprofm lltdsvc fdphost bthserv workfolderssvc PhoneSvc WebClient w32time LicenseManager tzautoupdate FontCache CDPSvc WinHttpAutoProxySvc "LocalSystemNetworkRestricted"=HvHost WdiSystemHost ScDeviceEnum WiaRpc trkwks WUDFSvc hidserv dot3svc UmRdpService DsSvc WPDBusEnum fhsvc NcbService sysmain homegrouplistener PcaSvc svsvc Netman TabletInputService DevQueryBroker vmicvss SmsRouter EmbeddedMode wlansvc irmon AudioEndpointBuilder DeviceAssociationService StorSvc NgcSvc SensorService vmickvpexchange vmicshutdown vmicguestinterface vmicvmsession "netsvcs"=CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT iphlpsvc seclogon AppInfo msiscsi EapHost schedule winmgmt browser SessionEnv wercplsupport shpamsvc DcpSvc NcaSvc DmEnrollmentSvc RetailDemo lfsvc FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr dmwappushservice WpnService BDESVC XboxNetApiSvc DsmSvc Themes dosvc XblAuthManager UsoSvc ProfSvc UserManager XblGameSave wisvc wlidsvc NetSetupSvc "WerSvcGroup"=wersvc "WbioSvcGroup"=WbioSrvc "LocalServiceNoNetwork"=DPS PLA BFE NcdAutoSetup mpssvc WwanSvc CoreMessagingRegistrar "imgsvc"=StiSvc "termsvcs"=TermService "swprv"=swprv "smphost"=smphost "wsappx"=AppXSvc clipsvc "ICService"=vmicrdv vmicheartbeat "Camera"=FrameServer "LocalServicePeerNet"=PNRPSvc p2pimsvc p2psvc PnrpAutoReg "NetworkServiceAndNoImpersonation"=KtmRm "appmodel"=TileDataModelSvc WalletService StateRepository EntAppSvc "LocalServiceAndNoImpersonation"=SSDPSRV upnphost SCardSvr QWAVE fdrespub wcncsvc SensrSvc BthHFSrv "NetworkServiceNetworkRestricted"=PolicyAgent "AxInstSVGroup"=AxInstSV "AppReadiness"=AppReadiness "NetworkService"=CryptSvc WECSVC MapsBroker DHCP TermService Tapisrv lanmanworkstation WinRM DNSCache nlasvc "smbsvcs"=lanmanserver browser "UnistackSvcGroup"=UserDataSvc UnistoreSvc MessagingService WpnUserService OneSyncSvc PimIndexMaintenanceSvc CDPUserSvc "print"=PrintNotify [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "netsvcs"=CertPropSvc SCPolicySvc lanmanserver gpsvc iphlpsvc msiscsi schedule winmgmt SessionEnv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr UserManager NetSetupSvc "LocalSystemNetworkRestricted"=ScDeviceEnum WiaRpc dot3svc Netman WPDBusEnum NcbService wlansvc AudioEndpointBuilder DeviceAssociationService "LocalService"=netprofm WebClient WinHttpAutoProxySvc "imgsvc"=StiSvc "LocalServiceNoNetwork"=PLA "smphost"=smphost "rpcss"=RpcSs "LocalServiceNetworkRestricted"=wscsvc LmHosts AudioSrv DHCP "appmodel"=StateRepository "LocalServiceAndNoImpersonation"=SSDPSRV upnphost SCardSvr QWAVE wcncsvc BthHFSrv "DcomLaunch"=PlugPlay DeviceInstall DcomLaunch "NetworkService"=CryptSvc WECSVC DHCP TermService Tapisrv WinRM DNSCache "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelisted) ---------- | Software [HKLM\Software\AGEIA Technologies] [HKLM\Software\Agere] [HKLM\Software\ASUS] [HKLM\Software\Atheros] [HKLM\Software\Clients] [HKLM\Software\Corel] [HKLM\Software\CyberLink] [HKLM\Software\Dell] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\ECAREME] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\HP] [HKLM\Software\ICEpower] [HKLM\Software\Intel] [HKLM\Software\IPS] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\LSI] [HKLM\Software\Macromedia] [HKLM\Software\McAfee] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Protexis64] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\Volatile] [HKLM\Software\Waves Audio] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\AdwCleaner] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Alien Skin] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\AsLdr] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\Atheros] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Corel] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\Dropbox] [HKLM\Software\WOW6432Node\ECAREME] [HKLM\Software\WOW6432Node\Evernote] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\HP] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Jasc] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Kingsoft] [HKLM\Software\WOW6432Node\LibreOffice] [HKLM\Software\WOW6432Node\LogMeInRescueCallingCard] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\PluginGalaxy] [HKLM\Software\WOW6432Node\Protexis] [HKLM\Software\WOW6432Node\Qualcomm Atheros] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\SuppHelpDir] [HKLM\Software\WOW6432Node\The Document Foundation] [HKLM\Software\WOW6432Node\Unchecky] [HKLM\Software\WOW6432Node\WildTangent] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | Drives D: ---------- | C: [10/07/2015 12:04:22] - |SHD| - [2106] - C:\$Recycle.Bin [04/06/2016 22:22:08] - |D| - [1174981] - C:\AdwCleaner [MD5.79D7697AEB44C080863B888303DE8AFA] - [13/02/2016 17:57:52] - |N| - (.-.) - [56320] - (0.0.0.0) - C:\AEFILTER.DLL [13/02/2016 17:57:53] - |D| - [70144] - C:\Aps [18/08/2015 15:01:15] - |SHD| - [18438300] - C:\Boot [MD5.CDF075B70E5F612B4399A54B25D55192] - [10/07/2015 14:20:06] - |RASH| - (.-.) - [395268] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [10/07/2015 14:20:06] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [MD5.CE72E51D8A393EC84664D3E9A91C69B0] - [13/02/2016 17:57:52] - |N| - (.-.) - [56832] - (0.0.0.0) - C:\CLRTOCLR.DLL [23/04/2016 17:10:07] - |SHD| - [3291389] - C:\Config.Msi [13/02/2016 17:57:52] - |D| - [469176] - C:\data [MD5.85D11E7C018F80D942F48A542B0C3D75] - [22/10/2015 02:28:55] - |AH| - (.-.) - [12027] - (0.0.0.0) - C:\devlist.txt [10/07/2015 13:21:38] - |SHD| - [0] - C:\Documents and Settings [22/10/2015 10:16:59] - |D| - [2272975917] - C:\eSupport [22/10/2015 01:28:32] - |HD| - [520991] - C:\Intel [02/02/2016 13:39:17] - |D| - [913817930] - C:\Mes filtres psp [26/03/2016 09:29:17] - |RHD| - [529707048] - C:\MSOCache [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/10/2015 01:18:00] - |ASH| - (.-.) - [1073741824] - (0.0.0.0) - C:\pagefile.sys [MD5.BF8D03DBB58240750AB3847AB5285435] - [13/02/2016 17:57:52] - |A| - (.Copyright 1992-1997. Ulead Systems, Inc. - Ulead Particle.Plugin.) - [222720] - (1.0.0.0) - C:\particle.dll [MD5.996A0AC0E6C0B52E4C7B9AB7664EA979] - [13/02/2016 17:57:52] - |A| - (.-.) - [453017] - (0.0.0.0) - C:\PARTICLE.HLP [29/09/2016 15:43:23] - |HD| - [0] - C:\PerfLogs [MD5.7A593FBBC00296533485662776BAFD0F] - [13/02/2016 17:57:52] - |A| - (.-.) - [7279] - (0.0.0.0) - C:\Pp10f.isu [MD5.6C043087A85E9CEB7F6654E6829AD968] - [13/02/2016 17:57:52] - |A| - (.-.) - [2129] - (0.0.0.0) - C:\Pp10frm.txt [29/09/2016 15:34:05] - |RD| - [5348962719] - C:\Program Files [29/09/2016 15:34:05] - |RD| - [3527162553] - C:\Program Files (x86) [29/09/2016 15:43:23] - |HD| - [2162280362] - C:\ProgramData [MD5.941AEAFA5F33EB3EEC309AF28F19A4F9] - [13/02/2016 17:57:52] - |N| - (.-.) - [82944] - (0.0.0.0) - C:\Pt_about.dll [31/01/2017 08:29:24] - |D| - [262051] - C:\QuickDiag [MD5.94DFAC4AA2F0D06D1C87C73B5672F6EB] - [31/01/2017 08:29:45] - |A| - (.-.) - [115133] - (0.0.0.0) - C:\QuickDiag.txt [18/08/2015 06:12:22] - |SHD| - [6395638494] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/10/2015 01:18:01] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [19/01/2017 09:14:45] - |D| - [3085734] - C:\SWSetup [22/10/2015 10:03:14] - |SHD| - [0] - C:\System Volume Information [06/10/2016 20:06:01] - |D| - [1894655] - C:\System.sav [MD5.27917F76DEBBDBCE193393B61A58931C] - [13/02/2016 17:57:52] - |N| - (.Copyright © 1992-1995. Ulead Systems, Inc. - BASE LIBRARY.) - [220672] - (3.0.0.0) - C:\U32BASE.DLL [MD5.33472DD861898A8566B33839BE24CDFC] - [13/02/2016 17:57:52] - |N| - (.-.) - [709632] - (0.0.0.0) - C:\U32CFG.DLL [MD5.CC4E792F4E3AA115F58E16147ED4405B] - [13/02/2016 17:57:52] - |N| - (.Copyright © 1995-1996. Ulead Systems, Inc. - Ulead® ImageIconObject® Utility.u32Clips.DLL.) - [126976] - (4.0.0.0) - C:\U32CLIPS.DLL [MD5.E5835AF5F761DE395EB9C9CCEAE62FC9] - [13/02/2016 17:57:52] - |N| - (.Copyright © 1992-1995. Ulead Systems, Inc. - Error Handle.) - [125952] - (3.0.0.0) - C:\U32COMM.DLL [MD5.7C2E34CCD8272EBCCFC8463BC49C3659] - [13/02/2016 17:57:52] - |N| - (.Copyright © 1992-1995. Ulead Systems, Inc. - u32File.DLL.) - [129536] - (3.0.0.0) - C:\U32FILE.DLL [MD5.F4EECC5C7111AE86FC1376D1D2B2E309] - [13/02/2016 17:57:52] - |N| - (.-.) - [63488] - (3.0.0.0) - C:\U32MISC.DLL [29/09/2016 15:34:05] - |RD| - [30903633302] - C:\Users [MD5.28BC9E7EF4EB7FB8D854CBBF2BE63BF3] - [13/02/2016 17:57:52] - |N| - (.Copyright © 1992-1995. Ulead Systems, Inc. - GIF File I/O.) - [51712] - (3.0.0.0) - C:\ussgifsa.dll [29/09/2016 15:34:05] - |D| - [36440989881] - C:\Windows [29/09/2016 15:54:44] - |D| - [5377380636] - C:\Windows.old ---------- | C:\WINDOWS [29/09/2016 15:43:24] - |D| - [802] - C:\WINDOWS\addins [29/09/2016 15:43:24] - |D| - [13557731] - C:\WINDOWS\appcompat [29/09/2016 15:43:24] - |D| - [12471204] - C:\WINDOWS\AppPatch [29/09/2016 15:43:24] - |D| - [0] - C:\WINDOWS\AppReadiness [MD5.545744FBB217D017B4CF69D5BFD6CE57] - [18/08/2015 04:21:02] - |A| - (.-.) - [23] - (0.0.0.0) - C:\WINDOWS\AsDCDVer.txt [MD5.EAB8F3EBF2AEB4C6F2A20ECE5C627A4A] - [18/08/2015 14:46:04] - |A| - (.-.) - [28] - (0.0.0.0) - C:\WINDOWS\AsHDIVer.txt [MD5.84F9C31BBB480E3DEBC079B9AC0A3B51] - [08/04/2015 11:34:59] - |A| - (.-.) - [80] - (0.0.0.0) - C:\WINDOWS\ASOFSVer.txt [MD5.8610C4963ED43C450F8B02059AC9F1C3] - [22/10/2015 10:17:38] - |A| - (.-.) - [100] - (0.0.0.0) - C:\WINDOWS\AsPEToolVer.txt [29/09/2016 15:43:23] - |RSD| - [860097947] - C:\WINDOWS\assembly [MD5.EB9D86DAAB2DA6BFA59AF1E1F191344B] - [22/10/2015 10:17:38] - |A| - (.-.) - [55] - (0.0.0.0) - C:\WINDOWS\AsToolCDVer.txt [29/09/2016 15:56:14] - |D| - [355992823] - C:\WINDOWS\ASUS [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [14/11/2016 21:24:23] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [29/09/2016 15:43:24] - |D| - [281160] - C:\WINDOWS\bcastdvr [MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 12:42:16] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe [29/09/2016 15:43:24] - |D| - [38116021] - C:\WINDOWS\Boot [MD5.9E37DA1AD3EE7F4746518FD53CFA9D0C] - [29/09/2016 14:58:18] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [29/09/2016 15:43:24] - |D| - [3715608] - C:\WINDOWS\Branding [29/09/2016 15:37:10] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.7B4A26DCC09222DE4763DF989DEB6743] - [10/07/2015 17:30:41] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml [MD5.3D6D35EE881260B4BC498BD4CA74FD09] - [18/08/2015 06:20:54] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt [29/09/2016 15:43:24] - |D| - [8970858] - C:\WINDOWS\Cursors [18/08/2015 14:13:45] - |D| - [0] - C:\WINDOWS\de-DE [29/09/2016 15:43:24] - |D| - [20155110] - C:\WINDOWS\debug [10/07/2015 12:04:22] - |RD| - [0] - C:\WINDOWS\DesktopTileResources [MD5.F67C57C69031EA23A80070DBFFCF9A14] - [22/10/2015 02:12:20] - |A| - (.-.) - [10896] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [29/09/2016 15:43:24] - |D| - [4543876] - C:\WINDOWS\diagnostics [MD5.EF82B304067EDCF3CF990A42DE93B695] - [22/10/2015 02:12:20] - |A| - (.-.) - [9510] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [29/09/2016 15:47:46] - |D| - [0] - C:\WINDOWS\DigitalLocker [29/09/2016 15:43:24] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [MD5.B05A43321A90A523691AF6409336A733] - [18/08/2015 04:12:40] - |A| - (.-.) - [1780] - (0.0.0.0) - C:\WINDOWS\DriverCD_Template.txt [29/09/2016 15:43:24] - |HD| - [44056] - C:\WINDOWS\ELAMBKUP [10/07/2015 17:26:29] - |D| - [0] - C:\WINDOWS\en-GB [29/09/2016 15:47:46] - |D| - [0] - C:\WINDOWS\en-US [MD5.4E10FB1A015B49AC68F76C1A3F4D9C0F] - [09/12/2016 20:18:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4673304] - (10.0.14393.479) - C:\WINDOWS\explorer.exe [MD5.E1FD9DE48AF5D7652AA31BBE914F54B8] - [26/02/2009 07:50:32] - |A| - (.-.) - [176] - (0.0.0.0) - C:\WINDOWS\explorer.exe.config [29/09/2016 15:43:24] - |RSD| - [410382964] - C:\WINDOWS\Fonts [29/09/2016 15:47:46] - |D| - [122368] - C:\WINDOWS\fr-FR [29/09/2016 15:43:24] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [29/09/2016 15:43:24] - |D| - [20732976] - C:\WINDOWS\Globalization [29/09/2016 15:43:24] - |D| - [72326888] - C:\WINDOWS\Help [MD5.553DF2ABF34649763324BC5470D04317] - [16/07/2016 12:42:20] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975360] - (10.0.14393.0) - C:\WINDOWS\HelpPane.exe [MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 12:42:21] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe [29/09/2016 15:43:24] - |D| - [173189928] - C:\WINDOWS\IME [29/09/2016 15:43:24] - |RD| - [6842480] - C:\WINDOWS\ImmersiveControlPanel [29/09/2016 15:42:05] - |D| - [119872063] - C:\WINDOWS\INF [29/09/2016 15:55:40] - |D| - [1110813231] - C:\WINDOWS\InfusedApps [29/09/2016 15:43:24] - |D| - [36285422] - C:\WINDOWS\InputMethod [29/09/2016 15:43:24] - |SHD| - [1126023435] - C:\WINDOWS\Installer [18/08/2015 14:28:17] - |D| - [0] - C:\WINDOWS\it-IT [29/09/2016 15:43:24] - |D| - [89407] - C:\WINDOWS\L2Schemas [27/01/2017 11:38:07] - |D| - [472872] - C:\WINDOWS\LastGood [26/01/2017 11:19:45] - |D| - [343794402] - C:\WINDOWS\LastGood.Tmp [29/09/2016 15:43:24] - |D| - [0] - C:\WINDOWS\LiveKernelReports [18/08/2015 13:51:03] - |D| - [19457552] - C:\WINDOWS\Log [29/09/2016 15:43:24] - |D| - [166782380] - C:\WINDOWS\Logs [29/09/2016 15:43:24] - |RSD| - [20316123] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 12:42:12] - |N| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [29/09/2016 15:43:23] - |RD| - [810529778] - C:\WINDOWS\Microsoft.NET [29/09/2016 15:43:24] - |D| - [2563] - C:\WINDOWS\Migration [29/09/2016 15:43:24] - |RD| - [484593] - C:\WINDOWS\MiracastView [29/09/2016 15:43:24] - |D| - [0] - C:\WINDOWS\ModemLogs [18/08/2015 14:35:23] - |D| - [0] - C:\WINDOWS\nl-NL [MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 12:43:51] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe [29/09/2016 15:48:49] - |D| - [199472] - C:\WINDOWS\OCR [29/09/2016 15:43:24] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [22/10/2015 01:39:42] - |D| - [0] - C:\WINDOWS\Options [29/09/2016 15:55:20] - |DC| - [86988553] - C:\WINDOWS\Panther [29/09/2016 15:43:24] - |D| - [29175600] - C:\WINDOWS\Performance [MD5.ABE13E226DDC3219097D69FC8E945D55] - [30/01/2017 18:20:56] - |A| - (.-.) - [2882] - (0.0.0.0) - C:\WINDOWS\PFRO.log [29/09/2016 15:43:24] - |D| - [1136442] - C:\WINDOWS\PLA [29/09/2016 15:43:24] - |D| - [2653084] - C:\WINDOWS\PolicyDefinitions [29/09/2016 15:43:24] - |D| - [23269707] - C:\WINDOWS\prefetch [29/09/2016 15:43:24] - |RD| - [2036530] - C:\WINDOWS\PrintDialog [29/09/2016 15:43:24] - |D| - [1415119] - C:\WINDOWS\Provisioning [10/07/2015 12:04:22] - |RD| - [4] - C:\WINDOWS\PurchaseDialog [MD5.EFE3D78833FEDAF7F24C264BF9976301] - [16/07/2016 12:42:17] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [320512] - (10.0.14393.0) - C:\WINDOWS\regedit.exe [29/09/2016 15:43:24] - |D| - [1095144] - C:\WINDOWS\Registration [29/09/2016 15:43:24] - |D| - [9749326] - C:\WINDOWS\rescache [29/09/2016 15:43:24] - |D| - [3847234] - C:\WINDOWS\Resources [MD5.429D9EEB1DA2386625DF4601CC1C875A] - [22/10/2015 01:36:32] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2825944] - (1.0.6.5) - C:\WINDOWS\RtlExUpd.dll [29/09/2016 15:43:24] - |D| - [0] - C:\WINDOWS\SchCache [29/09/2016 15:43:24] - |D| - [121229] - C:\WINDOWS\schemas [29/09/2016 15:43:24] - |D| - [7380992] - C:\WINDOWS\security [29/09/2016 14:57:03] - |D| - [42851139] - C:\WINDOWS\ServiceProfiles [29/09/2016 15:34:05] - |D| - [179401526] - C:\WINDOWS\servicing [29/09/2016 15:49:42] - |D| - [42] - C:\WINDOWS\Setup [29/09/2016 15:43:24] - |D| - [31190016] - C:\WINDOWS\ShellExperiences [10/07/2015 17:30:02] - |D| - [0] - C:\WINDOWS\ShellNew [29/09/2016 15:43:24] - |D| - [3070736] - C:\WINDOWS\SKB [01/11/2016 10:50:32] - |D| - [143981315] - C:\WINDOWS\SoftwareDistribution [29/09/2016 15:43:24] - |D| - [86037697] - C:\WINDOWS\Speech [29/09/2016 15:43:24] - |D| - [53541356] - C:\WINDOWS\Speech_OneCore [MD5.BCDB205132974EC3AB6F5C01DD93489B] - [28/10/2016 12:21:16] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe [29/09/2016 15:43:24] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [10/07/2015 12:04:27] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [29/09/2016 15:34:05] - |D| - [21466332917] - C:\WINDOWS\System32 [29/09/2016 15:43:24] - |D| - [144046344] - C:\WINDOWS\SystemApps [29/09/2016 15:43:24] - |D| - [17529069] - C:\WINDOWS\SystemResources [29/09/2016 15:43:24] - |D| - [1512497940] - C:\WINDOWS\syswow64 [29/09/2016 15:43:24] - |D| - [0] - C:\WINDOWS\TAPI [10/07/2015 12:04:23] - |D| - [3018] - C:\WINDOWS\Tasks [29/09/2016 15:43:24] - |D| - [3047776] - C:\WINDOWS\Temp [29/09/2016 15:43:24] - |D| - [0] - C:\WINDOWS\tracing [MD5.D31C4D1BAA3C1651DB975FC5B36565C8] - [18/04/2005 09:00:00] - |RA| - (.- Twain Source Manager (Image Acquisition Interface).) - [87328] - (1.6.0.1) - C:\WINDOWS\Twain.dll [29/09/2016 15:43:24] - |D| - [4687156] - C:\WINDOWS\twain_32 [MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 12:43:52] - |N| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [MD5.74B8802CE5CD6F4E7AC83152E0E17D25] - [18/04/2005 09:00:00] - |RA| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [48560] - (1.6.0.1) - C:\WINDOWS\Twunk_16.exe [MD5.E2D4BA3248CB1DCB51383267868715E5] - [18/04/2005 09:00:00] - |RA| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [69632] - (1.6.0.1) - C:\WINDOWS\Twunk_32.exe [MD5.3F780EF7BA833971F2AFEF779727F92D] - [13/03/1998 00:02:00] - |A| - (.- Uninstaller stub for Inno Setup.) - [34304] - (1.2.0.0) - C:\WINDOWS\UNISTB32.EXE [29/09/2016 15:43:24] - |D| - [12420] - C:\WINDOWS\Vss [29/09/2016 15:43:24] - |D| - [15729830] - C:\WINDOWS\Web [MD5.60CDAF0811BF825164C0E246F4F5620D] - [10/07/2015 12:04:27] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 12:42:32] - |AH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [30/01/2017 08:10:40] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 12:42:48] - |N| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe [29/09/2016 15:34:05] - |D| - [6801345509] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 12:43:08] - |N| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 12:42:39] - |N| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [04/01/2017 11:15:32] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Machine [04/01/2017 11:15:32] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [16/06/2015 14:44:34] - C:\WINDOWS\Installer\10723.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/08/2015 01:14:20] - C:\WINDOWS\Installer\11a1e.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/08/2015 01:15:22] - C:\WINDOWS\Installer\11a23.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/08/2015 01:15:38] - C:\WINDOWS\Installer\11a28.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2015 17:27:22] - C:\WINDOWS\Installer\11a2d.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2015 01:25:00] - C:\WINDOWS\Installer\11a32.msi : (Intel® Security Assist - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/10/2015 01:49:58] - C:\WINDOWS\Installer\120e5.msi : (AudioWizard - ICEpower a/s) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/09/2014 03:59:10] - C:\WINDOWS\Installer\126b1.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/06/2015 04:04:14] - C:\WINDOWS\Installer\126ba.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2015 07:33:56] - C:\WINDOWS\Installer\126d2.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/01/2017 08:18:51] - C:\WINDOWS\Installer\133c16.msi : (Java SE Runtime Environment 8 Update 121 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/05/2015 06:20:24] - C:\WINDOWS\Installer\14efa.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/09/2016 20:45:50] - C:\WINDOWS\Installer\158d5b0b.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/10/2012 21:29:10] - C:\WINDOWS\Installer\16350c1c.msi : (HP Deskjet 3520 series Get product specific help to easily troubleshoot and fix problems. - Hewlett Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/10/2012 21:29:10] - C:\WINDOWS\Installer\16350c22.msi : (HP Deskjet 3520 series Product Improvement Study - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/10/2012 21:29:10] - C:\WINDOWS\Installer\16350c2e.msi : (HP Deskjet 3520 series Get product specific help to easily troubleshoot and fix problems. - Hewlett Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/10/2016 19:03:35] - C:\WINDOWS\Installer\166480e1.msi : (HP Support Solutions Framework - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/10/2016 20:04:33] - C:\WINDOWS\Installer\1699a909.msi : (HP Support Assistant - HP Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/10/2016 20:06:02] - C:\WINDOWS\Installer\1699a90e.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2013 11:04:38] - C:\WINDOWS\Installer\18a8057.msi : (Setup - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2013 11:11:28] - C:\WINDOWS\Installer\18a805e.msi : (PSPPContent - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2013 11:10:58] - C:\WINDOWS\Installer\18a8061.msi : (PSPPHelp - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2013 11:05:14] - C:\WINDOWS\Installer\18a8064.msi : (Blank Project Template - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2013 11:05:50] - C:\WINDOWS\Installer\18a806b.msi : (Blank Project Template - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2013 11:03:38] - C:\WINDOWS\Installer\18a806e.msi : (ICA - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/02/2014 16:49:04] - C:\WINDOWS\Installer\19c72ab.msi : (Blank Project Template - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/02/2014 16:51:08] - C:\WINDOWS\Installer\19c8853.msi : (Blank Project Template - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/10/2015 01:42:13] - C:\WINDOWS\Installer\37f96.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/07/2015 08:08:06] - C:\WINDOWS\Installer\37f9b.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/08/2004 11:15:48] - C:\WINDOWS\Installer\4529bc1.msi : (Animation Shop 3 - Nathan Gaida) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/08/2016 09:39:54] - C:\WINDOWS\Installer\59f25e.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/07/2015 15:07:16] - C:\WINDOWS\Installer\59f26b.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/10/2012 21:28:34] - C:\WINDOWS\Installer\81c68.msi : (HP Deskjet 3520 series Basic Device Software - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/08/2014 11:37:50] - C:\WINDOWS\Installer\81c7c.msi : (HP Update - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/01/2017 15:27:31] - C:\WINDOWS\Installer\af720.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/05/2015 10:53:01] - C:\WINDOWS\Installer\d1c28.msi : (Device Setup - ASUSTek Computer Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/08/2015 06:28:25] - C:\WINDOWS\Installer\d1c2e.msi : (Evernote v. 5.8.6 - Evernote Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/06/2015 03:49:35] - C:\WINDOWS\Installer\d1c31.msi : (Dropbox 25 GB - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/06/2015 13:27:30] - C:\WINDOWS\Installer\f214.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/06/2015 10:26:24] - C:\WINDOWS\Installer\facf.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [22/10/2015 01:39:42] - [428294] - C:\WINDOWS\System32\athw10x.inf [16/07/2016 12:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf [18/08/2015 06:20:37] - [2251004] - C:\WINDOWS\System32\PerfStringBackup.INI [16/07/2016 12:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini [16/07/2016 12:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [16/07/2016 12:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [16/07/2016 12:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.B7C476BBE4F001F4F33C04D9ABC33DC8] - |N| - [16/07/2016 12:42:17] - (.-.) - [14.52 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb [MD5.6457DB2C0EA3AEB8589D9AADE59698B5] - |A| - [13/12/2016 20:28:12] - (.-.) - [541.03 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [30/01/2017 08:10:39] - [666.52 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [31/01/2017 08:07:51] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser1.51.2220.62SZBrowser_autoupdate.download.lock [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:02:39] - [501.49 Ko] - C:\WINDOWS\Temp\DPTF [MD5.00000000000000000000000000000000] - |D| - [30/01/2017 18:23:04] - [8.63 Ko] - C:\WINDOWS\Temp\HP [MD5.00000000000000000000000000000000] - |D| - [22/01/2017 18:12:04] - [76.85 Ko] - C:\WINDOWS\Temp\HP Support Framework [MD5.00000000000000000000000000000000] - |D| - [30/01/2017 18:22:25] - [0 Ko] - C:\WINDOWS\Temp\hsperfdata_NATHANGE$ [MD5.00000000000000000000000000000000] - |D| - [14/11/2016 21:30:51] - [15.42 Ko] - C:\WINDOWS\Temp\SafeZone Installer [MD5.00000000000000000000000000000000] - |D| - [14/11/2016 21:25:32] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [29/01/2017 22:44:02] - (.-.) - [32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\~DF270035FB611EA8C3.TMP [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [29/01/2017 22:43:46] - (.-.) - [160 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\~DFA8D206812220BCEF.TMP [MD5.00000000000000000000000000000000] - |D| - [29/01/2017 18:30:12] - [1515.42 Ko] - C:\WINDOWS\Temp\~un0d57abf64 [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:46] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 12:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [16/07/2016 12:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 12:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |N| - [16/07/2016 12:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.46DACDA5036EBECEDF08427407E3017C] - |N| - [16/07/2016 12:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 12:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [16/07/2016 12:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |A| - [16/07/2016 12:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.16BF278ED0AE73D318DF16F0D4402829] - |A| - [22/10/2015 01:36:36] - (.-.) - [115.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [3176.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.971819F3DD0996BCCB9E4330C52C4207] - |A| - [09/11/2016 21:01:39] - (.-.) - [436.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [24 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [7762.11 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [272 Ko] - C:\WINDOWS\System32\ar-SA [MD5.C2974154F75F3E8D89C6D53AFA87EB9C] - |A| - [01/09/2016 15:26:20] - (.-.) - [55.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ASGCoInstaller_x64.dll [MD5.E43AEE6A66067C6535C1F994BCFB93A1] - |A| - [14/11/2016 21:24:31] - (.Copyright (c) 2014 AVAST Software - avast! start-up scanner.) - [382.32 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.6563ABDC7F8E285F845A34940054B01F] - |A| - [22/10/2015 01:39:42] - (.-.) - [92.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\athw10x.cat [MD5.C2226FF346710590801F50BED6D59236] - |A| - [22/10/2015 01:39:42] - (.-.) - [418.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\athw10x.inf [MD5.6CCA54D9875198E34D47ACCF58BCED31] - |A| - [22/10/2015 01:39:42] - (.Copyright (C) 2001-2010 Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) - [4216.61 Ko] - (10.0.0.324) - C:\WINDOWS\System32\athw10x.sys [MD5.A09A0E3C3FDCFBA7001C172EBD5463AB] - |A| - [22/10/2015 01:36:36] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll [MD5.F5C6782A3AA314CD575D4E4D178745B6] - |A| - [22/10/2015 02:03:55] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AxeLog-000.etl [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [247.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [4474.56 Ko] - C:\WINDOWS\System32\Boot [MD5.31ABC8C02F1CCE0DA39550D763384184] - |N| - [16/07/2016 12:42:12] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:34:05] - [91221.12 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [01/11/2016 10:43:16] - [38599.04 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [2066.11 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.64430E214B5B229D426D2D35538C402D] - |A| - [18/08/2015 04:14:05] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [360 Ko] - C:\WINDOWS\System32\Com [MD5.50983B64F73515D770AFEECFEB109F9B] - |A| - [22/10/2015 01:36:36] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.46 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:34:05] - [352234.27 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [29/09/2016 15:43:24] - [51.22 Ko] - C:\WINDOWS\System32\Configuration [MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [18/08/2015 04:14:08] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [292.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.A6B5E780C5499A3388DA97A65D683527] - |A| - [22/10/2015 01:36:36] - (.©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [288.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:03:49] - [4347.34 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [177.63 Ko] - C:\WINDOWS\System32\DDFs [MD5.C395C828ED3066CAB2EF6B42C61DF8F2] - |A| - [22/10/2015 01:36:37] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.33 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.BF69A8B201617F079BA50C07185719FD] - |A| - [22/10/2015 01:36:37] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [303.16 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll [MD5.F13BB74C8D71C28D1243585021AF7F48] - |A| - [22/10/2015 01:36:37] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.74 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.F1C0622644C6FDC6B02E5AF6768F703B] - |A| - [22/10/2015 01:36:37] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1913.68 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll [MD5.9AA24CB9DA76013301E39380D6130937] - |A| - [22/10/2015 01:36:37] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.79 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.749746538570612967918A292DCD9732] - |A| - [22/10/2015 01:36:37] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [353.57 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll [MD5.295E8B7D62BD262417DF2F37B5C397BC] - |A| - [22/10/2015 01:36:37] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6929.88 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.7BD06E433075F98A3FFF3A94A7749339] - |A| - [22/10/2015 01:36:37] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6117.81 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll [MD5.00000000000000000000000000000000] - |D| - [18/08/2015 14:13:46] - [0 Ko] - C:\WINDOWS\System32\de [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [324.5 Ko] - C:\WINDOWS\System32\de-DE [MD5.306B90493D00011EB635E161C6C024B8] - |N| - [16/07/2016 12:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [29/09/2016 15:43:32] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.74CBFD8DD24538D3E5E24305905841F1] - |A| - [10/07/2015 13:22:52] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DESKTOP-M7P1NB6_Administrator_HistoryPrediction.bin [MD5.00000000000000000000000000000000] - |SD| - [29/09/2016 15:43:24] - [642 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |N| - [16/07/2016 12:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [7611.09 Ko] - C:\WINDOWS\System32\Dism [MD5.17FBCE91AEBA666E5BC2423C8EB34E8B] - |A| - [30/11/2016 01:56:14] - (.-.) - [812.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab [MD5.CDCB034EAA3CA393157F21C709A583A8] - |A| - [22/10/2015 01:36:37] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [931.38 Ko] - (0.4.0.19) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.94A88D72D4CE37C41665783EB91B118D] - |A| - [22/10/2015 01:36:37] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2366.68 Ko] - (0.4.0.19) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll [MD5.8E45961F7008A1738B15B6DC7EA78A76] - |A| - [22/10/2015 01:36:37] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2433.74 Ko] - (0.4.0.19) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [1116.16 Ko] - C:\WINDOWS\System32\downlevel [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [18/08/2015 04:14:08] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/08/2015 04:14:08] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:05] - [140714.51 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:34:05] - [17296803.54 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [29/09/2016 15:43:24] - [158 Ko] - C:\WINDOWS\System32\dsc [MD5.73246D837230946DB03A74958E19BBAA] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [726.53 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll [MD5.18BA9A10E91CE857C1EAC1E353294AD9] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.57 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll [MD5.0460BFB6E5EF65561C6A944F6FBA938D] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [430.93 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll [MD5.9526D5FEAFD504FF92B56DCB40671477] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS GFX APO.) - [247.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll [MD5.4E734E82EE7B6F5C693A6991100E6F9C] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS GFX APO.) - [246.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll [MD5.3F0DBFCB3AC29890057947B7CFE795C1] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS LFX APO.) - [247.92 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll [MD5.5C466793839A731049879BC9E2EB60C6] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS Limiter COM DLL.) - [434.97 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll [MD5.1B136A223C89253764E41798E8A5B73C] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [492.49 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll [MD5.54DBEF5EBEE6145E44CD871C3DF42DBD] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll [MD5.D61861330FFD32A0B6BEF24F72DA6BA0] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1738.89 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll [MD5.E67F35A384DDE2342D22575332214F27] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS Symmetry COM DLL.) - [710.39 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll [MD5.94486CE7EF2CF5D2C242A4A79FF905CB] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll [MD5.43C9A9D2A205281C1E9B3B183C00236F] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll [MD5.9DD43E4EA21549D88F2A829F2E24C6B9] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll [MD5.B0289299C781431822CE88C4400E7398] - |A| - [22/10/2015 01:36:37] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.72 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [320.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.252169E08F835BFAC3ADC659BD4AD13D] - |A| - [29/09/2016 15:34:09] - (.-.) - [22.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:46] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [236 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [2193.1 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [313.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [257.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [232 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [29/09/2016 15:43:24] - [25882.16 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [292.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [18/08/2015 04:14:08] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv [MD5.2BA5F5A46C462E00059455173A53468F] - |A| - [29/09/2016 14:56:53] - (.-.) - [328.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:46] - [3393.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [264 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [44124.75 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [16/07/2016 12:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/08/2015 04:14:09] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [18/08/2015 04:14:09] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [26/01/2017 11:21:13] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |HD| - [10/07/2015 12:04:22] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [10/07/2015 12:04:22] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [259.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.508403F36420EB3BC28EBAEE59C4B28B] - |A| - [22/10/2015 01:36:38] - (.© 2015 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [349.88 Ko] - (0.4.0.21) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.2A571B7728F23E83A800527879105180] - |N| - [16/07/2016 12:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.0C57F9E0CB2F1567C240837AD921E865] - |A| - [22/10/2015 01:36:38] - (.Copyright (c) 2015, ICEpower a/s - ICEpower ICEsound audio effects.) - [332.66 Ko] - (1.0.0.15) - C:\WINDOWS\System32\ICEsoundAPO64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [30/11/2016 01:56:18] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin [MD5.B00A94D06A20B9B7382818E169613E9E] - |A| - [30/11/2016 21:56:42] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.7 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfx11cmrt64.dll [MD5.7ACB75AA480D7F81A01C74241C866F4F] - |A| - [30/11/2016 21:56:18] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1553.51 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmjit64.dll [MD5.81583957ADAE0BD3B7E416C160C40E07] - |A| - [30/11/2016 21:56:50] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [179.7 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmrt64.dll [MD5.EF9390A03B2BDE2E6A24C71BEB5748F3] - |A| - [30/11/2016 21:56:22] - (.-.) - [267.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.C3944847462CBEFAE479C31D938C1491] - |A| - [30/11/2016 21:56:32] - (.-.) - [101.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll [MD5.B96A6C8002F307BCC2D35F9CD4DA287F] - |A| - [30/11/2016 21:56:38] - (.-.) - [82.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll [MD5.B9F6958F071CC397BAF2A93F4993429D] - |A| - [30/11/2016 21:56:40] - (.-.) - [93.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll [MD5.2452E415E1D8A64E26D7970EC882BC56] - |A| - [30/11/2016 21:56:46] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll [MD5.56A686346BD2B62A28DE9E30E85F67A2] - |A| - [30/11/2016 21:56:48] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll [MD5.D6919CD2FA3C0C794A062D3D266C8930] - |A| - [30/11/2016 21:56:58] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll [MD5.2CD34AA6E9E3CBAFF25A9DB933FDD4EF] - |A| - [30/11/2016 21:57:00] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll [MD5.849D49E4FE8FE71DA638E87FBF8C3CF9] - |A| - [30/11/2016 21:57:18] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll [MD5.014908E8B2E69BA6F1DED6897FCC7985] - |A| - [30/11/2016 21:57:24] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll [MD5.7136416D6203AABE347B418646B49359] - |A| - [30/11/2016 21:57:32] - (.-.) - [1002.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe [MD5.B698EBBAC77D6E698F5550746F3E9A7D] - |A| - [30/11/2016 21:57:36] - (.-.) - [98.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll [MD5.3F97F0FE00548B1B271B2D9B5E769C00] - |A| - [30/11/2016 21:57:42] - (.-.) - [109.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll [MD5.63C36E3D97A3EA6B3A89B6075BD77925] - |A| - [18/08/2015 04:14:20] - (.-.) - [392.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe [MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [18/08/2015 04:14:21] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa [MD5.0D3AF85E1F169395885151038ADE9317] - |A| - [30/11/2016 01:56:20] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp [MD5.A0D0A10C8DA1B00A2EE378357F72BA90] - |A| - [30/11/2016 01:56:20] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp [MD5.7B929507BB2C2A3FBD2956EC3515364C] - |A| - [30/11/2016 01:56:20] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp [MD5.1A8302994182D4FC003A71DC6D23EE81] - |A| - [30/11/2016 01:56:20] - (.-.) - [38.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp [MD5.38FA402460982FE9A071BEC11C58B0D3] - |A| - [30/11/2016 01:56:20] - (.-.) - [38.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp [MD5.26526A63D35D8E4E19C46F920AAF48F2] - |A| - [30/11/2016 01:56:20] - (.-.) - [39.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp [MD5.9CD97189D5A5E409BBEC1B28A8AFD428] - |A| - [30/11/2016 01:56:20] - (.-.) - [39.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp [MD5.43B54B93E36AD6D5842C33697D5B3F47] - |A| - [30/11/2016 01:56:20] - (.-.) - [4.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp [MD5.8898B09A8D08E138F238224648DF0739] - |N| - [16/07/2016 12:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [18/08/2015 04:14:21] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [25926.67 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [4803 Ko] - C:\WINDOWS\System32\InputMethod [MD5.72652EDC712584F93088238767533BBC] - |A| - [30/11/2016 21:58:02] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [437.97 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe [MD5.EE5C284485228230494662C005FE51D7] - |A| - [30/11/2016 21:59:00] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [97.51 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.5EA855B4A875E08AD93FF901B5D9E275] - |N| - [16/07/2016 12:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll [MD5.00000000000000000000000000000000] - |D| - [18/08/2015 14:28:18] - [0 Ko] - C:\WINDOWS\System32\it [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [318.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [231.5 Ko] - C:\WINDOWS\System32\ja-jp [MD5.F71CB2971BD9A7C3DC7E85D182ABBC4C] - |A| - [22/10/2015 01:36:38] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [229 Ko] - C:\WINDOWS\System32\ko-KR [MD5.050BC9351A3386458B696F8BCA78B27B] - |N| - [16/07/2016 12:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [73.41 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [11891.12 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [237 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [238.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [57740 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.6CC4F9537F03F6AF37907314CCFBD212] - |A| - [22/10/2015 01:36:38] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.82 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.B6C508908106B5C4D6248CD5DAFF50FA] - |A| - [22/10/2015 01:36:38] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.3 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.0841B380238A13368A5B3F9C787BFF7A] - |A| - [22/10/2015 01:36:38] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1137.05 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll [MD5.9D4C9954DC7A48CB6881930D285F8661] - |A| - [22/10/2015 01:36:39] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1183.44 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll [MD5.4DC9314B92EFD16D3ECF90BF9B07B5CE] - |A| - [22/10/2015 01:36:39] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1363.05 Ko] - (6.1.14.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll [MD5.890DB2A2B2360DA8DC03C8EBCF9D8959] - |A| - [22/10/2015 01:36:39] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2757.11 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll [MD5.E6063CFF4951E5970BB5A92FDE3CAC9A] - |A| - [22/10/2015 01:36:39] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll [MD5.2049A5532C379373D28906CF49114915] - |A| - [22/10/2015 01:36:39] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.C4007613A8F27E469C4B8FCD5486445C] - |A| - [22/10/2015 01:36:39] - (.Copyright © 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll [MD5.8C3A050F2537F4BC1E577E1BF25C6C9D] - |A| - [22/10/2015 01:36:39] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1303.11 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll [MD5.96DC166BD1ED0DFF3CB3652B58F84CA4] - |A| - [22/10/2015 01:36:39] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [974.64 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll [MD5.AB77BFACA9660D58961AF15E57C96775] - |A| - [22/10/2015 01:36:39] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12813.24 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll [MD5.B064E0103A4E443A5FF6946B8F2E09E4] - |A| - [22/10/2015 01:36:39] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12682.16 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll [MD5.1BFA561DF9395273C94829D883A53A96] - |A| - [22/10/2015 01:36:42] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.8 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |N| - [16/07/2016 12:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.05E9C187B17DD11589DDA67A8E5BE398] - |A| - [22/10/2015 01:36:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5165.97 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll [MD5.9993AAE7D7F6FC0C5D485206994B9548] - |A| - [22/10/2015 01:36:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll [MD5.AC932A455620F5140CF2F2F9907D3EE8] - |A| - [22/10/2015 01:36:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5641.8 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [283.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\System32\NDF [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [16/07/2016 12:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [18/08/2015 14:35:24] - [0 Ko] - C:\WINDOWS\System32\nl [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [303.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [29/09/2016 15:43:24] - [16570.66 Ko] - C:\WINDOWS\System32\Nui [MD5.78B1DD0BE630C276E98347088A76CE30] - |A| - [02/08/2016 23:04:48] - (.-.) - [0.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json [MD5.413F6D3211DF29D6B8791D1A27BF7793] - |A| - [29/09/2016 15:04:53] - (.-.) - [7072.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin [MD5.74EAA39D582C30BCD2250784F88BB6F7] - |A| - [12/09/2016 20:10:00] - (.-.) - [707.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvfatbinaryLoader.dll [MD5.69908FD4C7C2988355B396929C0F03DB] - |A| - [02/08/2016 23:05:22] - (.-.) - [39.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb [MD5.12909FE8A9D5412F189F7BB01E20BEC4] - |A| - [12/09/2016 20:10:00] - (.-.) - [10609.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvptxJitCompiler.dll [MD5.F54598052A618ADC0231853D870A22BE] - |A| - [29/09/2016 15:43:32] - (.-.) - [15.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |N| - [16/07/2016 12:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [24191.06 Ko] - C:\WINDOWS\System32\oobe [MD5.42D2360079B1DF3230024AE920737367] - |N| - [16/07/2016 12:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.D3F48D586DC025A2128B2B481D394EE6] - |A| - [18/08/2015 14:14:19] - (.-.) - [155.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc007.dat [MD5.8F78E569FA300C53874A6CD2F95B2E37] - |A| - [29/09/2016 15:45:45] - (.-.) - [296.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.A6A4749D4F68CC2E3FECEF28A25A9BC0] - |A| - [29/09/2016 15:48:19] - (.-.) - [312.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.F2AFA06D7EA95FFFF0BD18B57896BB33] - |A| - [18/08/2015 14:28:53] - (.-.) - [151.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc010.dat [MD5.B114B8F56A693636245E664989A8DDC2] - |A| - [18/08/2015 14:36:00] - (.-.) - [159.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc013.dat [MD5.097391890350D6054526A5A30A488347] - |A| - [18/08/2015 14:14:19] - (.-.) - [39.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd007.dat [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [29/09/2016 15:45:45] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |A| - [29/09/2016 15:48:19] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.F10365C194B7CFB952BF4DDC39F624F5] - |A| - [18/08/2015 14:28:53] - (.-.) - [38.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd010.dat [MD5.88361FF7E914089E7D55A16669A0050D] - |A| - [18/08/2015 14:36:00] - (.-.) - [44.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd013.dat [MD5.E48BCC94745CB25D863A6452B6C720CE] - |A| - [18/08/2015 14:14:19] - (.-.) - [759.12 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh007.dat [MD5.81C0CBCB06D64D7A241A58AF68A10180] - |A| - [29/09/2016 15:45:45] - (.-.) - [1088.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.0561D3DAB190005400E7A0BDB8A5D90B] - |A| - [29/09/2016 15:48:19] - (.-.) - [1165.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.6AB35918500E9E3F9D5AF670E8C9EFD1] - |A| - [18/08/2015 14:28:53] - (.-.) - [795.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh010.dat [MD5.EFED6E8E619F6C7890B772A1EAF0A7B2] - |A| - [18/08/2015 14:36:00] - (.-.) - [802.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh013.dat [MD5.7C69FEAFC81EF85DB8D7546BA67D26F8] - |A| - [18/08/2015 06:20:37] - (.-.) - [2198.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [301.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [560 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |N| - [16/07/2016 12:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [303.5 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [299 Ko] - C:\WINDOWS\System32\pt-PT [MD5.E14B4BB412636E6F844602BA96726211] - |A| - [22/10/2015 01:36:42] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [131.06 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.3AC340EDE38C93DEE535111566D57CC8] - |A| - [22/10/2015 01:36:42] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.0725E2773603DEBC495CAD6BB879E98E] - |A| - [22/10/2015 01:36:42] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [82.64 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.839AFE0AB82BC737AA950CDBC59DDDD8] - |A| - [22/10/2015 01:36:42] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [148.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.1225AF650923196FBD515F7F61F3B0E3] - |A| - [22/10/2015 01:36:43] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |N| - [16/07/2016 12:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof [MD5.D67CDB8D2584AAC165A77488C5A7A987] - |N| - [16/07/2016 12:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.4FE9CE56EFA89779D81B988698D2454C] - |N| - [16/07/2016 12:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.BC007683795441E6E2768281D1468763] - |A| - [22/10/2015 01:32:28] - (.-.) - [16.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml [MD5.8255EC5B713CF78A159BF5C470D52F48] - |A| - [22/10/2015 01:36:45] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.6DB44745996997C38B772D7A810F03C9] - |A| - [22/10/2015 01:36:45] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.EABD549516BF670A684743EEE6A1ADA9] - |A| - [22/10/2015 01:39:22] - (.Copyright (C) 2014 - RtCRX.) - [81.21 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll [MD5.9222BF12421E53E4E876E2046DABEE9E] - |A| - [22/10/2015 01:36:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.6BA77A967A82A6B7DB7F7AD651B20331] - |A| - [22/10/2015 01:36:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.EEF55DB9179423A005EBEDBFF58470AE] - |A| - [22/10/2015 01:36:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.39 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.C8F63500207103BB652D6CBD4463BE36] - |A| - [22/10/2015 01:36:53] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |N| - [16/07/2016 12:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [16/07/2016 12:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.5BA311AB902C53E6DD690884FF4E0A83] - |A| - [22/10/2015 01:36:54] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.26 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll [MD5.1BCACE8A77043990B1524069AA0A1E8F] - |A| - [22/10/2015 01:36:55] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.79 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll [MD5.B8408A05979CD2A59A9FFE1D20333B91] - |A| - [22/10/2015 01:36:55] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.48 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll [MD5.4D882FCCAE129D136DA3C26FC02FCEDF] - |A| - [22/10/2015 01:36:55] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [938.5 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.8676A948D99A71DA5D3DFAFE6922193E] - |A| - [22/10/2015 01:36:55] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1096.34 Ko] - (3.1.38.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 14:57:03] - [4857.27 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.4DCC31108CDFB9E3B75851E832FFB3C0] - |A| - [22/10/2015 01:36:55] - (.TODO: (c) . - TODO: .) - [253.21 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll [MD5.67BF00977F62860E995BA3DE3B7C7E47] - |A| - [22/10/2015 01:36:56] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [732.2 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sltech64.dll [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |N| - [16/07/2016 12:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:34:05] - [13441.02 Ko] - C:\WINDOWS\System32\SMI [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [7600.34 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [7900.14 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [52360.57 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [7956.25 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [31.88 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [244 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.21E0C610285B87AF72652BA7FDB4C079] - |A| - [22/10/2015 01:36:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.22 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll [MD5.DFABE9A7136A2DCB214E6FC98AF006E5] - |A| - [22/10/2015 01:36:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll [MD5.34EE39E418EB2D5257D5C43A00719D6C] - |A| - [22/10/2015 01:36:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll [MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [16/07/2016 12:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.D83FBD1A36253E64A7D3395E98A4886B] - |A| - [22/10/2015 01:36:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.52 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll [MD5.E8AF61341CB6A533154ADC49DFF46620] - |A| - [22/10/2015 01:36:56] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.C17CA8A6CFE98EBFFCB5F6622424DB3B] - |A| - [22/10/2015 01:36:56] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.2397A5AB72611D17B0B4F8504A23394C] - |A| - [22/10/2015 01:36:56] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.A9638955EB0C1893BDC8715FDDD36562] - |A| - [22/10/2015 01:36:56] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [18648 Ko] - C:\WINDOWS\System32\sru [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [289 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:23] - [1623.04 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [913.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.D602CA245CC6774A0981B607F0675609] - |N| - [16/07/2016 12:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.C8F2952DAE3971614DBD0C509F35BE93] - |A| - [16/07/2016 12:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [16/07/2016 12:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [240 Ko] - C:\WINDOWS\System32\uk-UA [MD5.E7482D1D449217C8641762F5C38E157C] - |N| - [16/07/2016 12:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VpnSohDesktop.dll [MD5.5C6D7A79127E42632F1218AD6CE39F01] - |A| - [22/10/2015 01:36:56] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [95580.55 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [113840.65 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |N| - [16/07/2016 12:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [10/07/2015 12:04:22] - [0 Ko] - C:\WINDOWS\System32\wfp [MD5.6E29B456E3F864EC61C59FD3C7A2B85B] - |A| - [18/08/2015 06:35:56] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-I7OIDGKPSVC_Administrator_HistoryPrediction.bin [MD5.42B79A7BAAECA7EA80C7CB0FE30F7832] - |A| - [22/10/2015 02:15:21] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-KLUSB88RS4A_Administrator_HistoryPrediction.bin [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [1.1 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [42585.77 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [8369.07 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [163152 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [4228.5 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [107.53 Ko] - C:\WINDOWS\System32\winrm [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [16/07/2016 12:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |N| - [16/07/2016 12:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [05/11/2016 09:15:22] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [29/09/2016 15:03:33] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 12:43:00] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 12:43:02] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 12:43:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [2141.84 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [250 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.CFC72A65CF6E16FF45149CADAE667E55] - |A| - [22/10/2015 02:02:00] - (.-.) - [6.16 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\AsPowerCfg.log [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [222 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [318 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.A352B52F35D156C36F1DA586E6AE5432] - |A| - [15/10/2016 18:27:33] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DOErrors.log [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [1068.16 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [3416.43 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [293 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [0 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [213 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [1565.6 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [287.5 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [231.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.0921DF1E72DC97E18BBB6BB642E41BA4] - |A| - [22/10/2015 01:34:08] - (.-.) - [18.59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Gms.log [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [238.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [217 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [270.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.C2558938D3DFB45D63BB3FCEEC0AD7DA] - |A| - [30/11/2016 21:58:54] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [101.51 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [18/08/2015 14:28:20] - [0 Ko] - C:\WINDOWS\SysWOW64\it [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [293 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.E258E0C9E3FB8E0AA073FAC5CC34CE81] - |ASH| - [30/09/2016 14:37:53] - (.-.) - [0.93 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\KGyGaAvL.sys [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [212.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [73.41 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [213.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [214.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [49179.13 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |SD| - [30/09/2016 15:00:45] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [2944.97 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [821.34 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [260.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [18/08/2015 14:35:26] - [0 Ko] - C:\WINDOWS\SysWOW64\nl [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [278 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [29/09/2016 15:43:24] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.E7DE1E8FD721BFD89B9F586272FBA14C] - |A| - [02/08/2016 23:04:48] - (.-.) - [0.58 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json [MD5.3FFD9447CC97C313AD0E570BB1DF3BA5] - |A| - [12/09/2016 20:10:00] - (.-.) - [597.27 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll [MD5.BA558A2E05EA9321DEDA2B07FE69B332] - |A| - [12/09/2016 20:10:00] - (.-.) - [8707.53 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [644.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [275.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [420.42 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.8FDA02E3E944E203E118F3DABA7C026D] - |A| - [05/06/2007 12:20:30] - (.© 2000-2005 Protexis Inc. - nTitles PSIKey.) - [1425.54 Ko] - (2.0.0.1) - C:\WINDOWS\SysWOW64\PSIKey.dll [MD5.F115AF58ABE5605D7D709CBFBD83F418] - |A| - [05/06/2007 12:20:32] - (.© 2000-2005 Protexis Inc. - nTitles PSIService.) - [173.54 Ko] - (2.0.0.1) - C:\WINDOWS\SysWOW64\PSIService.exe [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [278.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [273.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0.76 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.DFABE9A7136A2DCB214E6FC98AF006E5] - |A| - [22/10/2015 01:36:56] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [265.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [205 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [261.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [215.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [15540.58 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [7450.94 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [4228.5 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:47:47] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:48:49] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [190.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [29/09/2016 15:43:24] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | [Administrateur] [04/11/2016 18:37:37] - |D| - [171457348] - C:\Users\Administrateur\AppData\Local [04/11/2016 18:37:39] - |D| - [10327] - C:\Users\Administrateur\AppData\LocalLow [04/11/2016 18:37:37] - |D| - [3205204] - C:\Users\Administrateur\AppData\Roaming [04/11/2016 18:37:39] - |SHD| - [1815165368] - C:\Users\Administrateur\AppData\Local\Application Data [04/11/2016 18:50:09] - |D| - [0] - C:\Users\Administrateur\AppData\Local\CEF [04/11/2016 18:41:20] - |D| - [19619844] - C:\Users\Administrateur\AppData\Local\Comms [04/11/2016 18:37:42] - |D| - [169009] - C:\Users\Administrateur\AppData\Local\ConnectedDevicesPlatform [04/11/2016 18:37:39] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Historique [05/11/2016 09:29:13] - |AH| - [9673] - C:\Users\Administrateur\AppData\Local\IconCache.db [04/11/2016 18:37:37] - |D| - [115565495] - C:\Users\Administrateur\AppData\Local\Microsoft [04/11/2016 18:40:45] - |D| - [0] - C:\Users\Administrateur\AppData\Local\NetworkTiles [04/11/2016 18:39:51] - |D| - [8248983] - C:\Users\Administrateur\AppData\Local\NVIDIA [04/11/2016 18:37:55] - |D| - [6809003] - C:\Users\Administrateur\AppData\Local\Packages [04/11/2016 18:38:59] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Publishers [04/11/2016 18:37:37] - |D| - [9148749] - C:\Users\Administrateur\AppData\Local\Temp [04/11/2016 18:37:39] - |SHD| - [54246] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files [04/11/2016 18:37:54] - |D| - [11886592] - C:\Users\Administrateur\AppData\Local\TileDataLayer [04/11/2016 18:38:31] - |SD| - [10327] - C:\Users\Administrateur\AppData\LocalLow\Microsoft [04/11/2016 18:37:55] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\Adobe [04/11/2016 18:39:57] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\AVAST Software [04/11/2016 18:45:19] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\awsRun [05/11/2016 08:00:01] - |D| - [502] - C:\Users\Administrateur\AppData\Roaming\kingsoft [04/11/2016 18:37:37] - |SD| - [3203869] - C:\Users\Administrateur\AppData\Roaming\Microsoft [04/11/2016 18:38:33] - |A| - [165] - C:\Users\Administrateur\AppData\Roaming\sp_data.sys [04/11/2016 18:37:53] - |D| - [668] - C:\Users\Administrateur\AppData\Roaming\WebStorage [04/11/2016 18:38:00] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [04/11/2016 18:37:39] - |SHD| - [22491] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [04/11/2016 18:37:37] - |RD| - [22491] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [04/11/2016 18:37:37] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [04/11/2016 18:37:37] - |RD| - [2923] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [04/11/2016 18:38:00] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [04/11/2016 18:38:00] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [04/11/2016 18:37:37] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [04/11/2016 18:41:26] - |A| - [2432] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [04/11/2016 18:38:00] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [04/11/2016 18:37:37] - |RD| - [5318] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [04/11/2016 18:37:37] - |RD| - [7238] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [04/11/2016 18:38:00] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Nathange] [29/09/2016 15:26:20] - |D| - [1397677849] - C:\Users\Nathange\AppData\Local [22/01/2016 15:28:16] - |D| - [82337199] - C:\Users\Nathange\AppData\LocalLow [29/09/2016 15:26:20] - |D| - [263086079] - C:\Users\Nathange\AppData\Roaming [07/11/2016 17:01:21] - |D| - [0] - C:\Users\Nathange\AppData\Local\Adobe [29/09/2016 15:26:20] - |SHD| - [13563258700] - C:\Users\Nathange\AppData\Local\Application Data [29/09/2016 18:37:59] - |D| - [443696] - C:\Users\Nathange\AppData\Local\CEF [29/09/2016 16:05:33] - |D| - [39482967] - C:\Users\Nathange\AppData\Local\Comms [29/09/2016 15:46:58] - |D| - [1989897] - C:\Users\Nathange\AppData\Local\ConnectedDevicesPlatform [30/09/2016 15:02:51] - |D| - [861473] - C:\Users\Nathange\AppData\Local\Corel [26/10/2016 15:50:19] - |D| - [44267972] - C:\Users\Nathange\AppData\Local\Corel PaintShop Pro [27/10/2016 19:14:45] - |D| - [2682232] - C:\Users\Nathange\AppData\Local\CrashDumps [23/10/2016 07:44:29] - |D| - [7493] - C:\Users\Nathange\AppData\Local\Cyberlink [02/10/2016 08:13:47] - |D| - [181159] - C:\Users\Nathange\AppData\Local\Diagnostics [29/09/2016 15:51:58] - |D| - [1834] - C:\Users\Nathange\AppData\Local\DropboxOEM [06/10/2016 18:38:31] - |D| - [0] - C:\Users\Nathange\AppData\Local\ElevatedDiagnostics [23/10/2016 14:27:40] - |D| - [0] - C:\Users\Nathange\AppData\Local\Evernote [06/10/2016 20:20:49] - |D| - [1475] - C:\Users\Nathange\AppData\Local\Hewlett-Packard [29/09/2016 15:26:20] - |SHD| - [130] - C:\Users\Nathange\AppData\Local\Historique [06/10/2016 18:13:33] - |D| - [144201] - C:\Users\Nathange\AppData\Local\HP [15/10/2016 18:30:08] - |D| - [5745] - C:\Users\Nathange\AppData\Local\HP_Development_Company,_L [15/11/2016 22:32:56] - |AH| - [220706] - C:\Users\Nathange\AppData\Local\IconCache.db [24/10/2016 08:41:50] - |D| - [32441638] - C:\Users\Nathange\AppData\Local\Kingsoft [29/09/2016 15:26:20] - |D| - [463569383] - C:\Users\Nathange\AppData\Local\Microsoft [29/09/2016 18:23:39] - |D| - [85491] - C:\Users\Nathange\AppData\Local\MicrosoftEdge [29/09/2016 18:29:26] - |D| - [377905419] - C:\Users\Nathange\AppData\Local\Mozilla [29/09/2016 15:50:10] - |D| - [8530314] - C:\Users\Nathange\AppData\Local\NVIDIA [29/09/2016 15:47:19] - |D| - [378482342] - C:\Users\Nathange\AppData\Local\Packages [29/09/2016 20:52:59] - |D| - [0] - C:\Users\Nathange\AppData\Local\Programs [29/09/2016 15:48:03] - |D| - [109972] - C:\Users\Nathange\AppData\Local\Publishers [02/10/2016 08:41:12] - |A| - [7606] - C:\Users\Nathange\AppData\Local\Resmon.ResmonCfg [29/09/2016 15:26:20] - |D| - [27567648] - C:\Users\Nathange\AppData\Local\Temp [29/09/2016 15:26:20] - |SHD| - [8683888] - C:\Users\Nathange\AppData\Local\Temporary Internet Files [29/09/2016 15:47:12] - |D| - [14114816] - C:\Users\Nathange\AppData\Local\TileDataLayer [29/09/2016 15:47:35] - |D| - [5626380] - C:\Users\Nathange\AppData\Local\VirtualStore [22/01/2016 11:39:09] - |D| - [9] - C:\Users\Nathange\AppData\LocalLow\Evernote [22/01/2016 15:28:42] - |SD| - [175903] - C:\Users\Nathange\AppData\LocalLow\Microsoft [18/11/2016 18:41:33] - |D| - [0] - C:\Users\Nathange\AppData\LocalLow\Mozilla [19/02/2016 00:12:49] - |D| - [82053120] - C:\Users\Nathange\AppData\LocalLow\Oracle [15/04/2016 11:43:19] - |D| - [108167] - C:\Users\Nathange\AppData\LocalLow\Sun [30/11/2016 14:52:52] - |D| - [0] - C:\Users\Nathange\AppData\LocalLow\Temp [29/09/2016 15:47:33] - |D| - [0] - C:\Users\Nathange\AppData\Roaming\Adobe [03/10/2016 15:26:36] - |D| - [116632] - C:\Users\Nathange\AppData\Roaming\Alien Skin [29/09/2016 18:31:04] - |D| - [20897869] - C:\Users\Nathange\AppData\Roaming\AVAST Software [29/09/2016 15:55:17] - |D| - [0] - C:\Users\Nathange\AppData\Roaming\awsRun [30/09/2016 14:53:30] - |D| - [57792800] - C:\Users\Nathange\AppData\Roaming\Corel [29/09/2016 15:51:58] - |D| - [73663520] - C:\Users\Nathange\AppData\Roaming\DropboxOEM [06/10/2016 20:12:35] - |D| - [0] - C:\Users\Nathange\AppData\Roaming\Hewlett-Packard [06/10/2016 20:04:51] - |D| - [41689] - C:\Users\Nathange\AppData\Roaming\hpqLog [06/10/2016 18:17:05] - |D| - [6895] - C:\Users\Nathange\AppData\Roaming\HpUpdate [30/09/2016 14:36:53] - |D| - [0] - C:\Users\Nathange\AppData\Roaming\InstallShield [01/10/2016 10:54:21] - |D| - [0] - C:\Users\Nathange\AppData\Roaming\Jasc [24/10/2016 08:41:50] - |D| - [842817] - C:\Users\Nathange\AppData\Roaming\Kingsoft [10/11/2016 12:49:37] - |D| - [2338979] - C:\Users\Nathange\AppData\Roaming\LibreOffice [29/09/2016 15:53:25] - |D| - [523] - C:\Users\Nathange\AppData\Roaming\Macromedia [29/09/2016 15:26:20] - |SD| - [3581187] - C:\Users\Nathange\AppData\Roaming\Microsoft [29/09/2016 18:29:26] - |D| - [97564807] - C:\Users\Nathange\AppData\Roaming\Mozilla [10/11/2016 12:49:52] - |D| - [462700] - C:\Users\Nathange\AppData\Roaming\NVIDIA [30/09/2016 19:49:29] - |D| - [76] - C:\Users\Nathange\AppData\Roaming\Skype [11/10/2016 16:47:24] - |D| - [4096] - C:\Users\Nathange\AppData\Roaming\SoftMaker [29/09/2016 15:49:30] - |A| - [165] - C:\Users\Nathange\AppData\Roaming\sp_data.sys [29/09/2016 21:52:12] - |D| - [0] - C:\Users\Nathange\AppData\Roaming\Sun [26/10/2016 15:50:21] - |D| - [37568] - C:\Users\Nathange\AppData\Roaming\Ulead Systems [29/09/2016 15:47:21] - |D| - [22639] - C:\Users\Nathange\AppData\Roaming\WebStorage [10/11/2016 11:51:26] - |D| - [289] - C:\Users\Nathange\AppData\Roaming\WildTangent [30/09/2016 14:36:20] - |D| - [12] - C:\Users\Nathange\AppData\Roaming\WinRAR [29/09/2016 18:28:02] - |D| - [5710816] - C:\Users\Nathange\AppData\Roaming\ZHP [29/09/2016 15:47:41] - |ASH| - [174] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [29/09/2016 15:26:20] - |SHD| - [34383] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [29/09/2016 15:26:20] - |RD| - [34383] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [29/09/2016 15:26:20] - |RD| - [3888] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [29/09/2016 15:26:20] - |RD| - [2927] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [29/09/2016 15:47:41] - |RD| - [174] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/09/2016 15:47:41] - |ASH| - [174] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [03/10/2016 15:22:40] - |A| - [1331] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Candy 5 Nature Manual.lnk [05/10/2016 02:38:24] - |A| - [2119] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk [08/11/2016 09:29:21] - |A| - [2315] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP Print and Scan Doctor.lnk [06/11/2016 14:07:33] - |D| - [0] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-aware [29/09/2016 15:26:20] - |D| - [170] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [29/09/2016 15:52:05] - |A| - [2418] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [29/09/2016 15:47:41] - |RD| - [174] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2016 15:26:20] - |RD| - [5318] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [29/09/2016 15:26:20] - |RD| - [7238] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [30/09/2016 14:32:22] - |D| - [4385] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [02/12/2016 10:57:20] - |A| - [1028] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xenofex 2 Manual.lnk [05/10/2016 02:31:19] - |A| - [724] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZHPCleaner.lnk [29/09/2016 15:47:41] - |ASH| - [174] - C:\Users\Nathange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Nathange Lys] [05/11/2016 13:38:46] - |D| - [0] - C:\Users\Nathange Lys\AppData\Roaming [05/11/2016 15:39:54] - |D| - [0] - C:\Users\Nathange Lys\AppData\Roaming\Mozilla ---------- | [Public] ---------- | C:\ProgramData [25/10/2016 08:45:12] - |D| - [15577660] - C:\ProgramData\albumphoto [06/10/2016 18:14:44] - |A| - [57] - C:\ProgramData\Ament.ini [29/09/2016 15:38:41] - |SHD| - [23484029786] - C:\ProgramData\Application Data [29/09/2016 15:46:57] - |D| - [8010] - C:\ProgramData\ASUS [18/08/2015 06:28:20] - |D| - [4065] - C:\ProgramData\ASUS WebStorage [22/10/2015 01:49:48] - |D| - [149106088] - C:\ProgramData\AVAST Software [29/09/2016 15:38:41] - |SHD| - [2257] - C:\ProgramData\Bureau [29/09/2016 15:43:23] - |D| - [0] - C:\ProgramData\Comms [30/09/2016 14:53:07] - |D| - [208041907] - C:\ProgramData\Corel [22/10/2015 01:58:26] - |D| - [54899191] - C:\ProgramData\CyberLink [29/09/2016 15:38:41] - |SHD| - [24147] - C:\ProgramData\Documents [29/09/2016 15:03:54] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [06/10/2016 19:24:44] - |D| - [72020] - C:\ProgramData\Hewlett-Packard [06/10/2016 17:59:55] - |AD| - [15390401] - C:\ProgramData\HP [22/10/2015 01:58:22] - |D| - [95994] - C:\ProgramData\install_clap [22/10/2015 01:28:50] - |D| - [43818486] - C:\ProgramData\Intel [18/08/2015 06:29:05] - |D| - [28501] - C:\ProgramData\Kingsoft [30/01/2017 08:10:36] - |D| - [59205200] - C:\ProgramData\Malwarebytes [22/10/2015 01:50:06] - |D| - [176] - C:\ProgramData\McAfee [29/09/2016 15:38:41] - |SHD| - [151103] - C:\ProgramData\Menu Démarrer [29/09/2016 15:43:23] - |SD| - [1478616691] - C:\ProgramData\Microsoft [22/10/2015 01:24:23] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [29/09/2016 15:38:41] - |SHD| - [0] - C:\ProgramData\Modèles [29/09/2016 15:05:09] - |D| - [259] - C:\ProgramData\NVIDIA [29/09/2016 15:04:27] - |D| - [3417123] - C:\ProgramData\NVIDIA Corporation [29/09/2016 21:51:29] - |D| - [72300835] - C:\ProgramData\Oracle [22/10/2015 01:26:45] - |D| - [2763865] - C:\ProgramData\Package Cache [27/10/2016 18:49:21] - |D| - [2828] - C:\ProgramData\Protexis [26/10/2016 15:50:32] - |D| - [3004] - C:\ProgramData\Protexis64 [22/10/2015 01:39:35] - |D| - [20805] - C:\ProgramData\Qualcomm Atheros [29/09/2016 15:43:24] - |AD| - [1003] - C:\ProgramData\regid.1991-06.com.microsoft [04/01/2017 10:43:26] - |D| - [1591788] - C:\ProgramData\RogueKiller [29/09/2016 15:52:43] - |D| - [53659954] - C:\ProgramData\SetupTPDriver [29/09/2016 15:43:24] - |D| - [0] - C:\ProgramData\SoftwareDistribution [22/10/2015 01:58:26] - |D| - [1284544] - C:\ProgramData\Temp [21/11/2016 18:33:44] - |D| - [2344] - C:\ProgramData\Unchecky [29/09/2016 15:49:13] - |D| - [434] - C:\ProgramData\USBChargerPlus [29/09/2016 15:43:24] - |D| - [4091] - C:\ProgramData\USOPrivate [29/09/2016 14:58:48] - |D| - [2097152] - C:\ProgramData\USOShared [18/08/2015 06:28:20] - |D| - [4065] - C:\ProgramData\WebStorage [18/08/2015 06:28:36] - |D| - [401656] - C:\ProgramData\WildTangent ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [29/09/2016 15:43:25] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [29/09/2016 15:38:41] - |SHD| - [150929] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [29/09/2016 15:43:23] - |RD| - [150929] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [29/09/2016 15:43:23] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [29/09/2016 15:43:23] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [29/09/2016 15:43:23] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/08/2015 06:28:21] - |D| - [13489] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [14/11/2016 21:25:33] - |A| - [1981] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk [14/11/2016 21:31:07] - |A| - [1090] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk [16/12/2016 18:57:31] - |D| - [965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [30/09/2016 14:52:11] - |D| - [9267] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Paint Shop Pro Photo X2 [26/10/2016 15:43:42] - |D| - [3741] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X6 [22/10/2015 02:01:51] - |RD| - [2254] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 5 [22/10/2015 02:00:20] - |RD| - [2194] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12 [29/09/2016 15:43:25] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [18/08/2015 06:29:13] - |D| - [2126] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB [18/08/2015 06:28:32] - |D| - [2541] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [02/10/2016 19:14:19] - |D| - [2261] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Patcher [18/08/2015 06:28:43] - |RD| - [95] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [06/10/2016 18:16:44] - |D| - [4499] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [06/10/2016 20:06:23] - |D| - [2320] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [22/10/2015 01:50:01] - |D| - [2685] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower [16/07/2016 12:43:50] - |AS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [22/10/2015 01:30:54] - |A| - [720] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk [30/09/2016 15:25:59] - |D| - [3772] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software [29/09/2016 21:51:58] - |D| - [6892] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [06/11/2016 14:07:33] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-aware [10/11/2016 12:14:08] - |D| - [8213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1 [29/09/2016 15:43:23] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [30/01/2017 08:10:42] - |D| - [4042] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [01/11/2016 13:26:34] - |D| - [2304] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [16/07/2016 12:42:22] - |AS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [29/09/2016 18:37:53] - |A| - [1007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [18/12/2016 16:29:43] - |D| - [2260] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plugin Galaxy [16/07/2016 12:43:50] - |AS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [22/10/2015 01:37:42] - |D| - [1952] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [22/11/2016 16:11:59] - |D| - [3573] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [29/09/2016 15:43:23] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [29/09/2016 15:43:23] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [10/07/2015 17:30:02] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [21/11/2016 18:33:45] - |D| - [2228] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky [29/09/2016 15:25:00] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [30/09/2016 14:32:22] - |D| - [4313] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [18/08/2015 06:29:08] - |D| - [9591] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [29/09/2016 15:43:25] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [03/10/2016 15:22:40] - |D| - [565248] - C:\Program Files (x86)\Alien Skin [18/08/2015 06:27:56] - |D| - [107738668] - C:\Program Files (x86)\ASUS [02/10/2016 07:51:02] - |D| - [2891424] - C:\Program Files (x86)\AxBx [22/10/2015 01:42:14] - |AD| - [1096725] - C:\Program Files (x86)\Bluetooth Suite [29/09/2016 15:34:05] - |D| - [111726254] - C:\Program Files (x86)\Common Files [30/09/2016 14:36:59] - |D| - [967635026] - C:\Program Files (x86)\Corel [22/10/2015 02:00:15] - |D| - [84591174] - C:\Program Files (x86)\Cyberlink [29/09/2016 15:43:25] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [18/08/2015 06:29:12] - |D| - [3029149] - C:\Program Files (x86)\Dropbox [18/08/2015 06:28:30] - |D| - [244567943] - C:\Program Files (x86)\Evernote [05/10/2016 02:38:24] - |D| - [10955385] - C:\Program Files (x86)\FileHippo.com [02/10/2016 19:14:19] - |AD| - [1046014] - C:\Program Files (x86)\FMPatcher [06/10/2016 19:06:54] - |D| - [70239373] - C:\Program Files (x86)\Hewlett-Packard [06/10/2016 18:16:26] - |AD| - [14640227] - C:\Program Files (x86)\HP [22/10/2015 01:50:01] - |D| - [7531696] - C:\Program Files (x86)\ICEpower [22/10/2015 01:35:56] - |HD| - [114315657] - C:\Program Files (x86)\InstallShield Installation Information [29/09/2016 15:02:33] - |D| - [41424097] - C:\Program Files (x86)\Intel [29/09/2016 15:43:23] - |D| - [1990699] - C:\Program Files (x86)\Internet Explorer [30/09/2016 15:25:33] - |D| - [28818832] - C:\Program Files (x86)\Jasc Software Inc [30/01/2017 08:19:47] - |D| - [164216934] - C:\Program Files (x86)\Java [18/08/2015 06:28:48] - |D| - [276737199] - C:\Program Files (x86)\Kingsoft [10/11/2016 12:12:45] - |AD| - [711042111] - C:\Program Files (x86)\LibreOffice 5 [18/08/2015 06:29:05] - |D| - [0] - C:\Program Files (x86)\Microsoft Office [01/11/2016 13:25:30] - |D| - [42890830] - C:\Program Files (x86)\Microsoft Silverlight [29/09/2016 15:43:23] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [25/10/2016 08:45:12] - |AD| - [794624] - C:\Program Files (x86)\monAlbumPhoto [30/01/2017 08:36:21] - |AD| - [95904693] - C:\Program Files (x86)\Mozilla Firefox [29/09/2016 18:26:39] - |D| - [301933] - C:\Program Files (x86)\Mozilla Maintenance Service [29/09/2016 15:48:48] - |D| - [25757] - C:\Program Files (x86)\MSBuild [22/10/2015 01:34:01] - |D| - [184588044] - C:\Program Files (x86)\NVIDIA Corporation [22/10/2015 01:40:06] - |AD| - [236899] - C:\Program Files (x86)\Qualcomm Atheros [22/10/2015 01:35:56] - |D| - [164642063] - C:\Program Files (x86)\Realtek [29/09/2016 15:48:48] - |D| - [38450433] - C:\Program Files (x86)\Reference Assemblies [22/10/2015 01:36:33] - |HD| - [0] - C:\Program Files (x86)\Temp [21/11/2016 18:33:44] - |AD| - [5876396] - C:\Program Files (x86)\Unchecky [29/09/2016 15:43:23] - |D| - [1941504] - C:\Program Files (x86)\Windows Defender [29/09/2016 15:43:23] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail [29/09/2016 15:43:23] - |D| - [3275928] - C:\Program Files (x86)\Windows Media Player [29/09/2016 15:43:23] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform [29/09/2016 15:43:23] - |D| - [7584962] - C:\Program Files (x86)\Windows NT [29/09/2016 15:43:23] - |D| - [5424832] - C:\Program Files (x86)\Windows Photo Viewer [29/09/2016 15:43:23] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices [29/09/2016 15:43:23] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [29/09/2016 15:43:23] - |D| - [2372799] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [14/11/2016 21:20:48] - |D| - [994799299] - C:\Program Files\AVAST Software [16/12/2016 18:57:29] - |AD| - [20008904] - C:\Program Files\CCleaner [29/09/2016 15:34:05] - |D| - [53841214] - C:\Program Files\Common Files [26/10/2016 15:44:40] - |D| - [190005577] - C:\Program Files\Corel [22/10/2015 01:58:57] - |D| - [1228077741] - C:\Program Files\CyberLink [29/09/2016 15:43:25] - |ASH| - [174] - C:\Program Files\desktop.ini [22/10/2015 01:46:22] - |D| - [1049400] - C:\Program Files\DIFX [29/09/2016 15:38:41] - |SHD| - [53841214] - C:\Program Files\Fichiers communs [06/10/2016 18:16:26] - |D| - [115272659] - C:\Program Files\HP [29/09/2016 15:03:12] - |D| - [58495267] - C:\Program Files\Intel [29/09/2016 15:43:23] - |D| - [2583062] - C:\Program Files\Internet Explorer [30/01/2017 08:10:36] - |D| - [131770664] - C:\Program Files\Malwarebytes [01/11/2016 13:25:30] - |AD| - [55721038] - C:\Program Files\Microsoft Silverlight [18/11/2016 09:45:53] - |AD| - [107573137] - C:\Program Files\Mozilla Firefox [29/09/2016 15:48:48] - |D| - [25757] - C:\Program Files\MSBuild [29/09/2016 15:04:09] - |D| - [604973240] - C:\Program Files\NVIDIA Corporation [29/09/2016 15:03:30] - |D| - [45060148] - C:\Program Files\Realtek [29/09/2016 15:48:48] - |D| - [36850857] - C:\Program Files\Reference Assemblies [29/09/2016 14:58:14] - |HD| - [0] - C:\Program Files\Uninstall Information [22/11/2016 16:11:58] - |D| - [22255341] - C:\Program Files\VS Revo Group [29/09/2016 15:43:23] - |RD| - [14913860] - C:\Program Files\Windows Defender [10/07/2015 17:30:02] - |D| - [0] - C:\Program Files\Windows Journal [29/09/2016 15:43:23] - |D| - [6181888] - C:\Program Files\Windows Mail [29/09/2016 15:43:23] - |D| - [4989628] - C:\Program Files\Windows Media Player [29/09/2016 15:43:23] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform [29/09/2016 15:43:23] - |D| - [7849154] - C:\Program Files\Windows NT [29/09/2016 15:43:23] - |D| - [6223552] - C:\Program Files\Windows Photo Viewer [29/09/2016 15:43:23] - |D| - [37784] - C:\Program Files\Windows Portable Devices [29/09/2016 15:43:23] - |SHD| - [0] - C:\Program Files\Windows Sidebar [29/09/2016 15:43:23] - |HD| - [1631191908] - C:\Program Files\WindowsApps [29/09/2016 15:43:23] - |D| - [2848364] - C:\Program Files\WindowsPowerShell [30/09/2016 14:32:18] - |AD| - [6329623] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [22/10/2015 01:42:15] - |D| - [68470] - C:\Program Files (x86)\Common Files\Atheros [30/01/2017 09:24:59] - |D| - [986045] - C:\Program Files (x86)\Common Files\AV [18/08/2015 06:28:17] - |D| - [4115665] - C:\Program Files (x86)\Common Files\AWS [30/09/2016 14:51:42] - |AD| - [6294936] - C:\Program Files (x86)\Common Files\Corel [29/09/2016 15:03:03] - |D| - [68080827] - C:\Program Files (x86)\Common Files\Intel [28/01/2017 15:28:31] - |D| - [1941064] - C:\Program Files (x86)\Common Files\Java [22/10/2015 01:50:11] - |D| - [1923776] - C:\Program Files (x86)\Common Files\McAfee [29/09/2016 15:43:23] - |D| - [15281425] - C:\Program Files (x86)\Common Files\Microsoft Shared [22/10/2015 02:01:54] - |D| - [1488873] - C:\Program Files (x86)\Common Files\Nikon [22/10/2015 01:28:52] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent [26/10/2016 15:44:09] - |D| - [1698368] - C:\Program Files (x86)\Common Files\Protexis [29/09/2016 15:43:23] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [29/09/2016 15:43:23] - |D| - [9639307] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [30/01/2017 09:24:59] - |D| - [986045] - C:\Program Files\Common files\AV [29/09/2016 15:43:23] - |D| - [38769532] - C:\Program Files\Common files\microsoft shared [26/10/2016 15:45:29] - |D| - [2958192] - C:\Program Files\Common files\Protexis [22/10/2015 01:42:14] - |D| - [878716] - C:\Program Files\Common files\QCA_Bluetooth [29/09/2016 15:43:23] - |D| - [2702] - C:\Program Files\Common files\Services [29/09/2016 15:43:23] - |D| - [10246027] - C:\Program Files\Common files\System ---------- | Tasks [MD5.039217042ADE0E56994964AB6B931567] - [07/11/2016 17:53:44] - |A| - [1002] - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [MD5.531B4B2215D918C4078902B7691BAE1D] - [15/10/2016 18:30:09] - |A| - [362] - C:\WINDOWS\Tasks\HPCeeScheduleForNathange.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [29/09/2016 14:57:34] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.15A32E0528359A08261CEB4ACECDFC78] - [18/08/2015 06:29:10] - |A| - [424] - C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job [MD5.22224AAB7EFA9A1D1A3B3E46D03382EC] - [24/10/2016 08:42:21] - |A| - [400] - C:\WINDOWS\Tasks\WpsNotifyTask_Nathange.job [MD5.03CE4F8A2D27ABC5C41A981610DB674D] - [18/08/2015 06:29:10] - |A| - [424] - C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job [MD5.99C98EFD62FF90961F5A87B7AEAC744E] - [24/10/2016 08:42:20] - |A| - [400] - C:\WINDOWS\Tasks\WpsUpdateTask_Nathange.job [MD5.16065674160858C2E01DCDB349DCB26D] - [07/11/2016 17:53:44] - |A| - [3988] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.5B91FCB01CB7EC2338C9F498EB4FC244] - [29/09/2016 17:18:43] - |A| - [3550] - C:\WINDOWS\System32\Tasks\ASUS Live Update1 : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [MD5.9120B3FF95F85EA4904B1822F4EA5884] - [29/09/2016 17:18:43] - |A| - [3540] - C:\WINDOWS\System32\Tasks\ASUS Live Update2 : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [MD5.00000000000000000000000000000000] - [30/01/2017 09:25:00] - |D| - [3968] - C:\WINDOWS\System32\Tasks\AVAST Software [MD5.45FC942D12A790A04B1347BC08EBBC67] - [14/11/2016 21:24:56] - |A| - [4004] - C:\WINDOWS\System32\Tasks\avast! Emergency Update : C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [MD5.A8C5D6B2BCF468ECDFA8E9AB3802E5DD] - [16/12/2016 18:57:34] - |A| - [2862] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.00000000000000000000000000000000] - [06/10/2016 19:07:39] - |D| - [25438] - C:\WINDOWS\System32\Tasks\Hewlett-Packard [MD5.BBE1E83E9A00054843B43CE25D60932B] - [06/10/2016 18:17:00] - |A| - [3764] - C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 3520 series : "C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe" [MD5.00000000000000000000000000000000] - [29/09/2016 15:43:24] - |D| - [495334] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.AD41DF1537F055C1E279302CD4A5C809] - [18/12/2016 10:23:07] - |A| - [3282] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.266F1CFB80AD80D459FD3EBBF8204452] - [29/09/2016 15:04:00] - |A| - [3260] - C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice : "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [MD5.EC2DAFC8707F821CC226463831303B9D] - [29/09/2016 15:03:58] - |A| - [3194] - C:\WINDOWS\System32\Tasks\RTKCPL : "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [MD5.A479CF3CC996032D5C44CB7F644612CD] - [14/11/2016 21:31:08] - |A| - [4032] - C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1479155460 : C:\Program Files\AVAST Software\SZBrowser\launcher.exe [MD5.23BA1BA706284D97EA448BB9EF3C97B9] - [29/09/2016 17:18:43] - |A| - [3976] - C:\WINDOWS\System32\Tasks\Update Checker : C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [MD5.DFA579A8CDA67B61626251FDE357DE09] - [29/09/2016 21:52:42] - |A| - [4166] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87163947-5465-4E5D-9C52-14321478AFE2} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [29/09/2016 15:43:24] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "WirelessDisplay-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "{FF4165C8-85AC-462C-93EB-E6B579708EDC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{7EA7B2DC-9358-4EE6-BFF3-6EE9CF09BCF6}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{7C770AE0-4807-43B5-AFD7-50EA513B55E1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{EF4B8B00-9F29-4E71-93CC-90FD375437BD}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ| "{A9C0F513-A960-422B-A16C-CF282F0187C7}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{0DF086B9-AF0B-42BE-9561-06B22D93103A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{825537A3-D455-4E44-BD75-F6EF9D7EDA9B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{2EE297B7-623D-4EBA-BD2A-FB5ABAE19552}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{16D6B485-2B37-4E2B-8FB9-EFAF3EBE39D8}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{974B32F1-5567-4397-9607-E3712EF9BFA4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{53976639-1B06-4E4C-A76A-944B4D0F0908}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Flipboard|Desc=Flipboard|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-864994224-3030340628-3329202063-153121207-2255414721-17657611-2370319705|EmbedCtxt=Flipboard|Platform=2:6:2|Platform2=GTEQ| "{A96A9BCC-7D9A-438D-A546-FEC1546A6A39}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=ASUS GIFTBOX|Desc=ASUS GIFTBOX|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-213306902-907613699-962960173-907420326-2881764196-2259513092-2690328735|EmbedCtxt=ASUS GIFTBOX|Platform=2:6:2|Platform2=GTEQ| "{6DBA5B1C-5449-42CE-BEDB-7C7BAA9BD003}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{A278AB0D.GameloftGames_1.0.2.6_x86__h6adky7gbf63m?ms-resource://A278AB0D.GameloftGames/Resources/appDisplayName}|Desc=@{A278AB0D.GameloftGames_1.0.2.6_x86__h6adky7gbf63m?ms-resource://A278AB0D.GameloftGames/Resources/appDisplayName}|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-960615975-1648039510-1467790379-1985667876-2350297976-1129518703-2470777531|EmbedCtxt=@{A278AB0D.GameloftGames_1.0.2.6_x86__h6adky7gbf63m?ms-resource://A278AB0D.GameloftGames/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{0FB07BB7-798B-4A2E-9748-3A6F09711552}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{C8EEDC2A-9E08-47FF-97BD-8859DD1497FB}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{71EB386A-AD7A-45E3-A4DB-23F5FC09D20E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=TripAdvisor Hotels Flights Restaurants|Desc=TripAdvisor Hotels Flights Restaurants|LUOwn=S-1-5-21-2256402154-31552669-3576289504-500|AppPkgId=S-1-15-2-3043548224-2235967549-1382791125-3168413616-1702302935-4247438294-2497735402|EmbedCtxt=TripAdvisor Hotels Flights Restaurants|Platform=2:6:2|Platform2=GTEQ| "{E0AA7839-67E6-485F-9D14-C09C3EBE4E54}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{B24808F9-D656-455F-91AB-F54621EEF1CC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{25DB3E3E-5F3F-4D6E-8E7D-4727E7FDBD46}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=TripAdvisor Hotels Flights Restaurants|Desc=TripAdvisor Hotels Flights Restaurants|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-3043548224-2235967549-1382791125-3168413616-1702302935-4247438294-2497735402|EmbedCtxt=TripAdvisor Hotels Flights Restaurants|Platform=2:6:2|Platform2=GTEQ| "{69AE0710-A053-404F-88D9-C008B2B50554}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ| "{9D094E8E-1808-4466-9247-A15964FD438F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{A419B68A-DC5D-4B81-B517-4365851BB970}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{A4299244-A4A0-41A1-AF06-35FA1F734C5B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{C9A6729B-046B-4CD1-91DE-F3820FB0694C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{EB0A8809-037F-4AC2-AB6C-0BB630A9EAF5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{63D44363-80B7-4B37-A71A-9FAB5CE17DCC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{94BB6F2A-CA9F-4341-9E29-CECA1EC061A6}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Flipboard|Desc=Flipboard|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-864994224-3030340628-3329202063-153121207-2255414721-17657611-2370319705|EmbedCtxt=Flipboard|Platform=2:6:2|Platform2=GTEQ| "{D084719B-CC99-49DC-8AD2-0ABC44B6856F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=ASUS GIFTBOX|Desc=ASUS GIFTBOX|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-213306902-907613699-962960173-907420326-2881764196-2259513092-2690328735|EmbedCtxt=ASUS GIFTBOX|Platform=2:6:2|Platform2=GTEQ| "{0909958E-CB1B-4527-A443-0B60E5A23803}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{A278AB0D.GameloftGames_1.0.2.6_x86__h6adky7gbf63m?ms-resource://A278AB0D.GameloftGames/Resources/appDisplayName}|Desc=@{A278AB0D.GameloftGames_1.0.2.6_x86__h6adky7gbf63m?ms-resource://A278AB0D.GameloftGames/Resources/appDisplayName}|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-960615975-1648039510-1467790379-1985667876-2350297976-1129518703-2470777531|EmbedCtxt=@{A278AB0D.GameloftGames_1.0.2.6_x86__h6adky7gbf63m?ms-resource://A278AB0D.GameloftGames/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{E7A5C464-9894-407D-94EC-5029D2A0F0D6}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{B9981D15-BA3E-42E5-9AE0-BAB824817764}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1002|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{AC3B2456-9B28-410B-9CFF-8DB27CCD803A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| "{AFA207B0-ED63-4AF5-A4FD-B68758E90853}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| "TCP Query User{E2BAC6C2-EB82-4BC2-A23E-7D7B8CEF31A3}C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe|Name=HPNetworkCommunicator|Desc=HPNetworkCommunicator|Defer=User| "UDP Query User{66A0DAA8-4453-4644-ADED-AFC75D1F9566}C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe|Name=HPNetworkCommunicator|Desc=HPNetworkCommunicator|Defer=User| "TCP Query User{48FF9DE0-2D1D-4F6E-8419-9A0F2ADDF171}C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe|Name=HPNetworkCommunicator|Desc=HPNetworkCommunicator|Defer=User| "UDP Query User{3F1474A8-3D2C-4127-825A-522B88BDD4F9}C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe|Name=HPNetworkCommunicator|Desc=HPNetworkCommunicator|Defer=User| "{05304EC8-8D64-4B80-8922-C9EF8FE9DA0A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ| "{553A0248-CC3A-450C-B895-80319E1EB3AB}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "TCP Query User{05BC0F71-BD04-49E4-9327-827ABC778CB6}C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe|Name=HPNetworkCommunicatorCom|Desc=HPNetworkCommunicatorCom|Defer=User| "UDP Query User{C5FE296F-AD9E-493B-886D-0BE226F63904}C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe|Name=HPNetworkCommunicatorCom|Desc=HPNetworkCommunicatorCom|Defer=User| "{9D29E50C-18DA-414E-9C28-63A31855812D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{CF9534B5-EB30-4830-B9A8-C4C02C76C5ED}"=v2.26|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe|Name=Configuration du périphérique HP (HP Deskjet 3520 series)|Edge=TRUE| "{4DDA3B81-1093-46D6-95B5-63D1EDF0808F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe|Name=Communicateur réseau HP (HP Deskjet 3520 series)|Edge=TRUE| "{63E46089-37D8-4538-93AD-205519152494}"=v2.26|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe|Name=Communicateur réseau COM HP (HP Deskjet 3520 series)|Edge=TRUE| "{172D1646-CE99-4466-B16B-D0C8CA659593}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS7EAD\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{3AF7F208-7081-46D3-BA49-C315F890F5B1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS7EAD\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{80D04183-FAEC-4BD2-A5AC-933E34EA9352}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{611F9122-C3F7-42AE-882B-72D5DC1B9D37}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{034AF4DC-07AD-4C98-8D43-06B453046DE2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS7B03\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{69B297AA-D756-4DEB-BB47-E5C1CD22F15F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS7B03\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{6BA4C3FA-3CC1-48CA-B3CC-BFAEC7640F9C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS03F4\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{021624F7-6294-4DF6-8124-2A898DAEF6C7}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS03F4\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{F460770C-69C3-4165-8E95-6FF8037A6C64}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS10FA\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{96CB544C-40DC-451A-B0DA-76064179D758}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS10FA\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{4B5BC74A-626C-4928-B321-ACB7B4D81D5C}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{88F72DCB-7F53-4066-A7C5-B700B617DAB2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{97BC43A6-B566-4765-A830-F522AC81E825}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{86EFBA37-B5DE-455D-A9E5-3D543F93165D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{E5E8F908-9D0E-426D-AEB2-D944C0121447}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS6DC8\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{8D64D3BD-FD95-4A21-87A2-D50202A1FC1B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS6DC8\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{4E44FDE0-2C27-461B-827F-B5EB719A4F53}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS6E24\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{560C4F0E-1B8C-4343-BA5F-444543DD1855}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS6E24\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{A131FDF8-A832-4D34-8876-A09AC97A29BB}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS7110\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{078DB68A-C286-4DB1-B081-CE1E6522AC09}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS7110\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{96FB7636-3029-456C-BC49-A17A438C67DD}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS715E\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{1CD8B8DD-9A38-429D-AD94-D1C3A1990974}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS715E\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{C89DE02C-5CD6-4E69-90A5-32722F7E7CA4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS057E\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{E009CF16-3B47-45A7-BFA6-47B7DEE19B81}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS057E\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{1335AD91-926A-4374-AC37-E4415FF5ABE2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS05E0\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{C101F315-5F6D-4DF1-B665-47A627129E64}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nathange\AppData\Local\Temp\7zS05E0\HPDiagnosticCoreUI.exe|Name=HPSAPS| "{A20941FD-6D19-455E-999C-B56B68AE2EA6}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{31EF9215-966D-426A-B2CA-ACF2AC715925}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{DDE3F5DF-53FE-4F55-BCDB-5CBFB3CED4AE}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{01F54A40-3DDA-4AA8-BDD1-1BE33909478B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{8E05C1BE-4BAA-46A2-8EF3-C441A49DDE36}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=PicsArt - Photo Studio|Desc=PicsArt - Photo Studio|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-1181921518-3464117289-2491546964-2984050378-2494007796-3931238436-1143461145|EmbedCtxt=PicsArt - Photo Studio|Platform=2:6:2|Platform2=GTEQ| "{8D0B0B51-5299-4D26-B7B6-A0FB2D5163C6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=PicsArt - Photo Studio|Desc=PicsArt - Photo Studio|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-1181921518-3464117289-2491546964-2984050378-2494007796-3931238436-1143461145|EmbedCtxt=PicsArt - Photo Studio|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{51AD5F4B-385C-430D-9F53-51B1524D8648}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{A3AB4979-F54B-4D87-97E8-657EBDEDBD1F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{F400FC1E-71D4-4AD9-9119-C7D8D50BFCD1}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Deezer Music|Desc=Deezer Music|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-3995850928-445304664-2757738950-2274806189-480255890-1635684094-1864967084|EmbedCtxt=Deezer Music|Platform=2:6:2|Platform2=GTEQ| "{0F3CE2FB-1B1E-45CE-8197-F2F4A5622235}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Deezer Music|Desc=Deezer Music|LUOwn=S-1-5-21-2256402154-31552669-3576289504-1001|AppPkgId=S-1-15-2-3995850928-445304664-2757738950-2274806189-480255890-1635684094-1864967084|EmbedCtxt=Deezer Music|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0c8e9016-5b23-4182-acfb-7c8db6d053c0}] : (YunOSUsbDeviceClass) [] -> @oem17.inf,%ClassName%;YunOS Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{502EB68B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c3077fcd-9c3c-482f-9317-460712f23efd}] : (DPTF) [] -> @oem46.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [08/05/2015 10:07:06] - (1.0.6.1) - (ASUSTek Computer Inc. - ATK WMIACPI Utility) - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [22/10/2015 01:39:22] - (10.0.10143.21278) - (Realsil Semiconductor Corporation - RTS PCIE READER Driver) - C:\WINDOWS\system32\DRIVERS\RtsPer.sys [16/07/2016 12:41:50] - (3.0.2.201) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw8x.sys [12/09/2016 20:15:22] - (21.21.13.6909) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 369.09) - C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13/05/2015 07:33:07] - (1.0.0.4) - (ASUS - HID driver for ASUS Wireless Radio Control) - C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [25/05/2015 13:20:18] - (6.3.9600.17246) - (ASUSTek Computer Inc. - ASUS Charger driver) - C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29/07/2015 20:35:16] - (10.0.1.2) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys [09/11/2016 21:00:10] - (5.1.2.250) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\WINDOWS\System32\ATMFD.DLL [08/05/2015 10:49:58] - (1.0.9.1) - (ASUS - Memory mapping Driver) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - aswRvrt (avast! Revert) -> (?) - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (avast! VM Monitor) -> (?) - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - IntelHSWPcc () -> System32\drivers\IntelPcc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswKbd (aswKbd) -> \SystemRoot\system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ATKWMIACPIIO (ATKWMIACPI Driver) -> \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - ASMMAP64 (ASMMAP64) -> \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft Files whitelisted) [MD5.EE1CCC54F75C24727A218F98FC5349DA] - [16/07/2016 12:41:53] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys [MD5.49B9DB97AFC85DCCBDACDAB2E90085B7] - [16/07/2016 12:41:53] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys [MD5.50910888109FA9C041D9256541BE70EC] - [25/05/2015 13:20:18] - (.Copyright (c) ASUSTek Computer Inc. - ASUS Charger driver.) - [21.3 Ko] - (6.3.9600.17246) - C:\WINDOWS\System32\Drivers\AiCharger.sys [MD5.74FFBC43B4B899C9A8CA06A892F2CE73] - [16/07/2016 12:41:53] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys [MD5.AAB0F1D8D7E54761ABAB13AF161F1680] - [16/07/2016 12:41:53] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys [MD5.F91BAAC4237C40352A807000F3B716F9] - [16/07/2016 12:41:53] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys [MD5.E6AB1F0B4C3D4E0D2A88332D76FECD03] - [16/07/2016 12:41:53] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys [MD5.7222DC0F811BBD1B4B4A7C28B7C31AE5] - [13/05/2015 07:33:07] - (.Copyright (C) 2013 ASUS - HID driver for ASUS Wireless Radio Control.) - [19.51 Ko] - (1.0.0.4) - C:\WINDOWS\System32\Drivers\AsHIDSwitch64.sys [MD5.F71DEAB9297A5E4E35A08D7544C9E748] - [14/12/2015 14:45:00] - (.Copyright ASUS Corporation - Asus TP Filter Driver(X64).) - [98.99 Ko] - (1.0.0.262) - C:\WINDOWS\System32\Drivers\AsusTP.sys [MD5.9B480B472D6826E7257C90E2D0EE2954] - [14/11/2016 21:24:47] - (.Copyright (c) 2014 AVAST Software - avast! HWID.) - [36.77 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswHwid.sys [MD5.06362BBA1347CBA0996F4B39BB1D8353] - [14/11/2016 21:30:27] - (.Copyright (c) 2014 AVAST Software - avast! Keyboard Filter Driver.) - [36.27 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswKbd.sys [MD5.1BB00571CC2C78463ABD7E9C32970758] - [14/11/2016 21:24:47] - (.Copyright (c) 2014 AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) - [106.27 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswMonFlt.sys [MD5.7010B57D708DA5C9686A5923EE621776] - [14/11/2016 21:24:47] - (.Copyright (c) 2014 AVAST Software - avast! WFP Redirect Driver.) - [100.65 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswRdr2.sys [MD5.937885085BFE5BD08EC1BC0245DD203B] - [14/11/2016 21:24:47] - (.Copyright (c) 2014 AVAST Software - avast! Revert.) - [72.8 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswRvrt.sys [MD5.0B6352251C5D84130DF4252D33D266C2] - [14/11/2016 21:24:47] - (.Copyright (c) 2014 AVAST Software - avast! Virtualization Driver.) - [946.47 Ko] - (12.3.3154.8) - C:\WINDOWS\System32\Drivers\aswsnx.sys [MD5.28213B34725B18387CC1B8C3D73858A1] - [14/11/2016 21:24:47] - (.Copyright (c) 2014 AVAST Software - avast! self protection module.) - [501.59 Ko] - (12.3.3154.8) - C:\WINDOWS\System32\Drivers\aswsp.sys [MD5.9C58B6E9663D0A76D00D83E43C765BDF] - [14/11/2016 21:24:47] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [159.59 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswStm.sys [MD5.D60D9201739400F0FBDB9E36A3212D91] - [14/11/2016 21:24:47] - (.Copyright (c) 2014 AVAST Software - avast! VM Monitor.) - [286.48 Ko] - (12.3.3154.16) - C:\WINDOWS\System32\Drivers\aswvmm.sys [MD5.6CCA54D9875198E34D47ACCF58BCED31] - [22/10/2015 01:39:42] - (.Copyright (C) 2001-2010 Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) - [4216.61 Ko] - (10.0.0.324) - C:\WINDOWS\System32\Drivers\athw10x.sys [MD5.835E2C1A3D32492E2B90BD4FE5527CB6] - [16/07/2016 12:41:50] - (.Copyright (C) 2001-2010 Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) - [4134.5 Ko] - (3.0.2.201) - C:\WINDOWS\System32\Drivers\athw8x.sys [MD5.3F5523DCEFE42B385659C5CB46A6B810] - [16/07/2016 12:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys [MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [16/07/2016 12:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys [MD5.61BAC67048CA5C1D08C48FCC8012B613] - [16/07/2016 12:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic Gigabit Ethernet VBD.) - [521.34 Ko] - (7.12.31.105) - C:\WINDOWS\System32\Drivers\bxvbda.sys [MD5.48BC8B59BF348BD8C8702B93171008F2] - [16/07/2016 12:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI Crash Dump Driver.) - [100.34 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4dx64.sys [MD5.0AED948DA8D5F08B3D6F12E4E2089736] - [16/07/2016 12:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI VMiniport Driver.) - [338.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4sx64.sys [MD5.0002A0FDE087C1657AB31CE73077539C] - [16/07/2016 12:41:53] - (.Copyright © 2010 Chelsio Communications. - Virtual Bus Driver for Chelsio ® T4 Chipset.) - [2054.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4vx64.sys [MD5.A62156EC313FF29FC873C9FED7FE9CEC] - [22/10/2015 01:28:35] - (.Copyright (c) 2013-2015 Intel Corporation - DPTF CPU Device (64-Bit).) - [42.49 Ko] - (8.1.10602.174) - C:\WINDOWS\System32\Drivers\dptf_cpu.sys [MD5.8F799993098FC80128CFA73CF97E1365] - [22/10/2015 01:28:35] - (.Copyright (c) 2013-2015 Intel Corporation - DPTF PCH Device (64-Bit).) - [40.99 Ko] - (8.1.10602.174) - C:\WINDOWS\System32\Drivers\dptf_pch.sys [MD5.62A678ACFB37B8FFA2F3387D4D59766C] - [22/10/2015 01:28:35] - (.Copyright (c) 2013-2015 Intel Corporation - DPTF Zone (64-Bit).) - [245.49 Ko] - (8.1.10602.174) - C:\WINDOWS\System32\Drivers\esif_lf.sys [MD5.7EC6FC0266D74BD47ABB130A328B70EC] - [16/07/2016 12:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic 10 GigE VBD.) - [3338.84 Ko] - (7.13.65.105) - C:\WINDOWS\System32\Drivers\evbda.sys [MD5.F5CA18197B4646E04DB9EB2D6642CC4D] - [16/07/2016 12:41:53] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys [MD5.C6B8743B213F06AA60943D8366FE968F] - [16/07/2016 12:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO GPIO Controller Driver.) - [32.5 Ko] - (604.10146.3023.12819) - C:\WINDOWS\System32\Drivers\iagpio.sys [MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [16/07/2016 12:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys [MD5.5A0E850F8CD17791A3E6A3CF81D0CA28] - [16/07/2016 12:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Driver v2.) - [63 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_GPIO2.sys [MD5.7508F1096803385D6376BFD0BD473AC4] - [16/07/2016 12:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [172.25 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys [MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [16/07/2016 12:41:52] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys [MD5.EB82A11613326691508D9ED9A4FE29E7] - [16/07/2016 12:41:50] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys [MD5.5F6CA62BE8ECC4D0E1F5D4D4A02B456B] - [18/08/2015 04:12:56] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver - x64.) - [1428.44 Ko] - (14.6.0.1029) - C:\WINDOWS\System32\Drivers\iaStorA.sys [MD5.97E553D03219D3D51705C7235D9EAEBD] - [16/07/2016 12:41:53] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys [MD5.8350FE3BCDE3428BC040877BB7E9EAEB] - [16/07/2016 12:41:53] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys [MD5.3BA03F7C7700DDF4C383DDE9252F5817] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [513.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ibbus.sys [MD5.7BA5F6FEAA79BB7C7A635E6B3982A0D3] - [18/08/2015 04:14:15] - (.Copyright (c) 1998-2014 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [7782.97 Ko] - (20.19.15.4549) - C:\WINDOWS\System32\Drivers\igdkmd64.sys [MD5.E300D1E37B737ED14F7A08CD5604E5D9] - [12/05/2016 05:32:26] - (.Intel(R) Corporation. - Intel(R) Display Audio Driver.) - [470.48 Ko] - (6.16.0.3197) - C:\WINDOWS\System32\Drivers\IntcDAud.sys [MD5.72586E6D6DD4144D0C4CBD9D2653BBED] - [18/08/2015 04:12:57] - (.Copyright(C) 2010 Intel Corporation - Intel Collaborative Processor Performance Control (CPPC) Driver.) - [86.19 Ko] - (1.0.0.1018) - C:\WINDOWS\System32\Drivers\IntelPcc.sys [MD5.8E1B0946948CCC0BC1FA3CB70374A795] - [16/07/2016 12:41:53] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys [MD5.4F68163FC04C973500DC4DA0946917B0] - [16/07/2016 12:41:53] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [103.34 Ko] - (2.0.79.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys [MD5.E5AC5F2815938651CDCC27F425474673] - [16/07/2016 12:41:53] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [98.84 Ko] - (2.51.12.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys [MD5.CCF6EC9FB9B8F18E05B4253E81013E48] - [16/07/2016 12:41:53] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys [MD5.BE8117569CAA36E03683CC1BACEA1347] - [30/01/2017 08:10:40] - (.-.) - [75.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\mbae64.sys [MD5.BDE2FC7213C0897524C1357BAAE30239] - [30/01/2017 08:11:04] - (.(C) Malwarebytes. - Malwarebytes SwissArmy.) - [245.95 Ko] - (4.2.0.106) - C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [MD5.C3CDCCF07486BD2616A7B82946E07AC0] - [16/07/2016 12:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys [MD5.2CF0CB2A0ED68C5455371E84C16F9627] - [12/10/2016 16:13:21] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [62.84 Ko] - (6.711.10.11) - C:\WINDOWS\System32\Drivers\MegaSas2i.sys [MD5.FADB2FE017E69EECE0E1BA78661C2E8C] - [16/07/2016 12:41:53] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys [MD5.FD60818B66B2E8A5415EA840E99A9D8F] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [822.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys [MD5.3D2C5B4995CA0751D32DEA0DE9FDFE44] - [16/07/2016 12:41:53] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys [MD5.629CB21AC49C8867E0F29DF1C16DB7B4] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [106.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys [MD5.6C76780A01FC2B885BD6E957B5C36B02] - [16/07/2016 12:42:03] - (.-.) - [88.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\NetAdapterCx.sys [MD5.D261DF41F0840F734856A2B4F5E072C7] - [16/07/2016 12:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys [MD5.23B702B555EB0436B9DAA0BC63DA65CE] - [16/07/2016 12:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys [MD5.85E5017B0D0A12177D4BF9120DA74323] - [12/09/2016 20:15:22] - (.(C) 2016 NVIDIA Corporation. - Stereoscopic 3D USB controller driver.) - [475.56 Ko] - (6.14.13.6904) - C:\WINDOWS\System32\Drivers\nvstusb.sys [MD5.540116170E2135FCD5DDE77702166B67] - [16/07/2016 12:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.805.3.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys [MD5.8356F87553BF49C703CF382033815898] - [16/07/2016 12:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [60.34 Ko] - (6.603.6.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys [MD5.E11A3F79475F9D019CD51ADCCC377909] - [22/10/2015 01:35:59] - (.Copyright (C) 2015 Realtek Semiconductor Corporation. All Right Reserved. - Realtek 8101E/8168/8169 NDIS 6.40 64-bit Driver .) - [866.75 Ko] - (10.2.703.2015) - C:\WINDOWS\System32\Drivers\rt640x64.sys [MD5.0673227369C14ACC35057CDADC50B3D7] - [22/10/2015 01:36:54] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [4469.75 Ko] - (6.0.1.7571) - C:\WINDOWS\System32\Drivers\RTKVHD64.sys [MD5.F75C6FFD09A6C51E4B5166E05D97FD96] - [22/10/2015 01:39:22] - (.Copyright © Realtek Semiconductor Corporation 2013 - RTS PCIE READER Driver.) - [735.71 Ko] - (10.0.10143.21278) - C:\WINDOWS\System32\Drivers\RtsPer.sys [MD5.A34CE1830E45DA98932295FDE4B7908A] - [16/07/2016 12:41:53] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys [MD5.A7B5C670770E908DA5FEF5BF1136E933] - [16/07/2016 12:41:53] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys [MD5.29D26E1347AE1BBD4201014E19880B2C] - [16/07/2016 12:41:53] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys [MD5.296C443FCC228EA643ED310465772820] - [28/07/2015 20:37:20] - (.Copyright © 2006-2015, Intel Corporation. - Intel(R) Management Engine Interface.) - [180.28 Ko] - (11.0.0.1160) - C:\WINDOWS\System32\Drivers\TeeDriverW8x64.sys [MD5.0C997B061E3C66BD9E927C1288EB1CC7] - [04/01/2017 10:43:49] - (.-.) - [24.11 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Drivers\TrueSight.sys [MD5.FD9BCB8920973CEAD4D49DC7A6D8A618] - [16/07/2016 12:41:53] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys [MD5.0C111F220798CCE80484026E06822379] - [16/07/2016 12:41:53] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS [MD5.F95DE20312ACCA7761446DE152BD1F7C] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [31.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winmad.sys [MD5.8B9AFF5F08E66A6F1F1063DEC9457FB6] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [63.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winverbs.sys ---------- | Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\14588A15B66655338DBCC021FFA81E31DC281859] : (Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262).-.ASUS) -> C:\PROGRA~1\DIFX\773029~1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\asustp.inf_amd64_309a77997806907e\asustp.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 51.0.1 (x64 fr)] : (Mozilla Firefox 51.0.1 (x64 fr).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.40 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{16582334-495C-4F1C-A66B-3BFD8866B674}] : (PSPPro64.-.Corel Corporation) -> MsiExec.exe /I{16582334-495C-4F1C-A66B-3BFD8866B674} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1678F86C-889D-4198-8249-F4625058256B}] : (IPM_PSP_COM64.-.Corel Corporation) -> MsiExec.exe /I{1678F86C-889D-4198-8249-F4625058256B} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1E35248D-3B53-4F06-9E70-D12A41DA7A95}] : (Étude pour l'amélioration du produit HP Deskjet 3520 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{1E35248D-3B53-4F06-9E70-D12A41DA7A95} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.0.6.1469.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{555B1C57-E71B-4775-BC1D-627EEF693F0D}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{555B1C57-E71B-4775-BC1D-627EEF693F0D} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}] : (CyberLink PhotoDirector 5.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}\Setup.exe" /z-uninstall ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5BD7E621-9791-4D9F-A620-1BA51153B749}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{5BD7E621-9791-4D9F-A620-1BA51153B749} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7D84E343-A23D-451C-B123-0195B2D903A6}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{7D84E343-A23D-451C-B123-0195B2D903A6} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8A0AFE76-95AC-40B9-A95C-A1BABD4A552B}] : (Logiciel de base du périphérique HP Deskjet 3520 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{8A0AFE76-95AC-40B9-A95C-A1BABD4A552B} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1] : (Revo Uninstaller 2.0.1.-.VS Revo Group, Ltd.) -> "C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A53B7EAB-86BD-4F16-8C44-011B1376326A}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{A53B7EAB-86BD-4F16-8C44-011B1376326A} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A84A4FB1-D703-48DB-89E0-68B6499D2801}] : (Qualcomm Atheros Bluetooth Suite (64).-.Qualcomm Atheros) -> MsiExec.exe /X{A84A4FB1-D703-48DB-89E0-68B6499D2801} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 369.09.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Graphics Driver 353.84.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 2.5.12.11.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA PhysX System Software 9.15.0428.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E1646825-D391-42A0-93AA-27FA810DA093}] : (CyberLink PowerDirector 12.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E1646825-D391-42A0-93AA-27FA810DA093}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\0E7DAF70-FB54-4B91-B192-7E771C25AEEB] : (Intel Collaborative Processor Performance Control.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel Collaborative Processor Performance Control\Uninstall\setup.exe -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 24 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Avast] : (Avast Antivirus Gratuit.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Eye Candy 4000] : (Eye Candy 4000.-.) -> C:\MESFIL~1\EYECAN~1\EYECAN~2\UNWISE.EXE C:\MESFIL~1\EYECAN~1\EYECAN~2\INSTALL.LOG [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EyeCandy5Impact] : (Alien Skin Eye Candy 5 Impact.-.) -> C:\MESFIL~1\ALIENS~1\EYECAN~1\ALIENS~1\EYECAN~1\Unwise32.exe C:\MESFIL~1\ALIENS~1\EYECAN~1\ALIENS~1\EYECAN~1\INSTALL.LOG [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EyeCandy5Nature] : (Alien Skin Eye Candy 5 Nature.-.) -> C:\MESFIL~1\ALIENS~1\EYECAN~2\ALIENS~1\EYECAN~1\Unwise32.exe C:\MESFIL~1\ALIENS~1\EYECAN~2\ALIENS~1\EYECAN~1\INSTALL.LOG [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FileHippo.com] : (FileHippo App Manager.-.FileHippo.com) -> "C:\Program Files (x86)\FileHippo.com\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Filters Unlimited_is1] : (Filters Unlimited 2.0.-.) -> "C:\Mes filtres psp\Unlimited 2.3\Filters Unlimited 2.0\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FM Patcher_is1] : (FM Patcher 1.01.-.AFH Systems & The Plugin Site) -> "C:\Program Files (x86)\FMPatcher\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}] : (CyberLink PhotoDirector 5.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}] : (CyberLink PowerDirector 12.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E1646825-D391-42A0-93AA-27FA810DA093}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Kingsoft Office] : (WPS Office for ASUS.-.Kingsoft Corp.) -> C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\utility\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 52.0 (x86 en-US)] : (Mozilla Firefox 52.0 (x86 en-US).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Plugin Galaxy 1.0_is1] : (Plugin Galaxy 1.0.-.) -> "C:\WINDOWS\UNISTB32.EXE" /U "C:\Program Files (x86)\PluginGalaxy\UNINST0.000" "C:\Program Files (x86)\PluginGalaxy\UNINST1.000" ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SafeZone 1.51.2220.62] : (SafeZone Stable 1.51.2220.62.-.Avast Software) -> "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" /uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Unchecky] : (Unchecky v1.0.2.-.RaMMicHaeL) -> "C:\Program Files (x86)\Unchecky\Uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WebStorage] : (WebStorage.-.ASUS Cloud Corporation) -> C:\Program Files (x86)\ASUS\WebStorage\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Xenofex2] : (Alien Skin Xenofex 2.0.-.) -> C:\MESFIL~1\ALIENS~1\ALIENS~1\UNWISE.EXE C:\MESFIL~1\ALIENS~1\ALIENS~1\INSTALL.LOG [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}] : (Corel PaintShop Pro X6.-.Corel Corporation) -> c:\Program Files (x86)\Corel\Corel PaintShop Pro X6\Setup\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}\SetupARP.exe /arp [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{04768366-F421-4BA5-8423-B84F644B5249}] : (ASUS HiPost.-.ASUS) -> MsiExec.exe /I{04768366-F421-4BA5-8423-B84F644B5249} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}] : (ASUS Splendid Video Enhancement Technology.-.ASUS) -> MsiExec.exe /X{0969AF05-4FF6-4C00-9406-43599238DE0D} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}] : (Setup.-.Nom de votre société) -> MsiExec.exe /I{16006EE1-DDB7-4E5F-8696-9FEF32C0151A} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}] : (Corel PaintShop Pro X6.-.Corel Corporation) -> MsiExec.exe /I{161AB62E-65D6-46E5-B3D8-2AC15D3B920B} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{162BD2D6-6C63-41A7-8151-93188450D36A}] : (PSPPContent.-.Corel Corporation) -> MsiExec.exe /I{162BD2D6-6C63-41A7-8151-93188450D36A} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}] : (PSPPHelp.-.Corel Corporation) -> MsiExec.exe /I{16346B2A-87BC-407C-9D6B-72A4D21ABF03} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{164D34E1-0271-4960-8A26-E8990A302DB1}] : (IPM_PSP_COM.-.Corel Corporation) -> MsiExec.exe /I{164D34E1-0271-4960-8A26-E8990A302DB1} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}] : (ICA.-.Corel Corporation) -> MsiExec.exe /I{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}] : (Java 8 Update 121.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180121F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{28006915-2739-4EBE-B5E8-49B25D32EB33}] : (Qualcomm Atheros Client Installation Program.-.Qualcomm Atheros) -> "C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3D18F833-5EEE-4221-96CE-BC9488780EE3}] : (LibreOffice 5.1.6.2.-.The Document Foundation) -> MsiExec.exe /I{3D18F833-5EEE-4221-96CE-BC9488780EE3} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{446AA6E0-104D-40FB-A18A-A3431AED2F14}] : (HP Support Solutions Framework.-.HP Inc.) -> MsiExec.exe /X{446AA6E0-104D-40FB-A18A-A3431AED2F14} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}] : (ASUS GIFTBOX Desktop.-.ASUS) -> MsiExec.exe /I{4701E5AB-AF91-4D40-8F18-358CC80E4E5B} ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4B230374-6475-4A73-BA6E-41015E9C5013}] : (Intel® Security Assist.-.Intel Corporation) -> MsiExec.exe /I{4B230374-6475-4A73-BA6E-41015E9C5013} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56D27851-B9A6-430F-875A-E2D7A3802C7B}] : (HP Support Assistant.-.HP Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{56D27851-B9A6-430F-875A-E2D7A3802C7B}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}] : (AudioWizard.-.ICEpower a/s) -> MsiExec.exe /X{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{597A58EC-42D6-4940-8739-FB94491B013C}] : (Dropbox 25 GB.-.Dropbox, Inc.) -> MsiExec.exe /I{597A58EC-42D6-4940-8739-FB94491B013C} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60c073df-e736-4210-9c3a-5fc2b651cef3}] : (Intel(R) Chipset Device Software.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{60c073df-e736-4210-9c3a-5fc2b651cef3}\SetupChipset.exe" /uninstall ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64228DFB-7450-49B7-935C-B97342CB6659}] : (HP Customer Experience Enhancements.-.HP Development Company, L.P.) -> MsiExec.exe /X{64228DFB-7450-49B7-935C-B97342CB6659} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}] : (Corel Paint Shop Pro Photo X2.-.Corel Corporation) -> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}] : (Intel(R) Dynamic Platform and Thermal Framework.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) Dynamic Platform and Thermal Framework\Uninstall\setup.exe -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7C4196CA-CA41-4F34-9C08-7724E7705D52}] : (Jasc Animation Shop 3.-.Jasc Software Inc) -> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver.-.Realtek) -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}] : (Device Setup.-.ASUSTek Computer Inc.) -> MsiExec.exe /I{8D6B05E0-F457-408C-9D13-549334D8FAE1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F21291E-0444-4B1D-B9F9-4370A73E346D}] : (WinFlash.-.ASUS) -> MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] : (HP Update.-.Hewlett-Packard) -> MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9347E332-74BC-4738-9D37-FEC946F1900F}] : (HP Deskjet 3520 series Aide.-.Hewlett Packard) -> MsiExec.exe /I{9347E332-74BC-4738-9D37-FEC946F1900F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}] : (ASUS USB Charger Plus.-.ASUS) -> MsiExec.exe /X{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}] : (ATK Package.-.ASUS) -> MsiExec.exe /X{AB5C933E-5C7D-4D30-B314-9C83A49B94BE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}] : (HP Deskjet 3520 series Setup Guide.-.Hewlett Packard) -> MsiExec.exe /I{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E1646825-D391-42A0-93AA-27FA810DA093}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E1646825-D391-42A0-93AA-27FA810DA093}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{f761359c-9ced-45ae-9a51-9d6605cd55c4}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}] : (ASUS Live Update.-.ASUS) -> MsiExec.exe /X{FA540E67-095C-4A1B-97BA-4D547DEC9AF4} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}] : (Evernote v. 5.8.6.-.Evernote Corp.) -> MsiExec.exe /X{FEDC7C10-EF67-11E4-9B07-00505695D7B0} ---------- | Installer [HKCR\Installer\Products\01C7CDEF76FE4E11B970000565597D0B] : Evernote v. 5.8.6 -> C:\windows\Installer\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}\Evernote.ico [HKCR\Installer\Products\0E50B6D8754FC804D9314539438DAF1E] : Device Setup -> C:\windows\Installer\{8D6B05E0-F457-408C-9D13-549334D8FAE1}\_6FEFF9B68218417F98F549.exe [HKCR\Installer\Products\0E6AA644D401BF041AA83A34A1DEF241] : HP Support Solutions Framework -> C:\WINDOWS\Installer\{446AA6E0-104D-40FB-A18A-A3431AED2F14}\icon.ico [HKCR\Installer\Products\126E7DB51979F9D46A02B15A11357B94] : Intel(R) Management Engine Components [HKCR\Installer\Products\15872D656A9BF03478A52E7D3A08C2B7] : HP Support Assistant -> C:\WINDOWS\Installer\{56D27851-B9A6-430F-875A-E2D7A3802C7B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1BF27E46343277944B8A62C25DD3B03D] : Corel Paint Shop Pro Photo X2 -> C:\WINDOWS\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1BF4A48A307DBD84980E866B94D98210] : Qualcomm Atheros Bluetooth Suite (64) -> C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1E43D46117200694A8628E99A003D21B] : IPM_PSP_COM -> c:\WINDOWS\Installer\{164D34E1-0271-4960-8A26-E8990A302DB1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1EE600617BDDF5E46869F9FE230C51A1] : Setup -> c:\WINDOWS\Installer\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\233E7439CB478374D973EF9C641F09F0] : HP Deskjet 3520 series Aide -> C:\WINDOWS\Installer\{9347E332-74BC-4738-9D37-FEC946F1900F}\ARP_Icon [HKCR\Installer\Products\2A077E75FAB2AAC4AB3ADB98E622453D] : AudioWizard -> C:\Windows\Installer\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\338F81D3EEE5122469ECCB498887E03E] : LibreOffice 5.1.6.2 -> C:\WINDOWS\Installer\{3D18F833-5EEE-4221-96CE-BC9488780EE3}\soffice.ico [HKCR\Installer\Products\343E48D7D32AC1541B3210592B9D306A] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\43328561C594C1F46AB6B3DF88666B47] : PSPPro64 -> c:\WINDOWS\Installer\{16582334-495C-4F1C-A66B-3BFD8866B674}\ARPPRODUCTICON.exe [HKCR\Installer\Products\473032B4574637A4ABE61410E5C90531] : Intel® Security Assist -> C:\Windows\Installer\{4B230374-6475-4A73-BA6E-41015E9C5013}\isa.ico [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110120F] : Java 8 Update 121 -> C:\Program Files (x86)\Java\jre1.8.0_121\\bin\javaws.exe [HKCR\Installer\Products\50FA96906FF400C4496034952983EDD0] : ASUS Splendid Video Enhancement Technology -> C:\Windows\Installer\{0969AF05-4FF6-4C00-9406-43599238DE0D}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\5286461E193D0A2439AA72AF18D00A39] : PowerDirector -> C:\Windows\Installer\{E1646825-D391-42A0-93AA-27FA810DA093}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5CE454A5A7125a24C81ED2ED4C7EE010] : PhotoDirector -> C:\Windows\Installer\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5E3E958AF26CAFB4FAD1B2590E1366FA] : ASUS USB Charger Plus -> C:\Windows\Installer\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\66386740124F5AB448328BF446B42594] : ASUS HiPost -> C:\Windows\Installer\{04768366-F421-4BA5-8423-B84F644B5249}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\67EFA0A8CA599B049AC51AABDBA455B2] : Logiciel de base du périphérique HP Deskjet 3520 series -> C:\WINDOWS\Installer\{8A0AFE76-95AC-40B9-A95C-A1BABD4A552B}\ARP_Icon [HKCR\Installer\Products\6BC1D661A8DDDD04E952D4132D6DEDD4] : ICA -> c:\WINDOWS\Installer\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\6D2DB26136C67A141815398148053DA6] : PSPPContent -> c:\WINDOWS\Installer\{162BD2D6-6C63-41A7-8151-93188450D36A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\75C1B555B17E5774CBD126E7FE96F3D0] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\76E045AFC590B1A479ABD445D7CEA94F] : ASUS Live Update -> C:\WINDOWS\Installer\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}\MyIcon2 [HKCR\Installer\Products\7BECDEEA8B001EB44B29BA4008D3F5E1] : HP Deskjet 3520 series Setup Guide -> C:\WINDOWS\Installer\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}\ARP_Icon [HKCR\Installer\Products\A2B64361CB78C704D9B6274A2DA1FB30] : PSPPHelp -> c:\WINDOWS\Installer\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}\ARPPRODUCTICON.exe [HKCR\Installer\Products\AC6914C714AC43F4C98077427E07D525] : Jasc Animation Shop 3 -> C:\WINDOWS\Installer\{7C4196CA-CA41-4F34-9C08-7724E7705D52}\ARPPRODUCTICON.exe [HKCR\Installer\Products\BA5E107419FA04D4F88153C88CE0E4B5] : ASUS GIFTBOX Desktop -> C:\WINDOWS\Installer\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\BAE7B35ADB6861F4C84410B1316723A6] : Intel(R) Management Engine Components [HKCR\Installer\Products\BE5A19C826C2D6A48820CC97DFE23D09] : Intel(R) Chipset Device Software [HKCR\Installer\Products\BFD8224605477B9439C59B3724BC6695] : HP Customer Experience Enhancements -> C:\WINDOWS\Installer\{64228DFB-7450-49B7-935C-B97342CB6659}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C68F8761D988891428944F26058552B6] : IPM_PSP_COM64 -> c:\WINDOWS\Installer\{1678F86C-889D-4198-8249-F4625058256B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CE85A7956D2404947893BF4994B110C3] : Dropbox 25 GB -> C:\windows\Installer\{597A58EC-42D6-4940-8739-FB94491B013C}\DropboxOEM.exe [HKCR\Installer\Products\D84253E135B360F4E9071DA214ADA759] : Étude pour l'amélioration du produit HP Deskjet 3520 series -> C:\WINDOWS\Installer\{1E35248D-3B53-4F06-9E70-D12A41DA7A95}\ARP_Icon [HKCR\Installer\Products\E19212F84440D1B49B9F34077AE343D6] : WinFlash -> C:\Windows\Installer\{8F21291E-0444-4B1D-B9F9-4370A73E346D}\MyIcon [HKCR\Installer\Products\E26BA1616D565E643B8DA21CD5B329B0] : Corel PaintShop Pro X6 -> c:\WINDOWS\Installer\{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E339C5BAD7C503D43B41C9384AB949EB] : ATK Package -> C:\Windows\Installer\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}\_6FEFF9B68218417F98F549.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\FC03D219E93F13B4DAA921C3B697E42E] : HP Update -> C:\WINDOWS\Installer\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Windows Information: (build 9200), 64-bit Base Board Manufacturer: ASUSTeK COMPUTER INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ASUSTeK COMPUTER INC. System Product Name: X751LJ Logical Drives Mask: 0x0000001c Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] ------------ Nom de l’application défaillante Explorer.EXE, version : 10.0.14393.479, horodatage : 0x58258a90 Nom du module défaillant : windows.immersiveshell.serviceprovider.dll, version : 10.0.14393.0, horodatage : 0x57899873 Code d’exception : 0x80270233 Décalage d’erreur : 0x0000000000033c25 ID du processus défaillant : 0x12d4 Heure de début de l’application défaillante : 0x01d27b1d4574b795 Chemin d’accès de l’application défaillante : C:\WINDOWS\Explorer.EXE Chemin d’accès du module défaillant: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll ID de rapport : ff11a89c-63ff-4a88-987b-8375b15af239 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] ------------ Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR DPTF Build Version: 8.1.10602.174 DPTF Build Date: Jul 23 2015 11:24:10 Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737 Executing Function: DptfEvent Message: Received unexpected event Framework Event: DptfResume [3] ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Produit : Java 8 Update 121 -- Erreur 1704. L’installation de Corel Paint Shop Pro Photo X2 est suspendue. Vous devez annuler les modifications apportées par cette installation pour continuer. Voulez-vous annuler les modifications ? ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_AudioCacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ La création du contexte d’activation a échoué pour « c:\program files\cyberlink\photodirector5\kernel\ces\CES_CacheAgent.exe.Manifest ». Assembly dépendant PDR.X,type="win32",version="1.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ taskhostw (4936) WebCacheLocal: La récupération/restauration de la base de données a échoué en raison d’une erreur inattendue -1032. ------------ taskhostw (4936) WebCacheLocal: Une tentative d’ouverture du fichier « C:\Users\Nathange\AppData\Local\Microsoft\Windows\WebCache\V01.log » pour accès en lecture/écriture a échoué en indiquant l’erreur système 32 (0x00000020) : « Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.  ». L’opération d’ouverture de fichier échouera en indiquant l’erreur -1032 (0xfffffbf8). ------------ Le programme Corel Paint Shop Pro Photo.exe version 12.0.0.0 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance. ID de processus : 186c Heure de début : 01d27a6c7da274df Heure de fin : 8 Chemin d'accès de l'application : C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe ID de rapport : 717c8c41-e662-11e6-9bfa-80a58935ec50 Nom complet du package défaillant : ID de l'application relative au package défaillant : ------------ ----------( EOF)---------- - 3792 | 08:53:14