--------------- QuickDiag | g3n-h@ckm@n | V3_31.01.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 09/02/2017 13:25:26 Updated 31/01/2017 | 13.00 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [habiba (Administrator)] - [HABIBA-PC] (S-1-5-21-536618584-166276851-2366321824-1000) System: Microsoft Windows 7 Professionnel - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Professionnel |C:\Windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: Compaq Mini CQ10-600 - Hewlett-Packard - IdNumber: 5CB1020QCG - UUID: 576C2DF6-8B16-8FEB-45FD-8D914A7B16C0 Processor : X64 - 1662 Mhz - Intel(R) Atom(TM) CPU N455 @ 1.66GHz Default System BIOS - - Hewlett-Packard - S/N: 5CB1020QCG - F.14 - HPQOEM - 1 CoreTemp : 17 Celsius ----------| Quick ---------- | SoundDevice Périphérique High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_111D&DEV_7605&SUBSYS_103C1585&REV_1004\4&1D8E4D9D&0&0001 ---------- | Video Carte graphique VGA standard - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: - PNPDeviceID: PCI\VEN_8086&DEV_A011&SUBSYS_1584103C&REV_00\3&16E9ADCA&0&10 - AdapterCompatibility: (Types d’écrans standard) - RAM: Inegrated Video Chipset DeviceName: Carte graphique VGA standard - DriverVersion: 6.1.7600.16385 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK c:\windows\system32\bdmjpeg.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23080 - Manufacturer: - Status: OK c:\windows\system32\bdmpegv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 66104 - Manufacturer: - Status: OK c:\windows\system32\bdmpega.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 66104 - Manufacturer: - Status: OK c:\windows\system32\ir50_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 746496 - Manufacturer: Intel Corporation - Status: OK ---------- | CPU CPU #1 value:88 % CPU #2 value:23 % Total Overall CPU Usage value:55 % ---------- | Network WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_1584103C&REV_05\4&B11E74&0&00E3 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000 RAS Async Adapter - - - Status: - PnPID : Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000 Broadcom 802.11n Network Adapter - Ethernet 802.3 - Broadcom - Status: - PnPID : PCI\VEN_14E4&DEV_4727&SUBSYS_145C103C&REV_01\4&1F1A9F3F&0&00E0 Carte Microsoft ISATAP #2 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001 ---------- | Memory RAM = Total (MB) : 1036 | Free (MB) : 376 Pagefile = Total (MB) : 1560 | Free (MB) : 353 Virtual = Total (MB) : 2097 | Free (MB) : 1913 Physical Memory 0 : Capacity: 1073741824 - DIMM0 - Posit.: 0 - Manufacturer: Ramaxel - PartNumber: RMT1950ED48E7F1333 - S/N: 41F98203 ---------- | SID Users Administrateur : [S-1-5-21-536618584-166276851-2366321824-500] habiba : [S-1-5-21-536618584-166276851-2366321824-1000] Invité : [S-1-5-21-536618584-166276851-2366321824-501] Administrateurs : [S-1-5-32-544] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 297.99 Go | Free : 207.58 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:34,053 bytes/sec Max Read:0 bytes/sec, Max Write:34,053 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:34,053 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKTOSHIBA_MK3265GSX_H_____________________GJ001Q__\5&20989E83&0&0.0.0 ---------- | Windows updates Last detection : 2016-10-11 15:00:21 Downloaded last ones : 2016-12-03 21:32:10 Installed last ones : 2016-12-05 18:55:38 Next search : 2017-02-09 11:44:58 Windows Is Activated ---------- | Browsers IE : 11.0.9600.18450 (© Microsoft Corporation. Tous droits réservés.) GC : 56.0.2924.87 (Copyright 2016 Google Inc.) Default : "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" ---------- | FlashPlayer ---------- | Security AV : Avira Antivirus Disabled AS : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 228 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23539) = C:\Windows\System32\smss.exe [04/10/2016 21:04:27] CPU Usage:0 % 364 | [Owner : | Parent : 288() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 00:36:49] CPU Usage:0 % 416 | [Owner : | Parent : 364(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [30/05/2015 14:31:24] CPU Usage:0 % 424 | [Owner : | Parent : 364(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23539) = C:\Windows\System32\lsass.exe [04/10/2016 21:03:48] CPU Usage:0 % 432 | [Owner : | Parent : 364(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [20/11/2010 22:29:11] CPU Usage:0 % 468 | [Owner : | Parent : 356() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [01/01/2015 20:38:47] CPU Usage:0 % 592 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 684 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 768 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 808 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 832 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:50 % 964 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1124 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1224 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1348 | [Owner : habiba | Parent : 808(svchost.exe) | 2.04 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 00:24:23] CPU Usage:0 % 1368 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe [20/11/2010 22:29:06] CPU Usage:0 % 1396 | [Owner : habiba | Parent : 1340() | 40.42 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) = C:\Windows\explorer.exe [05/02/2012 01:50:30] CPU Usage:0 % 1440 | [Owner : | Parent : 416(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.24.143) = C:\Program Files\Avira\Antivirus\sched.exe [30/01/2017 08:40:44] CPU Usage:0 % 1452 | [Owner : habiba | Parent : 416(services.exe) | 3.29 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [01/01/2015 20:38:27] CPU Usage:0 % 1632 | [Owner : | Parent : 1396(explorer.exe) | 3.06 Mo] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) - (15.0.24.143) = C:\Program Files\Avira\Antivirus\avgnt.exe [30/01/2017 08:40:39] CPU Usage:0 % 1904 | [Owner : | Parent : 416(services.exe) | ?????] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.20.7559) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [17/12/2016 21:15:52] CPU Usage:0 % 1936 | [Owner : | Parent : 416(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.24.143) = C:\Program Files\Avira\Antivirus\avguard.exe [30/01/2017 08:40:40] CPU Usage:0 % 2044 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 300 | [Owner : | Parent : 416(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Avira Service Host.) - (1.2.77.41287) = C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [29/12/2016 09:20:16] CPU Usage:0 % 2064 | [Owner : habiba | Parent : 300(Avira.ServiceHost.exe) | 7.75 Mo] - (.Avira Operations GmbH & Co. KG - Avira.) - (1.2.77.41287) = C:\Program Files\Avira\Launcher\Avira.Systray.exe [29/12/2016 09:24:44] CPU Usage:0 % 2436 | [Owner : | Parent : 1936(avguard.exe) | ?????] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) - (15.0.24.146) = C:\Program Files\Avira\Antivirus\avshadow.exe [30/01/2017 08:40:40] CPU Usage:0 % 2800 | [Owner : | Parent : 416(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Antivirus MailScanner WFP Service.) - (15.0.24.143) = C:\Program Files\Avira\Antivirus\avmailc7.exe [30/01/2017 08:40:40] CPU Usage:0 % 3380 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [05/02/2012 01:50:39] CPU Usage:0 % 3760 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 4028 | [Owner : habiba | Parent : 832(svchost.exe) | 0.59 Mo] - (.Microsoft Corporation - Windows Update.) - (7.6.7601.19161) = C:\Windows\System32\wuauclt.exe [11/03/2016 17:38:13] CPU Usage:0 % 3172 | [Owner : habiba | Parent : 416(services.exe) | 1.29 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [01/01/2015 20:38:27] CPU Usage:0 % 1872 | [Owner : | Parent : 416(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard WFP Service.) - (15.0.24.143) = C:\Program Files\Avira\Antivirus\avwebg7.exe [30/01/2017 08:40:40] CPU Usage:0 % 2132 | [Owner : habiba | Parent : 1396(explorer.exe) | 94.08 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Program Files\Google\Chrome\Application\chrome.exe [28/12/2014 18:20:08] CPU Usage:0 % 3948 | [Owner : habiba | Parent : 2132(chrome.exe) | 3.54 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Program Files\Google\Chrome\Application\chrome.exe [28/12/2014 18:20:08] CPU Usage:0 % 3616 | [Owner : habiba | Parent : 2132(chrome.exe) | 4.8 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Program Files\Google\Chrome\Application\chrome.exe [28/12/2014 18:20:08] CPU Usage:0 % 1656 | [Owner : habiba | Parent : 2132(chrome.exe) | 119.53 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Program Files\Google\Chrome\Application\chrome.exe [28/12/2014 18:20:08] CPU Usage:0 % 3576 | [Owner : habiba | Parent : 2132(chrome.exe) | 20.66 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Program Files\Google\Chrome\Application\chrome.exe [28/12/2014 18:20:08] CPU Usage:0 % 2676 | [Owner : | Parent : 768(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.1.7601.18741) = C:\Windows\System32\audiodg.exe [16/03/2015 10:51:57] CPU Usage:0 % 2080 | [Owner : habiba | Parent : 1396(explorer.exe) | 23.3 Mo] - (.SosVirus - QuickDiag.) - (31.1.17.1) = C:\Users\habiba\Desktop\Downloads\QuickDiag.exe [09/02/2017 13:23:23] CPU Usage:0 % 2944 | [Owner : | Parent : 416(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [20/11/2010 22:29:12] CPU Usage:0 % ---------- | MD5 [MD5.653175E41C29D547C790A0AC67E8F7F0] - [05/02/2012 01:50:30] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2659.5 Ko] - (6.1.7601.17567) : C:\Windows\Explorer.exe [MD5.AD7B9C14083B52BC532FBA5948342B98] - [20/11/2010 22:29:12] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 00:11:09] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [14/07/2009 00:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.4D1BC518FF64EB70F6B9218A6FBFDEF6] - [23/04/2016 19:15:42] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [852 Ko] - (6.1.7601.23392) : C:\Windows\System32\Kernel32.dll [MD5.64EA74B6A8F6B5EDA4B6651B47339D5C] - [04/10/2016 21:03:48] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.23539) : C:\Windows\System32\lsass.exe [MD5.7660F01D3B38ACA1747E397D21D790AF] - [20/11/2010 22:29:12] - (.© Microsoft Corporation. - Distributed COM Services.) - [368 Ko] - (6.1.7601.17514) : C:\Windows\System32\rpcss.dll [MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 00:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [30/05/2015 14:31:24] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.CC157E3445C86456494ED940E1250247] - [04/10/2016 20:02:31] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [792.5 Ko] - (6.1.7601.23528) : C:\Windows\System32\user32.dll [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [20/11/2010 22:29:06] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 00:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.52449FD429D6053B78AE564DEF303870] - [01/01/2015 20:38:47] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe [MD5.93B49FA857F7036A4EFF32371F6E7391] - [12/11/2015 21:35:29] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys [MD5.338C86357871C167A96AB976519BF59E] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.4B55C9F9A93B3BFD01ED7366EB0B9D2E] - [20/11/2010 22:29:03] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\ataport.sys [MD5.77EA11B065E0A8AB902D78145CA51E10] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [20/11/2010 22:29:03] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.F024449C97EC1E464AAFFDA18593DB88] - [20/11/2010 22:29:07] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [76.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys [MD5.9036377B8A6C15DC2EEC53E489D159B5] - [20/11/2010 22:29:03] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [14/07/2009 00:11:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [14/07/2009 00:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.953CB38E69B9512A77E25EE9AD9D0F02] - [04/10/2016 21:04:13] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.23539) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.9804FB2E46077F2977552347DFCA7E05] - [12/11/2015 21:31:18] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [695.94 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys [MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [19/06/2016 17:04:38] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - [04/01/2015 06:29:16] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1183.35 Ko] - (6.1.7601.18127) : C:\Windows\System32\Drivers\ntfs.sys [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [14/07/2009 00:45:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [14/07/2009 00:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.B973FCFC50DC1434E1970A146F7E3885] - [20/11/2010 22:29:49] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [130.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys [MD5.3E21C083B8A01CB70BA1F09303010FCE] - [14/07/2009 00:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.5579DD18546999F5D0EC39D018726C6B] - [03/01/2015 21:55:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1263.94 Ko] - (6.1.7601.18438) : C:\Windows\System32\Drivers\tcpip.sys [MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - [12/11/2015 21:35:33] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys [MD5.F497F67932C6FA693D7DE2780631CFE7] - [20/11/2010 22:29:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.Alexander Roshal.-.WinRAR shell extension.) - (5.30.0.0) -- C:\Program Files\WinRAR\rarext.dll (.Avira Operations GmbH & Co. KG.-.AntiVirus context menu.) - (15.0.24.119) -- C:\Program Files\Avira\Antivirus\shlext.dll (.Igor Pavlov.-.7-Zip Shell Extension.) - (9.20.0.0) -- C:\Program Files\7-Zip\7-zip.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Adobe ARM - ("C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKLM\SOFTWARE\...\Run]) - User: Public avgnt - ("C:\Program Files\Avira\Antivirus\avgnt.exe" /min [HKLM\SOFTWARE\...\Run]) - User: Public Avira SystrayStartTrigger - ("C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\habiba\AppData\Roaming [28/11/2014 21:13:09] "Local AppData"=C:\Users\habiba\AppData\Local [28/11/2014 21:13:09] "My Video"=C:\Users\habiba\Videos [28/11/2014 21:13:09] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Libraries [28/11/2014 21:13:47] "My Pictures"=C:\Users\habiba\Pictures [28/11/2014 21:13:09] "Desktop"=C:\Users\habiba\Desktop [28/11/2014 21:13:09] "History"=C:\Users\habiba\AppData\Local\Microsoft\Windows\History [28/11/2014 21:13:09] "NetHood"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Network Shortcuts [28/11/2014 21:13:09] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\habiba\Contacts [28/11/2014 21:13:36] "Cookies"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Cookies [28/11/2014 21:13:09] "Favorites"=C:\Users\habiba\Favorites [28/11/2014 21:13:09] "SendTo"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\SendTo [28/11/2014 21:13:09] "Start Menu"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu [28/11/2014 21:13:09] "My Music"=C:\Users\habiba\Music [28/11/2014 21:13:09] "Programs"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [28/11/2014 21:13:09] "Recent"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Recent [28/11/2014 21:13:09] "CD Burning"=C:\Users\habiba\AppData\Local\Microsoft\Windows\Burn\Burn [28/11/2014 21:13:53] "PrintHood"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [28/11/2014 21:13:09] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\habiba\Searches [28/11/2014 21:13:47] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\habiba\Desktop\Downloads [28/11/2014 21:13:09] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\habiba\AppData\LocalLow [28/11/2014 21:13:09] "Startup"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [28/11/2014 21:13:47] "Administrative Tools"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [28/11/2014 21:13:47] "Personal"=C:\Users\habiba\Documents [28/11/2014 21:13:09] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\habiba\Links [28/11/2014 21:13:09] "Cache"=C:\Users\habiba\AppData\Local\Microsoft\Windows\Temporary Internet Files [28/11/2014 21:13:09] "Templates"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Templates [28/11/2014 21:13:09] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\habiba\Saved Games [28/11/2014 21:13:09] "Fonts"=C:\Windows\Fonts [14/07/2009 03:37:06] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files "Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Desktop\Downloads "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DebugOptions"=2048 "Documents"= "DosPrint"=no "Load"= "NetMessage"=no "NullPort"=None "Programs"=com exe bat pif cmd "Device"=Microsoft XPS Document Writer,winspool,Ne00: "UserSelectedDefault"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt"="C:\Program Files\Avira\Antivirus\avgnt.exe" /min "Avira SystrayStartTrigger"="C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 03:37:05] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 03:37:05] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 03:37:05] "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 03:37:05] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 03:37:05] "CommonMusic"=C:\Users\Public\Music [14/07/2009 03:37:05] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 05:52:30] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 03:37:05] "Common Documents"=C:\Users\Public\Documents [14/07/2009 03:37:05] "OEM Links"=C:\ProgramData\OEM Links "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 03:37:05] "Common AppData"=C:\ProgramData [14/07/2009 03:37:05] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "CommonPictures"=%PUBLIC%\Pictures "CommonMusic"=%PUBLIC%\Music "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "Common Templates"=%ProgramData%\Microsoft\Windows\Templates [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "IconServiceLib"=IconCodecService.dll "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "GDIProcessHandleQuota"=10000 "ShutdownWarningDialogTimeout"=4294967295 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "DeviceNotSelectedTimeout"=15 "Spooler"=yes "TransmissionRetryTimeout"=90 "AppInit_DLLs"= "LoadAppInit_DLLs"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=3198dc76-fcff-4baf-9577-bc567fa "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=424 "SecureBoot"=1 "ProductType"=6 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK c:\users\habiba\appdata\roaming\microsoft\internet explorer\quick launch\chrome.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Args: (hxxp://sweets-pages.com/or/5) - Hidden: False - Status: OK c:\users\habiba\appdata\roaming\microsoft\internet explorer\quick launch\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://sweets-pages.com/or/1) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=2 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "Wallpaper"=C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [08/02/2012 01:48:36] "SCRNSAVE.EXE"=C:\Windows\system32\Lake.scr [08/02/2012 01:36:17] "ScreenSaveTimeOut"=660 "ScreenSaverIsSecure"=0 "Pattern Upgrade"=TRUE "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003328000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "link"=0x1E000000 "Browse For Folder Width"=347 "Browse For Folder Height"=288 "Reason Setting"=255 [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "Hidden"=1 "HideFileExt"=0 "ServerAdminUI"=0 "ShowCompColor"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 "Start_ShowMyGames"=0 "TaskbarSizeMove"=0 "NavPaneShowAllFolders"=1 [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x540000005500000057000000560000005200000046000000510000004F0000004E0000004D0000004B0000004A000000490000004800000047000000450000000D00000044000000400000004C00000043000000350000003B000000420000003C0000003F0000004100000039000000080000003E0000003D000000370000002F000000380000003A0000000700000034000000330000001D000000310000000B000000300000002E000000110000005E0000002D0000002C0000002B0000001A0000001000000029000000280000001700000027000000260000005300000025000000240000002A00000023000000320000002200000021000000200000001F0000001E0000001C0000001B000000190000001800000015000000160000001400000013000000120000000F0000000E0000000C000000360000000A000000090000000600000002000000050000000400000003000000010000000000000063000000580000006200000050000000610000005F000000600000005D0000005C0000005B0000005A00000059000000FFFFFFFF "24"=0x6C006100200031000000 "25"=0x6C00610020003100650072000000 "74"=0x5300E9007500720069007400E90020006400650020007400720061007600610069006C0020002E0064006F0063000000 "86"=0x70006F006D0070006100670065000000 "89"=0x41006C006700650072000000 "90"=0x680061007200720061006300680065000000 "91"=0x68006500720072006100630068000000 "92"=0x45006C002D0048006100720072006100630068000000 "93"=0x530065006D006D00610072000000 "96"=0x61000000 "95"=0x7200690074000000 "97"=0x6A0061007200640069006E000000 "80"=0x730061007200610068000000 "98"=0x73000000 "88"=0x6A0061000000 "99"=0x620075007200610079000000 "0"=0x6200610064000000 "1"=0x6D00610020006D00610069006C006C00650075007200650073000000 "3"=0x6D00610020006D00610069006C006C0065007500720065000000 "4"=0x6D00610020006D00610069006C006C006500750072000000 "5"=0x7200E9007300650061007500200064006500200064006900730074007200690062007500740069006F006E000000 "2"=0x700072006F0062006C0065006D006100740069007100750061000000 "6"=0x700072006F0062006C0065006D006100740069007100750065000000 "9"=0x50004C0041004E0020006400650020007400720061007600610069006C000000 "10"=0x630061007200610063007400E900720069007300740069007100750065000000 "54"=0x730074006100740069006F006E00200064006500200070006F006D0050006100670065000000 "12"=0x6C0069007600720065000000 "14"=0x690073000000 "15"=0x620061006C006C006F006E00200068007900640072000000 "18"=0x620061006C006C006F006E00200068007900640072006F0070006E00650075006D006100740069007100750065000000 "19"=0x4300480041004C0049002000480041004D00690044000000 "20"=0x32003000300035000000 "22"=0x63006F00750070002000640065002000620069006C006900650072000000 "21"=0x61006E00740069002000620069006C006900650072000000 "27"=0x6C00610020003100650072002000760061007200690061006E00740065000000 "28"=0x640068006F006C000000 "30"=0x70007500690073006100720064000000 "31"=0x670072006F007500700065002000E9006C0065006300740072006F0070006F006D00700065000000 "32"=0x4D000000 "33"=0x6D006900720061000000 "34"=0x2E004C000000 "50"=0x630038000000 "35"=0x70006F00730065002000640065002000630061006E0061006C00690073006100740069006F006E000000 "42"=0x660069006C006D000000 "36"=0x7A0065006C006D006100740069000000 "37"=0x6C0065007600E9006500200074006F0070006F000000 "83"=0x63006100740061006C006F006700750065000000 "38"=0x6E00610067006100640061000000 "39"=0x6C0065007600E90065000000 "23"=0x6C00650076000000 "40"=0x61007400740061006300680065006D0065006E0074000000 "41"=0x730063007200650065006E000000 "16"=0x630061007200740065000000 "26"=0x6100730073006F0075006D000000 "43"=0x6D00660065000000 "44"=0x72006100700070006F00720074002000640065002000730074006100670065000000 "45"=0x610066007400650072000000 "94"=0x6A0061006E0061006D000000 "17"=0x6B006900720061006C0069006B000000 "46"=0x740052000000 "48"=0x63006F00750070000000 "11"=0x63006F00750070002000640065002000620069006C00650072000000 "49"=0x630076000000 "29"=0x2E007000700074000000 "51"=0x760066000000 "52"=0x70006100670065000000 "7"=0x6D006F006E0020007300740061000000 "58"=0x61006D0065006E0068000000 "56"=0x41006D0065006E006800790064000000 "47"=0x6F006D0072000000 "55"=0x7000660065000000 "61"=0x730074006100670065000000 "62"=0x65006C006500760065000000 "8"=0x6D0075007300690063000000 "57"=0x6100650070000000 "65"=0x700072006F006A00650074000000 "63"=0x6200690062000000 "60"=0x530049006D0075000000 "66"=0x530069006D0075006C00610074000000 "59"=0x530069006D0075006C006100740069006F006E000000 "53"=0x660069006E000000 "67"=0x70006C0061006E006300680065000000 "76"=0x6E006100670061000000 "64"=0x500052004F004A00450052000000 "68"=0x5300320075000000 "13"=0x5300E9007500720069007400E900640065000000 "69"=0x5300E9007500720069007400E9002E000000 "71"=0x5300E9007500720069007400E9002E0064006F000000 "72"=0x5300E9007500720069007400E9002E0064006F0063000000 "73"=0x730065000000 "75"=0x64006A0065000000 "77"=0x2E005000470049000000 "78"=0x2E004A00500047000000 "79"=0x6800650061006C00650072000000 "81"=0x42007900740065000000 "70"=0x63006F0075000000 "82"=0x63006F007500720061006E000000 "87"=0x7200E900730075006D00E900200070006F006D0070006100670065000000 "85"=0x63006F00750076006500720074007500720065000000 "84"=0x6100640062000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=0 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "VerboseStatus"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=429 "MILDesktop"=1 "MILExplorer"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\System32\Userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=43 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\System32\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=iexplore.exe [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "c:\swsetup\SP50699\setup.exe"=1 "C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33 "C:\Program Files\Realtek\NICDRV_8169\RTINSTALLER32.EXE"=1 "SIGN.MEDIA=1BF320 sp50699.exe"=1 "SIGN.MEDIA=1BF320 sp55086.exe"=1 "C:\Users\habiba\Downloads\install_reader11_fr_mssa_aaa_aih.exe"=1 "C:\Users\habiba\Downloads\SoftonicDownloader_for_360-total-security.exe"=1 "C:\Users\habiba\Downloads\360TS_Setup.exe"=1 "C:\Users\habiba\Downloads\SkypeSetup.exe"=1 "C:\Users\habiba\Downloads\360TS_Setup_5.2.0.1086.exe"=1 "C:\Users\habiba\Downloads\mseinstall.exe"=1 "C:\Users\habiba\Downloads\Install_Prezi_5.2.7.exe"=1 "C:\Users\habiba\Downloads\7z920.exe"=1 "C:\Windows\GPInstall.exe"=1 "C:\Program Files\WinRAR\uninstall.exe"=1 "C:\Users\habiba\Desktop\asma Toumi\cours-3ème\caprari pompe\Setup.exe"=1 "C:\Users\habiba\AppData\Local\Temp\7zS4AC6.tmp\setup-stub.exe"=1 "C:\Users\habiba\Desktop\Downloads\FlvPlayerSetup.exe"=1 "C:\Users\habiba\AppData\Local\Temp\mhsetup.exe"=1 "C:\Users\habiba\Desktop\Downloads\logiciels\mseinstall.exe"=1 "C:\Users\habiba\AppData\Local\Temp\7zSA5C1.tmp\setup.exe"=1 "C:\Users\habiba\Desktop\Downloads\ViberSetup.exe"=1 "C:\Users\habiba\AppData\Local\Temp\RarSFX0\setup.exe"=1 "C:\Users\habiba\Desktop\Downloads\FinalMediaPlayer2014U1Setup.exe"=1 "C:\Users\habiba\Desktop\Downloads\Avira_Antivirus_Pro_v15.0.18.354\avira_antivirus_en-us.exe"=1 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{11245d61-0177-11e5-81c8-78acc0c7b0ab}] : D:\autorun.exe (AutoRun) [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{11245d64-0177-11e5-81c8-78acc0c7b0ab}] : D:\autorun.exe (AutoRun) [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{86e6fb53-9523-11e4-b72f-78acc0c7b0ab}] : D:\run.bat (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920209537502489 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=1 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0x5DCD6FC1F925D001 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.fr [216.58.205.195] avec 32 octets de donn?es?: R?ponse de 216.58.205.195?: octets=32 temps=56 ms TTL=53 R?ponse de 216.58.205.195?: octets=32 temps=57 ms TTL=53 R?ponse de 216.58.205.195?: octets=32 temps=56 ms TTL=53 R?ponse de 216.58.205.195?: octets=32 temps=56 ms TTL=53 Statistiques Ping pour 216.58.205.195: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 56ms, Maximum = 57ms, Moyenne = 56ms ---------- | @ [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "DisableScriptDebuggerIE"=yes "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF1C000000000000002703000030020000 "IE9RunOnceLastShown"=1 "IE9RunOnceLastShown_TIMESTAMP"=0x337C55763824D001 "IE9TourShown"=1 "IE9TourShownTime"=0x9ECEE7B5A51CD001 "Start Page Redirect Cache_TIMESTAMP"=0xEE3DB666C122D001 "Start Page Redirect Cache AcceptLangs"=fr-FR "IconCache"=zcvf66k "Check_Associations"=no "OperationalData"=5 "ImageStoreRandomFolder"=ppdsle3 "DoNotTrack"=1 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x4E7E3F48A13BD001 "IE10TourShown"=1 "IE10TourShownTime"=0xB5007B48A13BD001 "First Home Page"=http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=fr-FR&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwebsearch.goodforsearch.info%2F%3Fpid%3D24424%26r%3D2015%2F05%2F19%26hid%3D1099644463724759460%26lg%3DEN%26cc%3DDZ%26unqvl%3D86&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26src%3DIE%2DSearchBox%26FORM%3DIE11SR "NotifyDownloadComplete"=yes "Start Page_TIMESTAMP"=0x201DE29480A7D101 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0xC3C72722A12AD001 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "GlobalUserOffline"=0 "EnableAutodial"=0 "NoNetAutodial"=0 "AutoConfigUrl"=http://no-blocked.org/wpad.dat?0f3894d5dbdbfc6544cc0805e0366f8024628944 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_md_16_18¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtDtDyE0EtDtDtBzz0D0C0D0BzzzztN0D0Tzu0StCyDzzyCtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByC0EtA0EtD0E0EtGyCtD0CyEtGyEyDyDtCtGyDtC0ByCtG0A0EtC0AtCtAtB0FyDtBzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0Azy0DtA0FyBtG0AyDzytBtGyEtCyEtBtG0B0EtAyCtGzz0A0AyEtB0AtDzztA0Ezyzy2QtN0A0LzuyE%26cr%3D141084397%26a%3Dwbf_md_16_18%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files "ProxyEnable"=0 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.awb] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EVR] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EVRC] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivr] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4] "Application"=C:\Program Files\Free MP4 Player\FreeMP4Player.exe [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAM] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rax] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjt] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmhd] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmj] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rnx] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rvx] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff] "Application"= [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WEBM] "Application"= ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll ---------- | Toolbar [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={2f23ab71-4ac6-41f2-a955-ea576e553146} "KnownProvidersUpgradeTime"=0x0E281338CD35D001 "DownloadRetries"=1 "DefaultPackCorrection"=1 "Version"=4 "UpgradeTime"=0x5AF4DED69C3BD001 "DefaultPackNTCorrection"=1 ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Search Provided by Yahoo) - https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_md_16_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtDtDyE0EtDtDtBzz0D0C0D0BzzzztN0D0Tzu0StCyDzzyCtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByC0EtA0EtD0E0EtGyCtD0CyEtGyEyDyDtCtGyDtC0ByCtG0A0EtC0AtCtAtB0FyDtBzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0Azy0DtA0FyBtG0AyDzytBtGyEtCyEtBtG0B0EtAyCtGzz0A0AyEtB0AtDzztA0Ezyzy2QtN0A0LzuyE%26cr%3D141084397%26a%3Dwbf_md_16_18%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} : [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE08 : [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] - (default-search.net) - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Search Provided by Yahoo) - https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_md_16_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Ddz%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzytDtDtDyE0EtDtDtBzz0D0C0D0BzzzztN0D0Tzu0StCyDzzyCtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StByC0EtA0EtD0E0EtGyCtD0CyEtGyEyDyDtCtGyDtC0ByCtG0A0EtC0AtCtAtB0FyDtBzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0Azy0DtA0FyBtG0AyDzytBtGyEtCyEtBtG0B0EtAyCtGzz0A0AyEtB0AtDzztA0Ezyzy2QtN0A0LzuyE%26cr%3D141084397%26a%3Dwbf_md_16_18%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] - (default-search.net) - : ---------- | Browser Helper Objects ---------- | Chrome [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej] [HKLM\Software\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl] [HKLM\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej] ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C80BB31B-F707-4308-AB64-9A62BEF9F449}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C80BB31B-F707-4308-AB64-9A62BEF9F449}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Classes\Applications\chrome.exe] : "C:\Program Files\Google\Chrome\Application\chrome.exe" "%1" [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Classes\Applications\DVDMaker.exe] : "C:\Program Files\DVD Maker\DVDMaker.exe" "%1" [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Classes\Applications\Epanet2w_fr.exe] : "C:\Users\habiba\Desktop\Downloads\ENSH 2emeo\ina\2 ieme semestre\AEP\Epanet\Epanet2w_fr.exe" "%1" [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Classes\Applications\FinalMediaPlayer.exe] : "C:\Program Files\FinalMediaPlayer\FinalMediaPlayer.exe" "%1" [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Classes\Applications\FreeMP4Player.exe] : "C:\Program Files\Free MP4 Player\FreeMP4Player.exe" "%1" [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Classes\Applications\ipmsg.exe] : "C:\Users\habiba\AppData\Local\IPMsg\ipmsg.exe" "%1" [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Classes\Applications\RealPlay.exe] : "C:\Program Files\Real\RealPlayer\realplay.exe" "%1" [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Classes\Applications\wmpconfig.exe] : "C:\Program Files\Windows Media Player\wmpconfig.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~1\MICROS~1\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\RealPlay.exe] : "C:\Program Files\Real\RealPlayer\realplay.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "RPCSS"=RpcEptMapper RpcSs "defragsvc"=defragsvc "LocalSystemNetworkRestricted"=UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc IPBusEnum dot3svc hidserv irmon sysmain WPDBusEnum homegrouplistener TabletInputService PcaSvc wlansvc CscService StorSvc UmRdpService "LocalService"=nsi WdiServiceHost w32time EventSystem RemoteRegistry WinHttpAutoProxySvc sppuinotify THREADORDER netprofm lltdsvc fdphost SstpSvc WebClient FontCache "netsvcs"=AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC AppMgmt "WerSvcGroup"=wersvc "LocalServiceNoNetwork"=DPS PLA BFE mpssvc WwanSvc "termsvcs"=TermService "swprv"=swprv "LocalServiceNetworkRestricted"=DHCP eventlog AudioSrv BthHFSrv LmHosts wscsvc homegroupprovider WPCSvc "LocalServicePeerNet"=PNRPSvc p2pimsvc p2psvc PnrpAutoReg "NetworkServiceAndNoImpersonation"=KtmRm "regsvc"=RemoteRegistry "LocalServiceAndNoImpersonation"=SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc "DcomLaunch"=Power PlugPlay DcomLaunch "NetworkServiceNetworkRestricted"=PolicyAgent "NetworkService"=CryptSvc DHCP TermService DNSCache lanmanworkstation NapAgent nlasvc WinRM WECSVC Tapisrv "sdrsvc"=sdrsvc "WbioSvcGroup"=WbioSrvc "imgsvc"=StiSvc "wcssvc"=WcsPlugInService "AxInstSVGroup"=AxInstSV "secsvcs"=WinDefend "bthsvcs"=bthserv "PeerDist"=PeerDistSvc ---------- | SvcHost - Netsvcs (Whitelisted) Term - : ---------- | Software [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\7-Zip] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Adobe] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\APN PIP] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\AppDataLow] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Avira] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\BandiMPEG1] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\BANDISOFT] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Bitberry] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Bitberry Software] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Clients] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\csastats] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Glarysoft] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\GNU] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Google] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Haali] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\HSTools] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\IM Providers] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\InstallCore] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Intel] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\KasperskyLab] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\KasperskyLabSetup] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Magicbit] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\MainConcept] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\malavida] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\MCAFEE] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Mozilla] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Netscape] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\ODBC] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Opera Software] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Policies] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\ProductSetup] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Real] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\RealNetworks] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Skype] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Softonic] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\sysinternals] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Trolltech] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\UniExtract] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Unknown File Handler] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\WebApp] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\WinRAR] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\WinRAR SFX] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-536618584-166276851-2366321824-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\82fa23ed-8243-a4e6-87fc-b372686f12a1] [HKLM\Software\Adobe] [HKLM\Software\ATI Technologies] [HKLM\Software\Avira] [HKLM\Software\BandiMPEG1] [HKLM\Software\BANDISOFT] [HKLM\Software\CBSTEST] [HKLM\Software\CDDB] [HKLM\Software\Clients] [HKLM\Software\Cygwin] [HKLM\Software\FlvPlayer] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\GlarySoft] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\HSPA] [HKLM\Software\Intel] [HKLM\Software\McAfee.com] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\Opera Software] [HKLM\Software\Policies] [HKLM\Software\RealNetworks] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\Skype] [HKLM\Software\SmdmF] [HKLM\Software\Sonic] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\WinRAR] [HKLM\Software\X-AVCSD] [HKLM\Software\Xing Technology Corp.] [HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}] [HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] ---------- | Drives ---------- | C: [03/01/2015 22:07:57] - |SHD| - [18427] - C:\$360Section [14/07/2009 03:36:15] - |SHD| - [6970007561] - C:\$Recycle.Bin [09/10/2015 21:56:38] - |RASHD| - [669] - C:\$RECYCLEBIN [28/01/2017 11:45:10] - |D| - [204247140] - C:\0d714e78470907bb8a0425ee6607 [28/01/2017 17:08:18] - |D| - [2134670] - C:\0d82d8182c1f37fcc0598061a626 [28/01/2017 09:20:51] - |D| - [204247140] - C:\1d463820ed8ddd19f106ae991831 [28/01/2017 11:46:01] - |D| - [2134670] - C:\356f2693aca258903e6f086ceb18 [28/01/2017 17:06:26] - |D| - [204247140] - C:\369b2c3436a77c57bc9cc6c037002d [28/01/2017 18:49:42] - |D| - [204247140] - C:\627dcbab24a74d6a3bbbef [11/09/2015 00:16:29] - |D| - [246952] - C:\8cd474daedbb24938a90cc0ac1 [28/01/2017 18:51:17] - |D| - [2134670] - C:\9db9c45506c1646fd5cf6cc2ac54 [04/01/2015 06:32:16] - |D| - [5615226] - C:\9f10580d7677aed7505e00167d6474a2 [28/01/2017 09:21:49] - |D| - [2134670] - C:\b040e7e1a3d3e4dde8 [02/02/2012 20:42:25] - |SHD| - [14548788] - C:\Boot [MD5.259525CFB422E6AC8E87BC9777B1DF73] - [02/02/2012 20:42:25] - |RASH| - (.-.) - [383786] - (0.0.0.0) - C:\bootmgr [MD5.1D0880B2A1CB3840286FB278C20885B5] - [02/02/2012 20:42:26] - |RASH| - (.-.) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK [15/06/2015 07:10:05] - |D| - [1294622889] - C:\carte [04/01/2015 06:32:47] - |SHD| - [24551] - C:\Config.Msi [14/07/2009 05:53:55] - |SHD| - [0] - C:\Documents and Settings [MD5.471F128B2DA159652F904997A400EDEB] - [20/07/2016 18:35:59] - |A| - (.-.) - [3250] - (0.0.0.0) - C:\GUDownLoaddebug.txt [28/12/2014 18:53:23] - |D| - [456962] - C:\Intel [04/01/2015 09:20:27] - |RHD| - [529153367] - C:\MSOCache [MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/11/2014 21:00:04] - |ASH| - (.-.) - [536870912] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 03:37:05] - |D| - [0] - C:\PerfLogs [14/07/2009 03:37:05] - |RD| - [2747097375] - C:\Program Files [14/07/2009 03:37:05] - |HD| - [2122922165] - C:\ProgramData [09/02/2017 13:25:04] - |D| - [262068] - C:\QuickDiag [MD5.93F3CF295D7B4EB61518A9A271FA80D1] - [09/02/2017 13:25:26] - |A| - (.-.) - [98283] - (0.0.0.0) - C:\QuickDiag.txt [28/11/2014 21:13:00] - |SHD| - [232719635] - C:\Recovery [28/12/2014 18:08:15] - |D| - [28061464] - C:\swsetup [28/11/2014 21:00:05] - |SHD| - [0] - C:\System Volume Information [14/07/2009 03:37:05] - |RD| - [69907832929] - C:\Users [14/07/2009 03:37:05] - |D| - [15812839111] - C:\Windows ---------- | C:\Windows [14/07/2009 05:52:30] - |D| - [802] - C:\Windows\addins [14/07/2009 03:37:05] - |D| - [10170736] - C:\Windows\AppCompat [14/07/2009 03:37:05] - |D| - [9912544] - C:\Windows\AppPatch [14/07/2009 03:37:05] - |RSD| - [150299822] - C:\Windows\assembly [MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [20/11/2010 22:29:04] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 03:37:06] - |D| - [8083752] - C:\Windows\Boot [MD5.51E22F7049A85114C4A6DF5DABBC21F9] - [14/07/2009 05:57:37] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 03:37:06] - |D| - [3230642] - C:\Windows\Branding [MD5.99000D097B539279198CC073215F3384] - [02/02/2012 21:01:56] - |A| - (.-.) - [291] - (0.0.0.0) - C:\Windows\Checkbox.vbs [MD5.57B1D1BA60F305F1A4E45809AC40EDB0] - [30/12/2015 14:38:36] - |A| - (.-.) - [20] - (0.0.0.0) - C:\Windows\Cpt2AW.INI [28/11/2014 21:03:17] - |D| - [0] - C:\Windows\CSC [14/07/2009 03:37:06] - |D| - [2221538] - C:\Windows\Cursors [14/07/2009 05:34:21] - |D| - [1197] - C:\Windows\debug [14/07/2009 05:52:30] - |D| - [3042330] - C:\Windows\diagnostics [12/04/2011 02:35:38] - |D| - [0] - C:\Windows\DigitalLocker [14/07/2009 05:52:30] - |D| - [65] - C:\Windows\Downloaded Program Files [12/04/2011 02:45:07] - |D| - [142813871] - C:\Windows\ehome [MD5.E185BDA84E5F03F4E1D8DCA30E209277] - [24/02/2015 18:46:57] - |A| - (.-.) - [1912] - (0.0.0.0) - C:\Windows\epplauncher.mif [MD5.653175E41C29D547C790A0AC67E8F7F0] - [05/02/2012 01:50:30] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2723328] - (6.1.7601.17567) - C:\Windows\explorer.exe [14/07/2009 03:37:06] - |RSD| - [162855271] - C:\Windows\Fonts [12/04/2011 02:35:38] - |D| - [142336] - C:\Windows\fr-FR [MD5.F9202335BBA03A02F084FE588564BBF5] - [14/07/2009 00:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [MD5.7C4267B2FA6042CECEE4CE07F4FB8E7E] - [09/11/2015 17:37:24] - |A| - (.-.) - [8897] - (0.0.0.0) - C:\Windows\F_France.gpl [14/07/2009 03:37:06] - |D| - [13983480] - C:\Windows\Globalization [MD5.A75A03E2FE261297C3CBB128C32BE3D8] - [09/11/2015 17:37:21] - |A| - (.- GP-Install.) - [796672] - (5.0.3.32) - C:\Windows\GPInstall.exe [14/07/2009 03:37:06] - |D| - [40875430] - C:\Windows\Help [MD5.2FF3A32F01DF61836FED59D441D8B9DF] - [14/07/2009 01:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [497152] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.9B90B0C78671A4881D06C91941F6F379] - [14/07/2009 01:12:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe [14/07/2009 03:37:06] - |D| - [39812390] - C:\Windows\IME [14/07/2009 03:37:06] - |D| - [49776706] - C:\Windows\inf [28/12/2014 18:19:00] - |SHD| - [2059351217] - C:\Windows\Installer [MD5.36932522D014499D7F7B1BB921D05842] - [30/12/2015 14:34:31] - |A| - (.Copyright© 1990-1998 InstallShield Software Corporation Phone : (847) 240-9111 - InstallShield® unInstaller.) - [327168] - (5.50.137.0) - C:\Windows\IsUn040c.exe [14/07/2009 03:37:06] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 03:37:06] - |D| - [0] - C:\Windows\LiveKernelReports [14/07/2009 03:37:06] - |D| - [20658957] - C:\Windows\Logs [14/07/2009 03:37:06] - |RSD| - [15649177] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 00:55:01] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 03:37:07] - |D| - [91469277] - C:\Windows\Microsoft.NET [28/05/2015 22:20:37] - |D| - [0] - C:\Windows\Minidump [14/07/2009 03:37:07] - |D| - [9138] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:04:57] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.A4F6DF0E33E644E802C8798ED94D80EA] - [01/10/2015 22:32:09] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [179712] - (6.1.7601.18917) - C:\Windows\notepad.exe [14/07/2009 05:52:30] - |D| - [65] - C:\Windows\Offline Web Pages [02/02/2012 20:42:38] - |D| - [1604299] - C:\Windows\Panther [04/01/2015 09:44:36] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 05:52:30] - |D| - [62085721] - C:\Windows\Performance [MD5.7C01F9D7DC90DF2E61F86C6FC3D3DE60] - [22/10/2016 01:33:57] - |A| - (.-.) - [164660] - (0.0.0.0) - C:\Windows\PFRO.log [14/07/2009 03:37:07] - |D| - [1132015] - C:\Windows\PLA [14/07/2009 03:37:07] - |D| - [5799879] - C:\Windows\PolicyDefinitions [02/02/2012 20:43:53] - |D| - [24477241] - C:\Windows\Prefetch [MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [12/04/2011 02:45:48] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\Windows\Professional.xml [MD5.447622A80C2A3E40F6D2DCF16C63069B] - [14/07/2009 00:17:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [599040] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 03:37:07] - |D| - [21544] - C:\Windows\Registration [14/07/2009 03:37:07] - |D| - [6705373] - C:\Windows\rescache [14/07/2009 03:37:07] - |D| - [70777929] - C:\Windows\Resources [14/07/2009 03:37:07] - |D| - [0] - C:\Windows\SchCache [14/07/2009 03:37:07] - |D| - [55533] - C:\Windows\schemas [14/07/2009 03:37:07] - |D| - [1070614] - C:\Windows\security [14/07/2009 05:34:13] - |D| - [617825261] - C:\Windows\ServiceProfiles [14/07/2009 03:37:07] - |D| - [69072972] - C:\Windows\servicing [14/07/2009 05:34:16] - |D| - [3529] - C:\Windows\Setup [MD5.FFA8DBB404934DD19CB50574895E5F91] - [07/09/2016 10:33:54] - |A| - (.-.) - [125206] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [07/09/2016 10:33:54] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [12/04/2011 02:45:07] - |D| - [101851] - C:\Windows\ShellNew [28/11/2014 21:02:59] - |D| - [1502076662] - C:\Windows\SoftwareDistribution [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 05:48:09] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 03:37:07] - |D| - [700380] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:04:23] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 03:37:07] - |D| - [2390296203] - C:\Windows\System32 [14/07/2009 03:37:09] - |D| - [15] - C:\Windows\TAPI [14/07/2009 03:37:09] - |D| - [33742] - C:\Windows\Tasks [14/07/2009 03:37:09] - |D| - [41675228] - C:\Windows\Temp [14/07/2009 03:37:09] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 22:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 05:52:30] - |D| - [6144] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 22:29:41] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 23:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 01:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [MD5.57B1D1BA60F305F1A4E45809AC40EDB0] - [30/12/2015 14:38:37] - |A| - (.-.) - [20] - (0.0.0.0) - C:\Windows\VsPc32.INI [MD5.F36ED9CE312CDC1434A3C6ABB8465A77] - [30/12/2015 14:36:34] - |A| - (.-.) - [9] - (0.0.0.0) - C:\Windows\VsProg.INI [14/07/2009 03:37:09] - |D| - [12420] - C:\Windows\Vss [MD5.6BE3E3CCCDDA49065F5FB4C68BA58200] - [30/12/2015 14:36:48] - |A| - (.-.) - [9] - (0.0.0.0) - C:\Windows\VsxSetup.INI [14/07/2009 03:37:09] - |D| - [112612176] - C:\Windows\Web [MD5.E13F489F0B1E52319A86BDD996263F4B] - [14/07/2009 03:04:23] - |A| - (.-.) - [478] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 05:41:57] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.C19C63C2F73F92A6D5C48BEF3BCDDFB9] - [28/11/2014 21:02:58] - |A| - (.-.) - [1116584] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 21:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 01:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 03:37:09] - |D| - [8072631474] - C:\Windows\winsxs [MD5.BB524B4726678D52ED01860BA8829DBF] - [25/01/2017 22:38:33] - |A| - (.-.) - [609] - (0.0.0.0) - C:\Windows\wmsetup.log [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:34:23] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.6E8EACC0B339365D79A2C06896865D3D] - [14/07/2009 00:41:00] - |A| - (.© Microsoft Corporation. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe [MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 22:30:30] - |A| - (.-.) - [707] - (0.0.0.0) - C:\Windows\_default.pif ---------- | C:\Windows\System32\GroupPolicy [MD5.E12324ACF507ACE937B7FEC19E97D9AE] - [05/05/2016 21:42:29] - |A| - (.-.) - [127] - (0.0.0.0) - C:\Windows\System32\GroupPolicy\gpt.ini [05/05/2016 21:42:29] - |D| - [94] - C:\Windows\System32\GroupPolicy\Machine [05/05/2016 21:42:29] - |D| - [0] - C:\Windows\System32\GroupPolicy\User ---------- | Systemroot\System [14/07/2009 00:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL) [14/07/2009 00:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library) [13/07/2009 22:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries) [13/07/2009 22:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module) [13/07/2009 21:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library) [14/07/2009 00:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI) [14/07/2009 00:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer) [14/07/2009 00:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio) [13/07/2009 22:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia) [13/07/2009 22:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module) [13/07/2009 22:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module) [10/06/2009 22:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL) [13/07/2009 21:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library) [13/07/2009 22:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library) [13/07/2009 22:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library) [13/07/2009 22:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module) [13/07/2009 23:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library) [13/07/2009 22:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component) [13/07/2009 22:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles) [13/07/2009 21:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries) [13/07/2009 22:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module) [13/07/2009 22:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [16/12/2016 23:02:26] - C:\Windows\Installer\1910db4.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/12/2014 18:13:58] - C:\Windows\Installer\271ef9.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2012 04:48:11] - C:\Windows\Installer\3295fb.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/12/2016 09:30:08] - C:\Windows\Installer\40a28.msi : (Avira Connect - Avira Operations GmbH & Co. KG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/02/2017 15:13:43] - C:\Windows\Installer\420cb2.msi : (Blank Project Template - SD Association) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/05/2015 19:15:47] - C:\Windows\Installer\4871d.msi : (HSPA USB Modem - HSPA) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/01/2017 19:07:55] - C:\Windows\Installer\598eb1.msi : (vs2015_redist x86 - Realnetworks) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/01/2015 06:18:04] - C:\Windows\Installer\8f2ae.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [14/07/2009 05:42:29] - [73] - C:\Windows\System32\desktop.ini [19/04/2015 05:49:28] - [16303] - C:\Windows\System32\ieuinit.inf [14/07/2009 05:42:26] - [535] - C:\Windows\System32\mapisvc.inf [20/11/2010 22:01:02] - [1524562] - C:\Windows\System32\PerfStringBackup.INI [10/06/2009 22:39:59] - [60124] - C:\Windows\System32\tcpmon.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.5999AA9B5414273EEB5D3C243D418857] - |A| - [13/11/2016 17:03:34] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2016111300001560.zip [MD5.2F1E29081987671CAE70BCA8DAC70EEC] - |A| - [13/11/2016 16:01:05] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2016111300002160.zip [MD5.C41BAE3C43000DC119E9F51B096C01F2] - |A| - [13/11/2016 19:25:48] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2016111300002260.zip [MD5.5CE4E48D2DF56D91D39B7E5C47BC6CBC] - |A| - [13/11/2016 17:25:04] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2016111300002580.zip [MD5.070873C12AA0BB6AE580E79D75C77BA7] - |A| - [13/11/2016 13:36:51] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2016111300002648.zip [MD5.E599B9B4B1335CEEFF13AA9A8F9228F9] - |A| - [13/11/2016 13:07:10] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2016111300002756.zip [MD5.81FB65E23B0B023AB1F9EC1B3B9CE89C] - |A| - [13/11/2016 18:05:26] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2016111300002860.zip [MD5.A10C43BF97A906C5FC21A21F4E31AF83] - |A| - [13/11/2016 13:58:22] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2016111300003016.zip [MD5.DFCB284352340B23682CECF1A14A14AB] - |A| - [13/11/2016 14:39:37] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2016111300003760.zip [MD5.CB679B2E0657E4C538DD45D3AC053F6B] - |A| - [30/01/2017 08:45:00] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2017013000002460.zip [MD5.EA541EB12E7E3FB800A8949F3D18DEDA] - |A| - [30/01/2017 10:02:54] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2017013000002780.zip [MD5.B59D2B6847308BDA4CB4724DF4245087] - |A| - [03/02/2017 09:38:16] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2017020300000612.zip [MD5.3324042A71F47CC3BFE91DE32A89A8EF] - |A| - [06/02/2017 14:23:08] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2017020600002672.zip [MD5.00000000000000000000000000000000] - |D| - [10/01/2015 21:35:28] - [0 Ko] - C:\Windows\Temp\360 [MD5.00000000000000000000000000000000] - |D| - [03/08/2016 16:03:47] - [0 Ko] - C:\Windows\Temp\A7E69130-9DF1-4449-87AF-3B932148BC0D-Sigs [MD5.D5306BCFD49A32D632534B9710960EFC] - |A| - [11/10/2016 22:14:50] - (.-.) - [1.42 Ko] - (0.0.0.0) - C:\Windows\Temp\AdobeARM.log [MD5.B10B191AE4A412AD2DB88BB4D8CAB4CA] - |A| - [30/01/2017 08:50:29] - (.-.) - [23.79 Ko] - (0.0.0.0) - C:\Windows\Temp\Avira_Connect_20170130085029.log [MD5.285C912CD860A6FB0298975EE52E71C0] - |A| - [30/01/2017 08:50:42] - (.-.) - [1200.68 Ko] - (0.0.0.0) - C:\Windows\Temp\Avira_Connect_20170130085029_001_Id.Avira.OE.Setup.Msi.log [MD5.99B7AD5B5014D434E7E28E39D19681A0] - |A| - [01/02/2017 14:38:24] - (.-.) - [23.79 Ko] - (0.0.0.0) - C:\Windows\Temp\Avira_Connect_20170201143824.log [MD5.4E2DC5AD5004FDEB0DB154563FFA8F25] - |A| - [01/02/2017 14:38:41] - (.-.) - [1265.95 Ko] - (0.0.0.0) - C:\Windows\Temp\Avira_Connect_20170201143824_001_Id.Avira.OE.Setup.Msi.log [MD5.4435EBA3B5DFD1FB22C682A0E8C00E8F] - |A| - [01/02/2017 14:42:07] - (.-.) - [16.07 Ko] - (0.0.0.0) - C:\Windows\Temp\Avira_Connect_20170201144207.log [MD5.E1AC97376CB760871B6628825712F129] - |A| - [30/01/2017 08:45:40] - (.-.) - [23.61 Ko] - (0.0.0.0) - C:\Windows\Temp\Avira_Launcher_20170130084540.log [MD5.08F4183750229D94CB70545B00C68BFA] - |A| - [30/01/2017 08:45:51] - (.-.) - [589.41 Ko] - (0.0.0.0) - C:\Windows\Temp\Avira_Launcher_20170130084540_002_Id.Avira.OE.Setup.Msi.log [MD5.D800F5D4AA9E36707CB9A04554DF6A52] - |A| - [30/01/2017 08:55:13] - (.-.) - [16.12 Ko] - (0.0.0.0) - C:\Windows\Temp\Avira_Launcher_20170130085513.log [MD5.00000000000000000000000000000000] - |D| - [07/02/2017 17:25:40] - [0 Ko] - C:\Windows\Temp\AVSETUP_5899f504 [MD5.A324907C9D5F5F9A0E5E9FEA8087ED7B] - |A| - [07/10/2016 21:53:28] - (.-.) - [1232.38 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_1396_2 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [07/10/2016 21:53:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_1396_3 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [07/10/2016 21:53:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_1396_4 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [07/10/2016 21:53:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_1396_5 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [07/10/2016 21:53:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_1396_6 [MD5.D82346D827A9FC9ECA8127998F782D8A] - |A| - [05/12/2016 23:04:12] - (.-.) - [1945.72 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_2816_2 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/12/2016 23:04:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_2816_3 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/12/2016 23:04:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_2816_4 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/12/2016 23:04:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_2816_5 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/12/2016 23:04:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_2816_6 [MD5.BEC4F3B2B6FE47D6AD78B24A3DD13C92] - |A| - [20/01/2017 01:58:37] - (.-.) - [1544.09 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_3828_2 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/01/2017 01:58:37] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_3828_3 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/01/2017 01:58:37] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_3828_4 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/01/2017 01:58:37] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_3828_5 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/01/2017 01:58:37] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\cab_3828_6 [MD5.1AE641876962838AA9432D9F4CE2DCD2] - |A| - [16/09/2016 23:43:55] - (.-.) - [2.36 Ko] - (0.0.0.0) - C:\Windows\Temp\chrome_installer.log [MD5.00000000000000000000000000000000] - |D| - [03/05/2016 14:48:10] - [0.04 Ko] - C:\Windows\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [03/02/2017 10:20:06] - [1377.35 Ko] - C:\Windows\Temp\CR_7C4EB.tmp [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [23/01/2017 21:27:18] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_1KShj2z0byjtkUJ [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [23/01/2017 21:27:18] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_35tGp8YX2RyvQ4u [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [22/01/2017 20:52:50] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_574RG2alZWvQB5j [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [22/01/2017 20:52:42] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_6zDvixubOkv6ob1 [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [21/01/2017 18:11:27] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_7qlBYt4CbVdA5Kz [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [23/01/2017 21:27:10] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_AgjBTWzeFuQqHzr [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [21/01/2017 10:32:51] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_BFztEEcjEAAbrXS [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/01/2017 10:17:07] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_Biy1TKjwtnUz3g0 [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [24/01/2017 20:55:03] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_cg1gFDxocykTpjo [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [21/01/2017 10:32:41] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_coVaX3GXieR4DYf [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [24/01/2017 20:55:12] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_croC2U9QoqxgN8n [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [21/01/2017 10:32:41] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_gA0XzyKYVWCa9Pw [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [24/01/2017 20:55:03] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_gBh73ajZuAjBL7w [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [20/01/2017 10:17:05] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_gCQafMPFRogmGOT [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [21/01/2017 18:11:44] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_gwf4V8Ar4homTUq [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [22/01/2017 20:52:50] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_H3AvG3rnAy2NNw0 [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [24/01/2017 13:51:19] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_hmmR0De0KH72XDU [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/01/2017 22:29:02] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_hN0hL1vUz6mBskj [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [24/01/2017 13:51:10] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_hZu9tyANm95dh2L [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [20/01/2017 10:17:05] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_IsPD5CsEyxjeoMG [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [19/01/2017 19:41:58] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_Jb4TV08cKEdO2ds [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [19/01/2017 22:29:07] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_JKLqrvJYCAam7id [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [21/01/2017 18:11:44] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_JKnJRQFqiXD4Zxw [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [24/01/2017 13:51:10] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_LdxhYzq1bTomYnh [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [19/01/2017 19:29:45] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_OGfFMcy85MXnhda [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/01/2017 19:41:58] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_oje472HuSDvgmqH [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [20/01/2017 10:17:07] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_OLhb3xk14j6x5kc [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [21/01/2017 10:32:51] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_OXTomtYM9ekKKT2 [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [24/01/2017 20:55:12] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_OzA61VTevcWVtIP [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/01/2017 19:29:45] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_Qmt27wLOhRgpvsP [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [23/01/2017 21:27:10] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_qUpSonIVaQQbkmV [MD5.9C6C316A814676DE20ED21FBB96B7A01] - |AHT| - [19/01/2017 22:29:02] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_stiJ8r0aqTe0qq2 [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [19/01/2017 22:29:07] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_tJYAbgqymUz8b7X [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [21/01/2017 18:11:26] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_V6wCzkCWPNnE063 [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [24/01/2017 13:51:19] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_wczSdJILPRZubqW [MD5.BF619EAC0CDF3F68D496EA9344137E8B] - |AHT| - [22/01/2017 20:52:42] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\Windows\Temp\etilqs_yhu4WjpXddVZV4A [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/12/2016 23:11:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\GUR5E1B.exe [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/12/2016 23:11:33] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\GUR5E1B.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/10/2016 12:42:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\GUR6A56.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/02/2017 18:57:39] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\GURB51B.tmp [MD5.00000000000000000000000000000000] - |D| - [06/01/2015 23:12:06] - [0 Ko] - C:\Windows\Temp\IE7C83.tmp [MD5.00000000000000000000000000000000] - |D| - [01/01/2015 20:35:50] - [0 Ko] - C:\Windows\Temp\InstallHelp [MD5.00000000000000000000000000000000] - |D| - [12/01/2015 20:12:34] - [1465.1 Ko] - C:\Windows\Temp\Low [MD5.D6EC0FFC09579444F0D2D6B492A8A0CB] - |A| - [07/09/2016 20:52:06] - (.-.) - [940.86 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log [MD5.00000000000000000000000000000000] - |D| - [07/03/2015 20:08:58] - [0 Ko] - C:\Windows\Temp\MPInstrumentation [MD5.602AF8C80B1DAAEA545298A121F9985E] - |A| - [07/09/2016 00:57:08] - (.-.) - [115.45 Ko] - (0.0.0.0) - C:\Windows\Temp\MpSigStub.log [MD5.00000000000000000000000000000000] - |D| - [24/02/2015 18:46:47] - [0 Ko] - C:\Windows\Temp\MPTelemetrySubmit [MD5.00000000000000000000000000000000] - |D| - [04/01/2015 20:00:05] - [0 Ko] - C:\Windows\Temp\MRT [MD5.E16428327CEA89D876E912035E89E41C] - |A| - [20/01/2017 10:21:37] - (.-.) - [8.43 Ko] - (0.0.0.0) - C:\Windows\Temp\RealDownloader_20170120102137.log [MD5.94CC59AF56A7DCF5FAEC11E43EB6BDBA] - |A| - [20/01/2017 10:21:41] - (.-.) - [79.15 Ko] - (0.0.0.0) - C:\Windows\Temp\RealDownloader_20170120102137_000_VideoDownloader.msi.log [MD5.6FBFB47FAEAFEF37FB03AF40C3D87803] - |A| - [20/01/2017 10:21:56] - (.-.) - [111.81 Ko] - (0.0.0.0) - C:\Windows\Temp\RealDownloader_20170120102137_001_RealDownloader2.msi.log [MD5.59071590099D21DD439896592338BF95] - |AT| - [04/11/2016 13:46:32] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000001950F0DB5656CF27F [MD5.59071590099D21DD439896592338BF95] - |AT| - [26/09/2016 10:59:00] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000001F2D776066D4B805B [MD5.59071590099D21DD439896592338BF95] - |AT| - [26/09/2016 10:59:16] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000002655517163098E7DA [MD5.59071590099D21DD439896592338BF95] - |AT| - [11/10/2016 21:18:11] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000004506CC2402A6EAC3C [MD5.59071590099D21DD439896592338BF95] - |AT| - [11/10/2016 21:18:11] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000000055D3FE67783CA4B63 [MD5.59071590099D21DD439896592338BF95] - |AT| - [06/11/2016 22:06:55] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000000073A0EAD1A9F435B73 [MD5.59071590099D21DD439896592338BF95] - |AT| - [19/10/2016 21:57:39] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000000087A41201B3C34FEEA [MD5.59071590099D21DD439896592338BF95] - |AT| - [04/11/2016 13:48:11] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000000980D8CA48C4A093EB [MD5.59071590099D21DD439896592338BF95] - |AT| - [22/10/2016 18:39:48] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000000A7BA0895C0BFDF46B [MD5.59071590099D21DD439896592338BF95] - |AT| - [30/10/2016 20:10:51] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000000AFDE691C08F9B556C [MD5.59071590099D21DD439896592338BF95] - |AT| - [17/10/2016 08:41:41] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000000B3CF26B2F252001E0 [MD5.59071590099D21DD439896592338BF95] - |AT| - [05/12/2016 21:35:37] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000000BD1181B4E49AFEDD7 [MD5.59071590099D21DD439896592338BF95] - |AT| - [13/01/2017 11:48:32] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000000DFF99B602668ED0B5 [MD5.59071590099D21DD439896592338BF95] - |AT| - [03/12/2016 22:35:58] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000000121C571DA828034AE6 [MD5.59071590099D21DD439896592338BF95] - |AT| - [03/12/2016 22:36:52] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000001549AC0100353A2E20 [MD5.59071590099D21DD439896592338BF95] - |AT| - [03/12/2016 22:36:52] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000000168D124BCE7555EC86 [MD5.59071590099D21DD439896592338BF95] - |AT| - [03/12/2016 22:37:04] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000000187ED494160873BC35 [MD5.59071590099D21DD439896592338BF95] - |AT| - [28/01/2017 13:34:20] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000018F3B56659F73B4A02 [MD5.59071590099D21DD439896592338BF95] - |AT| - [02/10/2016 08:38:36] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000059F07ADC13390C82FE [MD5.59071590099D21DD439896592338BF95] - |AT| - [30/09/2016 05:53:35] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000000610DE2352B69A63D93 [MD5.59071590099D21DD439896592338BF95] - |AT| - [17/09/2016 14:29:38] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000006B022DD149CC23AA52 [MD5.59071590099D21DD439896592338BF95] - |AT| - [14/09/2016 00:21:38] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000006E542B19B1AAC14767 [MD5.59071590099D21DD439896592338BF95] - |AT| - [30/09/2016 11:11:39] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000007AF2B27A2E5983F754 [MD5.59071590099D21DD439896592338BF95] - |AT| - [23/09/2016 17:43:32] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000007B832144E6E84412DC [MD5.59071590099D21DD439896592338BF95] - |AT| - [06/11/2016 22:20:34] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000000F3EFEB49AEFBC1AE1B [MD5.59071590099D21DD439896592338BF95] - |AT| - [17/10/2016 09:02:10] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000001649675CE97F886937F [MD5.59071590099D21DD439896592338BF95] - |AT| - [05/12/2016 21:55:37] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000018140041A04FF620DB9 [MD5.59071590099D21DD439896592338BF95] - |AT| - [17/10/2016 08:49:29] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000018257B6F8F93091C461 [MD5.59071590099D21DD439896592338BF95] - |AT| - [13/10/2016 00:30:52] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000195E4282FAC953AEF8A [MD5.59071590099D21DD439896592338BF95] - |AT| - [12/11/2016 23:58:56] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000001A8FE101F7195E539A3 [MD5.59071590099D21DD439896592338BF95] - |AT| - [16/10/2016 00:01:44] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000001BC9525C8F53F78337D [MD5.59071590099D21DD439896592338BF95] - |AT| - [28/12/2016 23:10:59] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000001C3F6E1D64DF5E61EFF [MD5.59071590099D21DD439896592338BF95] - |AT| - [16/10/2016 08:59:26] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000001C4AD3E3AD453ABA7A5 [MD5.59071590099D21DD439896592338BF95] - |AT| - [13/10/2016 00:31:41] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000001D2628CDDA68242F828 [MD5.59071590099D21DD439896592338BF95] - |AT| - [26/11/2016 22:38:34] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000001FEE78C4817C5E47B19 [MD5.59071590099D21DD439896592338BF95] - |AT| - [22/10/2016 02:00:10] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000020A53CF267C62FA40C4 [MD5.59071590099D21DD439896592338BF95] - |AT| - [11/11/2016 16:15:40] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000217976DDAE532B8B5B4 [MD5.59071590099D21DD439896592338BF95] - |AT| - [13/12/2016 22:00:07] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000021B89068CC659CFA6FD [MD5.59071590099D21DD439896592338BF95] - |AT| - [14/10/2016 20:38:07] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000002460A177357D701ABE3 [MD5.59071590099D21DD439896592338BF95] - |AT| - [01/11/2016 16:00:26] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000026468A54809B1EFDC6D [MD5.59071590099D21DD439896592338BF95] - |AT| - [24/11/2016 21:49:12] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000296BA256C1D499D0B44 [MD5.59071590099D21DD439896592338BF95] - |AT| - [14/10/2016 18:54:04] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000002A166999A2234D00EA6 [MD5.59071590099D21DD439896592338BF95] - |AT| - [15/11/2016 23:00:50] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000002CC043249290A522AE6 [MD5.59071590099D21DD439896592338BF95] - |AT| - [19/01/2017 09:35:06] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000002F4C7267DD135642A26 [MD5.59071590099D21DD439896592338BF95] - |AT| - [19/10/2016 00:38:45] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000318847CC28708944141 [MD5.59071590099D21DD439896592338BF95] - |AT| - [21/10/2016 21:46:52] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000032C40CE354BDAC1C729 [MD5.59071590099D21DD439896592338BF95] - |AT| - [21/10/2016 21:50:21] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000351F2B41AB77A37649E [MD5.59071590099D21DD439896592338BF95] - |AT| - [21/10/2016 21:50:52] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000353DC2E41AEDD282412 [MD5.59071590099D21DD439896592338BF95] - |AT| - [21/10/2016 21:51:02] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000035446DD0899C25D75DA [MD5.59071590099D21DD439896592338BF95] - |AT| - [30/12/2016 16:52:01] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000376CBE7BA8AFF228CAB [MD5.59071590099D21DD439896592338BF95] - |AT| - [15/12/2016 00:02:28] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000037B6C28B4EBEFF97A55 [MD5.59071590099D21DD439896592338BF95] - |AT| - [12/11/2016 20:07:11] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000003AADB5264C2951EE21C [MD5.59071590099D21DD439896592338BF95] - |AT| - [08/01/2017 00:44:03] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000003BC555EF99A3A9DC811 [MD5.59071590099D21DD439896592338BF95] - |AT| - [15/01/2017 23:55:15] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP000003F6EA636247C88378DB [MD5.59071590099D21DD439896592338BF95] - |AT| - [28/11/2016 23:23:41] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP0000044EE7AE29ED54FCCEBE [MD5.59071590099D21DD439896592338BF95] - |AT| - [20/01/2017 01:58:22] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMPFAFA2C3BA8EF9CA9 [MD5.2A31983BD4883D8F8920CFF4610A8F45] - |A| - [05/02/2017 15:59:17] - (.-.) - [36.85 Ko] - (0.0.0.0) - C:\Windows\Temp\WER1563.tmp.appcompat.txt [MD5.05B0FF4A1108561C811F9178F2278832] - |A| - [04/02/2017 23:30:43] - (.-.) - [8.15 Ko] - (0.0.0.0) - C:\Windows\Temp\WER27DB.tmp.appcompat.txt [MD5.00000000000000000000000000000000] - |D| - [20/01/2017 10:16:56] - [0 Ko] - C:\Windows\Temp\{C010B536-E0C0-4648-AA4E-162FC94634A7} [MD5.C9C256C77A92F0EA22876B7513F20484] - |A| - [08/02/2012 01:35:58] - (.-.) - [132.69 Ko] - (0.0.0.0) - C:\Windows\System32\01.ico [MD5.C4213183637EE08AD42917154D980AA1] - |A| - [08/02/2012 01:35:58] - (.-.) - [116.2 Ko] - (0.0.0.0) - C:\Windows\System32\02.ico [MD5.2C81A62996E97700D5C1537EC86DA4CE] - |A| - [08/02/2012 01:35:58] - (.-.) - [180.21 Ko] - (0.0.0.0) - C:\Windows\System32\03.ico [MD5.2DF9654354B2911CE8DFF2EA5DFDB772] - |A| - [08/02/2012 01:35:57] - (.-.) - [151.16 Ko] - (0.0.0.0) - C:\Windows\System32\04.ico [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 02:35:38] - [0 Ko] - C:\Windows\System32\040C [MD5.8A54310430896827EE9910CA859D8988] - |A| - [08/02/2012 01:35:58] - (.-.) - [161.95 Ko] - (0.0.0.0) - C:\Windows\System32\05.ico [MD5.D35CFF2601EEBDA38F80B585D1552287] - |A| - [08/02/2012 01:35:58] - (.-.) - [210.52 Ko] - (0.0.0.0) - C:\Windows\System32\06.ico [MD5.9916520005D8A8429D0BA2B778B13F6A] - |A| - [08/02/2012 01:35:58] - (.-.) - [192.67 Ko] - (0.0.0.0) - C:\Windows\System32\07.ico [MD5.838BC9E06A63FF5AB7A575EAE8E4C440] - |A| - [02/02/2012 21:02:11] - (.-.) - [7.7 Ko] - (0.0.0.0) - C:\Windows\System32\22.ico [MD5.69DCA0787CA5C81B6CACC3F3B8AEF3D0] - |A| - [02/02/2012 21:02:11] - (.-.) - [3.52 Ko] - (0.0.0.0) - C:\Windows\System32\44.ico [MD5.6EF9D985D08E194F16C945923993B387] - |AH| - [14/07/2009 05:34:15] - (.-.) - [20.59 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [MD5.6EF9D985D08E194F16C945923993B387] - |AH| - [14/07/2009 05:34:15] - (.-.) - [20.59 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [2913 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.8AAD333C876590293F72B315E162BCC7] - |A| - [13/07/2009 22:40:41] - (.-.) - [8.82 Ko] - (0.0.0.0) - C:\Windows\System32\ANSI.SYS [MD5.D753EEE17725526A67ACDDAA5D63EF68] - |A| - [13/07/2009 22:40:49] - (.-.) - [12.21 Ko] - (0.0.0.0) - C:\Windows\System32\append.exe [MD5.00000000000000000000000000000000] - |D| - [27/02/2015 11:11:19] - [0 Ko] - C:\Windows\System32\appmgmt [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [201.5 Ko] - C:\Windows\System32\ar-SA [MD5.30475F091008E24550523515A023270D] - |A| - [14/07/2009 03:04:04] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\autoexec.nt [MD5.2FBD5126C7EECBAD70090A37693EA51D] - |A| - [05/08/2013 07:15:06] - (.-.) - [22.54 Ko] - (0.0.0.0) - C:\Windows\System32\bdmjpeg.dll [MD5.4D2DAF31A931480527531392E86ED0AE] - |A| - [05/08/2013 07:15:10] - (.-.) - [64.55 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpega.acm [MD5.7A6ECDB70C6A9012506F800CAF795DC3] - |A| - [05/08/2013 07:15:08] - (.-.) - [64.55 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpegv.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [173 Ko] - C:\Windows\System32\bg-BG [MD5.84BDB1E378591D930482B896A1648C53] - |A| - [10/06/2009 22:42:54] - (.-.) - [27.75 Ko] - (0.0.0.0) - C:\Windows\System32\bios1.rom [MD5.B44C4C9CA9D4BCC8430F3276576F562B] - |A| - [13/07/2009 22:30:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\bios4.rom [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [1047.41 Ko] - C:\Windows\System32\Boot [MD5.278EE111CB021686C7BDB45C12EAC6E2] - |A| - [14/07/2009 01:59:14] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [17 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll [MD5.D1E5E5826ECB8F87BDB0CF9E28B48465] - |A| - [14/07/2009 00:51:43] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [72 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.9C438D523B7661BB3FC28AD887E778EF] - |A| - [02/02/2012 21:02:11] - (.-.) - [3.52 Ko] - (0.0.0.0) - C:\Windows\System32\bx.ico [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [48363 Ko] - C:\Windows\System32\catroot [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [22090.73 Ko] - C:\Windows\System32\catroot2 [MD5.7F421049F1E80E672F6ECFD28767C21F] - |A| - [02/02/2012 21:02:11] - (.-.) - [1.12 Ko] - (0.0.0.0) - C:\Windows\System32\cmd.ico [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [4599.11 Ko] - C:\Windows\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [302.5 Ko] - C:\Windows\System32\com [MD5.BA597F9A4BB90F038266CE1A3C3BE3FB] - |A| - [13/07/2009 22:40:48] - (.-.) - [49.46 Ko] - (0.0.0.0) - C:\Windows\System32\COMMAND.COM [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [275542.72 Ko] - C:\Windows\System32\config [MD5.01C47C2ECED034EF6F8C1552A97CFF00] - |A| - [14/07/2009 03:04:04] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\Windows\System32\config.nt [MD5.0FE9F16075C9ACB941C957B7C649176E] - |A| - [13/07/2009 22:40:44] - (.-.) - [26.46 Ko] - (0.0.0.0) - C:\Windows\System32\country.sys [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [432 Ko] - C:\Windows\System32\cs-CZ [MD5.376685C3389DA94264708E99326BB90A] - |A| - [28/12/2014 18:53:49] - (.Copyright 2010 - CSVer.) - [52 Ko] - (9.1.2.1008) - C:\Windows\System32\CSVer.dll [MD5.93310D28ABC04DCAF1213E76D559805F] - |A| - [02/02/2012 21:02:22] - (.-.) - [268 Ko] - (0.0.0.0) - C:\Windows\System32\Cyclone.scr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [427.5 Ko] - C:\Windows\System32\da-DK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [457.5 Ko] - C:\Windows\System32\de-DE [MD5.C17AFA0AAD78C621F818DD6729572C48] - |A| - [13/07/2009 22:40:52] - (.-.) - [20.15 Ko] - (0.0.0.0) - C:\Windows\System32\debug.exe [MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 05:42:29] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [4133 Ko] - C:\Windows\System32\Dism [MD5.03783D0840B2C54D7665248425C74417] - |A| - [20/11/2010 22:29:20] - (.-.) - [52.34 Ko] - (0.0.0.0) - C:\Windows\System32\dosx.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [42108.48 Ko] - C:\Windows\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [704565.83 Ko] - C:\Windows\System32\DriverStore [MD5.F6E368E10B600836DD349FF937B183A2] - |A| - [10/06/2009 22:42:32] - (.-.) - [68.25 Ko] - (0.0.0.0) - C:\Windows\System32\edit.com [MD5.8AA8DCC96FA0492E3B5D415537FAB8FE] - |A| - [10/06/2009 22:42:32] - (.-.) - [10.54 Ko] - (0.0.0.0) - C:\Windows\System32\EDIT.HLP [MD5.B7A0AA49CBB604B2C3A42A49C36D8A4F] - |A| - [13/07/2009 22:40:50] - (.-.) - [12.35 Ko] - (0.0.0.0) - C:\Windows\System32\edlin.exe [MD5.52E91EAC2F3175B1A5B0150382B6D771] - |A| - [13/07/2009 21:31:17] - (.-.) - [124.23 Ko] - (0.0.0.0) - C:\Windows\System32\ega.cpi [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [457 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [2857.5 Ko] - C:\Windows\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [448 Ko] - C:\Windows\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [160.5 Ko] - C:\Windows\System32\et-EE [MD5.2DF6E747B64F9401CE2238B31046C993] - |A| - [02/02/2012 21:02:22] - (.-.) - [288 Ko] - (0.0.0.0) - C:\Windows\System32\Euphoria.scr [MD5.683626544E81387771ED55E1A0F2047B] - |A| - [13/07/2009 22:40:51] - (.-.) - [8.23 Ko] - (0.0.0.0) - C:\Windows\System32\exe2bin.exe [MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 22:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\fastopen.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [430 Ko] - C:\Windows\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [02/02/2012 21:02:22] - [1 Ko] - C:\Windows\System32\FichiersClicDroit [MD5.4BC14A9C4B8D9632D8FF2258169B5389] - |A| - [08/02/2012 01:36:19] - (.-.) - [232 Ko] - (0.0.0.0) - C:\Windows\System32\FieldLines.scr [MD5.479A6A80702DE4CAAB17C8AE8E4DD293] - |A| - [02/02/2012 21:02:11] - (.-.) - [1.12 Ko] - (0.0.0.0) - C:\Windows\System32\flip3D.ico [MD5.439A34FDAED484E73027A204C4D0D8AE] - |A| - [02/02/2012 21:02:22] - (.-.) - [244 Ko] - (0.0.0.0) - C:\Windows\System32\Flocks.scr [MD5.5007DA1BEE20DDE7471A867923020D91] - |A| - [08/02/2012 01:36:19] - (.©2003 Matt Ginzton, ©2005-2008 Julien Templier - Flurry ScreenSaver for Windows.) - [558 Ko] - (1.3.1.0) - C:\Windows\System32\Flurry.scr [MD5.45D2CC4371F03A64F6DDFE95B1A68017] - |A| - [08/02/2012 01:36:16] - (.-.) - [240 Ko] - (0.0.0.0) - C:\Windows\System32\Flux.scr [MD5.3C630281F9BFE66A3A9FD59E2904A86F] - |A| - [28/11/2014 21:00:20] - (.-.) - [361.8 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 02:35:38] - [1840 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [38952.32 Ko] - C:\Windows\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 22:19:05] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.C71F1C74DA313B02F6782CF37EBE9756] - |A| - [02/02/2012 21:02:11] - (.-.) - [1.12 Ko] - (0.0.0.0) - C:\Windows\System32\gestion.ico [MD5.6E4E7884E6489AC4F5E6DAB176A73E52] - |A| - [13/07/2009 22:41:01] - (.-.) - [19.23 Ko] - (0.0.0.0) - C:\Windows\System32\GRAPHICS.COM [MD5.BC33AA625D6B807F718627386DF78426] - |A| - [10/06/2009 22:42:32] - (.-.) - [20.73 Ko] - (0.0.0.0) - C:\Windows\System32\graphics.pro [MD5.00000000000000000000000000000000] - |HD| - [14/07/2009 03:37:08] - [0.22 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [191.5 Ko] - C:\Windows\System32\he-IL [MD5.DEC996F2FBD251EB834428F96D954D75] - |A| - [08/02/2012 01:36:16] - (.-.) - [288 Ko] - (0.0.0.0) - C:\Windows\System32\Helios.scr [MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - |A| - [13/07/2009 22:40:40] - (.-.) - [4.66 Ko] - (0.0.0.0) - C:\Windows\System32\HIMEM.SYS [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [168 Ko] - C:\Windows\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [434.5 Ko] - C:\Windows\System32\hu-HU [MD5.B3169652952B3ED9DE37C8CEC992A666] - |A| - [08/02/2012 01:36:17] - (.-.) - [520 Ko] - (0.0.0.0) - C:\Windows\System32\Hyperspace.scr [MD5.BA156BBE378F8E93C1EF7E2AD9AA7554] - |RA| - [02/02/2012 21:02:22] - (.Copyright © Sencesa Group 2005 - Hypnogenic Rain Screensaver.) - [235.5 Ko] - (1.7.0.0) - C:\Windows\System32\HypnogenicRain.scr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [5.36 Ko] - C:\Windows\System32\ias [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [13867.94 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [0 Ko] - C:\Windows\System32\inetsrv [MD5.C24A7C74FE4219F9940FC77AB548FB34] - |A| - [20/11/2010 22:18:30] - (.-.) - [29.09 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [452 Ko] - C:\Windows\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [365 Ko] - C:\Windows\System32\ja-JP [MD5.4D7E256377A5E934EA1820B2CEA79131] - |A| - [13/07/2009 22:40:59] - (.-.) - [14.37 Ko] - (0.0.0.0) - C:\Windows\System32\KB16.COM [MD5.492090267B9608C62B956CD29BE3AFB7] - |A| - [13/07/2009 22:40:43] - (.-.) - [41.81 Ko] - (0.0.0.0) - C:\Windows\System32\KEY01.SYS [MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - |A| - [13/07/2009 22:40:43] - (.-.) - [41.54 Ko] - (0.0.0.0) - C:\Windows\System32\KEYBOARD.SYS [MD5.AD539998C8952F9F6C92877CCB628419] - |A| - [02/02/2012 21:02:11] - (.-.) - [1.12 Ko] - (0.0.0.0) - C:\Windows\System32\KL.ico [MD5.00000000000000000000000000000000] - |D| - [07/01/2015 18:38:38] - [198 Ko] - C:\Windows\System32\ko-KR [MD5.FE56AC76A6618798F56AF6F1D1F4DEC8] - |A| - [08/02/2012 01:36:17] - (.nufsoft.com - Nature Illusion Screensaver Engine.) - [4973.46 Ko] - (2.81.0.1) - C:\Windows\System32\Lake.scr [MD5.7DE3789ED981E730B0033E340BF11C2C] - |A| - [08/02/2012 01:36:17] - (.nufsoft.com - Nature Illusion Screensaver Engine.) - [1684.37 Ko] - (2.81.0.1) - C:\Windows\System32\Lake01.scr [MD5.1977E1A3B8B70D673443793E21DE6516] - |A| - [08/02/2012 01:36:18] - (.-.) - [1864 Ko] - (0.0.0.0) - C:\Windows\System32\Lattice.scr [MD5.536460507B20AE0F03D7BEE8111028CF] - |A| - [13/07/2009 22:40:57] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\LOADFIX.COM [MD5.E89C001FB4D9E08CC7072CE774CDB999] - |A| - [20/11/2010 21:58:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\System32\LocalGroupAdminAdd.log [MD5.9EB325EC6E6DC9418A391C852F96B623] - |A| - [20/11/2010 21:58:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\Local_LLU.log [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [83.14 Ko] - C:\Windows\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [165 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [166 Ko] - C:\Windows\System32\lv-LV [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 21:22:04] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [2029.01 Ko] - C:\Windows\System32\manifeststore [MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 05:42:26] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\System32\mapisvc.inf [MD5.390762963E6B4C861E5E0CA5A3E56E40] - |A| - [13/07/2009 22:40:56] - (.-.) - [38.35 Ko] - (0.0.0.0) - C:\Windows\System32\mem.exe [MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 05:34:06] - [11.04 Ko] - C:\Windows\System32\Microsoft [MD5.D6A606EF9B13872E957C3D112B993BB4] - |A| - [30/12/2015 14:38:35] - (.-.) - [259 Ko] - (5.0.6.18) - C:\Windows\System32\midas.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [3427.43 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [32695.71 Ko] - C:\Windows\System32\migwiz [MD5.A311363F3C887D8C3A524A51B7F20D69] - |A| - [14/07/2009 05:42:29] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk [MD5.52C7505D68C3CE8496EC8DC17D8FF75A] - |A| - [13/07/2009 22:41:05] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\mscdexnt.exe [MD5.586DCEBDA0AAB948766A75F8BA9E21A6] - |A| - [02/02/2012 21:02:11] - (.-.) - [1.12 Ko] - (0.0.0.0) - C:\Windows\System32\msconfig.ico [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [4148.28 Ko] - C:\Windows\System32\Msdtc [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [24.48 Ko] - C:\Windows\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [422.5 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [512 Ko] - C:\Windows\System32\NDF [MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 23:10:48] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [102 Ko] - C:\Windows\System32\NetworkList [MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [20/11/2010 21:58:08] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log [MD5.71431BD4D68DF0097822CDE4425BB941] - |A| - [08/02/2012 01:36:18] - (.nufsoft.com - Nature Illusion Screensaver Engine.) - [10253.48 Ko] - (2.81.0.1) - C:\Windows\System32\nfsHDWaterfall01.scr [MD5.76030B533F2FF482A5D316FA92A51363] - |A| - [08/02/2012 01:36:19] - (.nufsoft.com - Nature Illusion Screensaver Engine.) - [1167.19 Ko] - (2.81.0.1) - C:\Windows\System32\nfsWaterfalls02.scr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [443.5 Ko] - C:\Windows\System32\nl-NL [MD5.5E835121A3899CFA37E285E0CA2B4E7D] - |A| - [13/07/2009 22:40:57] - (.-.) - [6.89 Ko] - (0.0.0.0) - C:\Windows\System32\nlsfunc.exe [MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - |A| - [13/07/2009 22:40:23] - (.-.) - [27.21 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS.SYS [MD5.CF9ED169FF86D935E47999E82359E898] - |A| - [13/07/2009 22:40:31] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS404.SYS [MD5.03B945AC0481CD8BB161C3569D8ED1C3] - |A| - [13/07/2009 22:40:35] - (.-.) - [28.68 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS411.SYS [MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - |A| - [13/07/2009 22:40:39] - (.-.) - [28.59 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS412.SYS [MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - |A| - [13/07/2009 22:40:27] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS804.SYS [MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - |A| - [13/07/2009 22:40:11] - (.-.) - [33.16 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO.SYS [MD5.A98EBD4C2DF983665BF2D1AF49949974] - |A| - [13/07/2009 22:40:15] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO404.SYS [MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - |A| - [13/07/2009 22:40:17] - (.-.) - [34.94 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO411.SYS [MD5.3E64D681B776CC57BDC38A46D881F85B] - |A| - [13/07/2009 22:40:19] - (.-.) - [34.7 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO412.SYS [MD5.D86B6435729231C171432B4E77801BDB] - |A| - [13/07/2009 22:40:13] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO804.SYS [MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 21:30:24] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [16522.09 Ko] - C:\Windows\System32\oobe [MD5.8C494FB1E44D3EA8455AB0B3B92F5179] - |A| - [02/02/2012 21:02:11] - (.-.) - [137.36 Ko] - (0.0.0.0) - C:\Windows\System32\orion.ico [MD5.1EC27196E5AE8C639877B18AAC444514] - |A| - [14/07/2009 03:05:48] - (.-.) - [101.14 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.CE978B3578ECD6AFE2674EA05C6B1902] - |A| - [12/04/2011 02:35:45] - (.-.) - [124.69 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico [MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 03:05:48] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [12/04/2011 02:35:45] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.F0E6E177744D57DD8253F76A9E681A4F] - |A| - [14/07/2009 03:05:48] - (.-.) - [592.96 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.22E5F2D2E47ACD8F3121436831DF9D10] - |A| - [12/04/2011 02:35:45] - (.-.) - [678.71 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.282158D3625575AF3FC30850DE2F7B35] - |A| - [20/11/2010 22:01:02] - (.-.) - [1488.83 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [439 Ko] - C:\Windows\System32\pl-PL [MD5.EB6C16CE0163AD282E95FCE5EE9BA518] - |A| - [20/11/2010 22:29:26] - (.Copyright (C) 2001 - Application PrintBrm.) - [64.5 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 02:35:38] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [436 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [438.5 Ko] - C:\Windows\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [23.75 Ko] - C:\Windows\System32\ras [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [0.78 Ko] - C:\Windows\System32\Recovery [MD5.BBB40CA86B88918864D16CFAC9D4ABA4] - |A| - [13/07/2009 22:41:04] - (.-.) - [2.78 Ko] - (0.0.0.0) - C:\Windows\System32\redir.exe [MD5.77D79EDB71DF069A4C9B4592D12B330C] - |A| - [02/02/2012 21:02:11] - (.-.) - [1.12 Ko] - (0.0.0.0) - C:\Windows\System32\regedit.ico [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [0 Ko] - C:\Windows\System32\restore [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [169 Ko] - C:\Windows\System32\ro-RO [MD5.7FD1956E221C3750E0532A48E8EDD305] - |A| - [28/12/2014 18:08:27] - (.- About Page.) - [78.53 Ko] - (1.2.0.3) - C:\Windows\System32\RtNicProp32.dll [MD5.A90531C38502F85BCC4ECB370ECA2055] - |A| - [02/02/2012 21:02:11] - (.-.) - [3.52 Ko] - (0.0.0.0) - C:\Windows\System32\s.ico [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/11/2010 22:29:06] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.F3D8C7B0EFA313DAA9F7B2030652DA4B] - |A| - [21/06/2010 17:19:46] - (.Copyright (C) TOSHIBA/MEI 2000-2004 -.) - [36 Ko] - (1.1.3.40202) - C:\Windows\System32\SDDEVMGR.dll [MD5.AD7B906FC883959E56E210B2B077CA00] - |A| - [13/07/2009 22:40:54] - (.-.) - [11.48 Ko] - (0.0.0.0) - C:\Windows\System32\setver.exe [MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 22:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\share.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [169.5 Ko] - C:\Windows\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [166 Ko] - C:\Windows\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 02:35:38] - [42.67 Ko] - C:\Windows\System32\slmgr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [9025.02 Ko] - C:\Windows\System32\SMI [MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 22:46:53] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [24238.48 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [2133.41 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [30.19 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [170 Ko] - C:\Windows\System32\sr-Latn-CS [MD5.2F2D7D27971C768125A01A6FED43265B] - |A| - [30/12/2015 14:38:33] - (.-.) - [20 Ko] - (4.0.0.0) - C:\Windows\System32\STDVCL40.DE [MD5.5DF34FC533F4646A25F3A98A5B8F53A6] - |A| - [30/12/2015 14:38:34] - (.Copyright © Borland International 1997-98 - Standard VCL ActiveX Library.) - [442.5 Ko] - (4.0.0.0) - C:\Windows\System32\stdvcl40.dll [MD5.D5AC1DDFB3464FA723C7E62C077BB18A] - |A| - [30/12/2015 14:38:33] - (.-.) - [3.25 Ko] - (0.0.0.0) - C:\Windows\System32\stdvcl40.tlb [MD5.258DE85CBF39139C7BCBBF9D1089DD18] - |A| - [02/02/2012 21:02:11] - (.-.) - [1.12 Ko] - (0.0.0.0) - C:\Windows\System32\suplog.ico [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [426.5 Ko] - C:\Windows\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [566.71 Ko] - C:\Windows\System32\sysprep [MD5.B8CBB46B42570D373C9933FBDF25EBCE] - |A| - [20/11/2010 22:29:24] - (.-.) - [143.41 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [295.88 Ko] - C:\Windows\System32\Tasks [MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 22:39:59] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [157 Ko] - C:\Windows\System32\th-TH [MD5.86077593405FDB7D8874F12958844BE3] - |A| - [02/02/2012 21:02:11] - (.-.) - [1.12 Ko] - (0.0.0.0) - C:\Windows\System32\TK.ico [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [424 Ko] - C:\Windows\System32\tr-TR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [166.5 Ko] - C:\Windows\System32\uk-UA [MD5.52BAA773D4A2CC3A7767598C21F532C8] - |A| - [14/07/2009 05:34:00] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl [MD5.FDC9FB711442ADC6EDD34BE7F27F16CD] - |A| - [14/07/2009 05:34:00] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl [MD5.86491AD7BC0964089CD4E703E65D45DB] - |A| - [13/07/2009 22:30:26] - (.-.) - [18.39 Ko] - (0.0.0.0) - C:\Windows\System32\v7vga.rom [MD5.CC7C694B2BD1510C5AAE7374A5B52B92] - |A| - [03/02/1999 07:45:42] - (.-.) - [26.46 Ko] - (2.0.0.5215) - C:\Windows\System32\VBAFR32.OLB [MD5.EAC01AF09ECBBC89EBE8BE15924F14DD] - |A| - [30/12/2015 14:38:35] - (.-.) - [36 Ko] - (5.0.6.18) - C:\Windows\System32\VCL50.DE [MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 03:04:56] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\System32\vfpodbc.dll [MD5.C8C7AE478BFF1C66CA29884FB9D20C6E] - |A| - [30/12/2015 14:38:32] - (.© 1999-2000 VSX Vogel Software GmbH. - VSX Multithread Runtime.) - [154 Ko] - (1.3.0.87) - C:\Windows\System32\vsRt32v3.dll [MD5.E26BBE3BBF7465B6FD3C39CB63E22B50] - |A| - [30/12/2015 14:38:35] - (.-.) - [0.06 Ko] - (0.0.0.0) - C:\Windows\System32\VsSetup.log [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [49461.43 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 02:35:38] - [47.61 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [30159.52 Ko] - C:\Windows\System32\wdi [MD5.BDDF10F9D8E179323BC1B49603809EB0] - |A| - [13/07/2009 22:38:33] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [16 Ko] - C:\Windows\System32\wfp [MD5.C980C971AD4FF3CA5CEFDEF40932D3A1] - |A| - [13/07/2009 21:29:46] - (.-.) - [13 Ko] - (0.0.0.0) - C:\Windows\System32\win87em.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [71 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [9162.93 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [111192 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 02:35:38] - [106.26 Ko] - C:\Windows\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 02:35:38] - [10.16 Ko] - C:\Windows\System32\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [07/01/2015 18:38:37] - [195 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/01/2015 18:38:38] - [195.5 Ko] - C:\Windows\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [07/01/2015 18:38:37] - [195.5 Ko] - C:\Windows\System32\zh-TW ---------- | [habiba] [28/11/2014 21:13:09] - |D| - [1222786079] - C:\Users\habiba\AppData\Local [28/11/2014 21:13:09] - |D| - [3049644] - C:\Users\habiba\AppData\LocalLow [28/11/2014 21:13:09] - |D| - [64731823] - C:\Users\habiba\AppData\Roaming [28/12/2014 21:00:25] - |D| - [20067304] - C:\Users\habiba\AppData\Local\Adobe [28/11/2014 21:13:09] - |SHD| - [12366102547] - C:\Users\habiba\AppData\Local\Application Data [28/12/2014 18:13:18] - |D| - [3745893] - C:\Users\habiba\AppData\Local\Apps [02/02/2017 19:00:25] - |AH| - [0] - C:\Users\habiba\AppData\Local\BIT4184.tmp [05/05/2016 21:51:19] - |D| - [1920] - C:\Users\habiba\AppData\Local\Chromium [20/01/2017 12:13:49] - |D| - [2872734] - C:\Users\habiba\AppData\Local\data [28/12/2014 18:13:18] - |D| - [0] - C:\Users\habiba\AppData\Local\Deployment [14/10/2016 18:40:07] - |D| - [2555585] - C:\Users\habiba\AppData\Local\Diagnostics [06/02/2017 15:13:43] - |D| - [6336000] - C:\Users\habiba\AppData\Local\Downloaded Installations [28/12/2014 17:50:47] - |D| - [0] - C:\Users\habiba\AppData\Local\ElevatedDiagnostics [21/01/2015 23:54:23] - |SHD| - [0] - C:\Users\habiba\AppData\Local\EmieBrowserModeList [21/01/2015 23:54:22] - |SHD| - [0] - C:\Users\habiba\AppData\Local\EmieSiteList [21/01/2015 23:54:23] - |SHD| - [0] - C:\Users\habiba\AppData\Local\EmieUserList [20/01/2017 11:21:16] - |D| - [236] - C:\Users\habiba\AppData\Local\FinalMediaPlayer [28/11/2014 21:13:58] - |A| - [99760] - C:\Users\habiba\AppData\Local\GDIPFONTCACHEV1.DAT [28/12/2014 18:13:59] - |D| - [772437243] - C:\Users\habiba\AppData\Local\Google [28/11/2014 21:13:09] - |SHD| - [580] - C:\Users\habiba\AppData\Local\Historique [19/01/2017 22:26:49] - |AH| - [2486838] - C:\Users\habiba\AppData\Local\IconCache.db [28/11/2014 21:13:09] - |D| - [191456676] - C:\Users\habiba\AppData\Local\Microsoft [04/01/2015 09:24:18] - |D| - [277548] - C:\Users\habiba\AppData\Local\Microsoft Help [04/01/2015 06:26:34] - |D| - [1373504] - C:\Users\habiba\AppData\Local\MicrosoftStore [17/03/2016 16:31:43] - |D| - [35757735] - C:\Users\habiba\AppData\Local\Mozilla [15/07/2016 14:58:05] - |D| - [0] - C:\Users\habiba\AppData\Local\Programs [19/01/2017 19:29:40] - |D| - [3358112] - C:\Users\habiba\AppData\Local\Real [12/01/2015 20:10:41] - |D| - [4887745] - C:\Users\habiba\AppData\Local\Skype [03/01/2015 21:55:45] - |D| - [426590] - C:\Users\habiba\AppData\Local\SoftonicAssistant [28/11/2014 21:13:09] - |D| - [172994541] - C:\Users\habiba\AppData\Local\Temp [28/11/2014 21:13:09] - |SHD| - [56710441] - C:\Users\habiba\AppData\Local\Temporary Internet Files [13/11/2016 22:11:42] - |D| - [626016] - C:\Users\habiba\AppData\Local\Viber [11/04/2015 21:52:22] - |D| - [41135] - C:\Users\habiba\AppData\Local\VirtualStore [20/01/2017 12:14:00] - |D| - [982964] - C:\Users\habiba\AppData\Local\{D813EE4F-FCBB-82F7-9123-A71FB54B5B87} [02/02/2017 19:00:07] - |A| - [0] - C:\Users\habiba\AppData\Local\{DFE4BB93-FBEC-47DB-BF49-22D04621C984} [28/12/2014 21:56:27] - |D| - [706855] - C:\Users\habiba\AppData\LocalLow\Adobe [10/07/2015 12:59:47] - |SHD| - [0] - C:\Users\habiba\AppData\LocalLow\EmieBrowserModeList [10/07/2015 12:59:47] - |SHD| - [0] - C:\Users\habiba\AppData\LocalLow\EmieSiteList [10/07/2015 12:59:47] - |SHD| - [0] - C:\Users\habiba\AppData\LocalLow\EmieUserList [09/05/2016 12:58:15] - |D| - [1966931] - C:\Users\habiba\AppData\LocalLow\Google [20/12/2014 23:38:49] - |D| - [375858] - C:\Users\habiba\AppData\LocalLow\Microsoft [29/12/2014 15:50:38] - |D| - [0] - C:\Users\habiba\AppData\LocalLow\Temp [28/12/2014 21:56:27] - |D| - [980546] - C:\Users\habiba\AppData\Roaming\Adobe [29/05/2015 00:05:46] - |A| - [24] - C:\Users\habiba\AppData\Roaming\appdataFr25.bin [30/01/2017 08:45:22] - |D| - [0] - C:\Users\habiba\AppData\Roaming\Avira [17/07/2016 20:59:43] - |D| - [314] - C:\Users\habiba\AppData\Roaming\BANDISOFT [26/02/2015 18:50:59] - |D| - [5815229] - C:\Users\habiba\AppData\Roaming\com.prezi.PreziDesktop [20/07/2016 18:27:21] - |D| - [0] - C:\Users\habiba\AppData\Roaming\DiskDefrag [20/07/2016 18:27:20] - |D| - [18894] - C:\Users\habiba\AppData\Roaming\GlarySoft [28/11/2014 21:13:39] - |D| - [0] - C:\Users\habiba\AppData\Roaming\Identities [26/02/2015 18:50:55] - |D| - [636] - C:\Users\habiba\AppData\Roaming\Macromedia [28/11/2014 21:13:09] - |D| - [0] - C:\Users\habiba\AppData\Roaming\Media Center Programs [28/11/2014 21:13:09] - |SD| - [10107844] - C:\Users\habiba\AppData\Roaming\Microsoft [17/03/2016 16:31:43] - |D| - [27445548] - C:\Users\habiba\AppData\Roaming\Mozilla [19/01/2017 19:02:13] - |D| - [2542155] - C:\Users\habiba\AppData\Roaming\Real [12/01/2015 20:10:31] - |D| - [17728565] - C:\Users\habiba\AppData\Roaming\Skype [19/01/2017 21:01:52] - |D| - [87624] - C:\Users\habiba\AppData\Roaming\vlc [30/12/2015 14:38:40] - |D| - [4245] - C:\Users\habiba\AppData\Roaming\VSX [05/05/2016 22:44:10] - |A| - [187] - C:\Users\habiba\AppData\Roaming\WB.CFG [06/12/2015 14:18:11] - |D| - [12] - C:\Users\habiba\AppData\Roaming\WinRAR [28/11/2014 21:13:47] - |ASH| - [174] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [28/11/2014 21:13:09] - |SHD| - [25102] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [28/11/2014 21:13:09] - |RD| - [25102] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [28/11/2014 21:13:09] - |RD| - [14639] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [28/11/2014 21:13:47] - |RD| - [174] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [28/11/2014 21:13:47] - |ASH| - [338] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [28/11/2014 21:13:50] - |A| - [1429] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [28/11/2014 21:13:09] - |RD| - [580] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [04/01/2015 06:33:48] - |D| - [1857] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup [28/11/2014 21:13:47] - |RD| - [174] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [16/08/2016 22:07:22] - |HD| - [1810] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled [06/12/2015 14:17:23] - |D| - [4101] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [28/11/2014 21:13:47] - |ASH| - [174] - C:\Users\habiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] ---------- | C:\ProgramData [03/01/2015 22:07:57] - |SHD| - [22295] - C:\ProgramData\360Quarant [19/05/2015 17:30:53] - |D| - [5721] - C:\ProgramData\7904867072743644115 [28/12/2014 21:49:43] - |D| - [329800562] - C:\ProgramData\Adobe [14/07/2009 05:53:55] - |SHD| - [20944546865] - C:\ProgramData\Application Data [29/01/2017 21:01:40] - |D| - [272158219] - C:\ProgramData\Avira [28/11/2014 21:12:59] - |SHD| - [4332] - C:\ProgramData\Bureau [14/07/2009 05:53:55] - |SHD| - [4332] - C:\ProgramData\Desktop [14/07/2009 05:53:55] - |SHD| - [278] - C:\ProgramData\Documents [28/11/2014 21:12:59] - |SHD| - [0] - C:\ProgramData\Favoris [14/07/2009 05:53:55] - |SHD| - [0] - C:\ProgramData\Favorites [20/07/2016 18:40:55] - |D| - [0] - C:\ProgramData\Glarysoft [28/01/2017 09:11:13] - |D| - [1318428506] - C:\ProgramData\Kaspersky Lab Setup Files [28/12/2014 21:51:29] - |D| - [56284] - C:\ProgramData\McAfee [28/11/2014 21:12:59] - |SHD| - [150161] - C:\ProgramData\Menu Démarrer [14/07/2009 03:37:05] - |SD| - [390119816] - C:\ProgramData\Microsoft [04/01/2015 09:24:07] - |D| - [154506] - C:\ProgramData\Microsoft Help [28/11/2014 21:12:59] - |SHD| - [0] - C:\ProgramData\Modèles [05/05/2016 21:43:00] - |RASH| - [376] - C:\ProgramData\ntuser.pol [30/01/2017 08:45:45] - |D| - [5185699] - C:\ProgramData\Package Cache [19/01/2017 17:54:57] - |D| - [92102] - C:\ProgramData\Real [12/01/2015 20:09:42] - |D| - [51071176] - C:\ProgramData\Skype [03/01/2015 22:07:43] - |D| - [0] - C:\ProgramData\smdmf [14/07/2009 05:53:55] - |SHD| - [150161] - C:\ProgramData\Start Menu [14/07/2009 05:53:55] - |SHD| - [0] - C:\ProgramData\Templates [19/05/2015 17:26:15] - |D| - [1316] - C:\ProgramData\{6688caf8-0a59-9255-6688-8caf80a52be0} [20/01/2017 12:19:38] - |D| - [895616] - C:\ProgramData\{EF8F2AEC-65CD-A02A-E30B-3E687949B5A6} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 05:46:35] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 05:37:43] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [28/11/2014 21:12:59] - |SHD| - [147171] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [14/07/2009 03:37:05] - |RD| - [147171] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:37:43] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [19/03/2015 16:24:45] - |D| - [1873] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [14/07/2009 03:37:05] - |RD| - [40015] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [14/07/2009 05:52:30] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [28/12/2014 21:51:01] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [30/01/2017 08:42:59] - |D| - [4328] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [17/07/2016 20:48:58] - |D| - [2003] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam [15/07/2016 14:58:29] - |D| - [46] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 [14/07/2009 05:41:57] - |ASH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [09/11/2015 17:38:05] - |D| - [5503] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPANET 2.0 Fr [20/01/2017 11:21:03] - |D| - [2118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalMediaPlayer [05/05/2016 21:41:11] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer [14/07/2009 05:52:30] - |RD| - [778] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [28/12/2014 18:20:11] - |A| - [2139] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [23/05/2015 19:16:17] - |D| - [4865] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HSPA USB Modem [14/07/2009 03:37:05] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [02/02/2012 20:46:21] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [04/01/2015 09:50:00] - |D| - [32320] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [06/02/2017 15:17:24] - |D| - [2060] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter [14/07/2009 05:42:29] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [14/07/2009 03:37:05] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2011 02:44:56] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [25/01/2017 22:09:50] - |D| - [6498] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [14/07/2009 05:42:30] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [02/02/2012 20:46:17] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [14/07/2009 05:42:24] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [14/07/2009 05:46:36] - |A| - [1515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [06/12/2015 14:17:24] - |D| - [4029] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [14/07/2009 05:42:30] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 05:41:57] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files [03/01/2015 22:04:15] - |D| - [0] - C:\Program Files\360 [19/03/2015 16:24:21] - |D| - [3511045] - C:\Program Files\7-Zip [28/12/2014 21:50:25] - |D| - [185960744] - C:\Program Files\Adobe [29/01/2017 21:02:04] - |D| - [784217657] - C:\Program Files\Avira [17/07/2016 20:48:10] - |D| - [36312792] - C:\Program Files\Bandicam [17/07/2016 20:48:06] - |D| - [9120189] - C:\Program Files\BandiMPEG1 [30/12/2015 14:36:34] - |D| - [6278] - C:\Program Files\Caprari [14/07/2009 03:37:05] - |D| - [319416075] - C:\Program Files\Common Files [14/07/2009 05:41:57] - |ASH| - [174] - C:\Program Files\desktop.ini [14/07/2009 05:52:30] - |D| - [83226644] - C:\Program Files\DVD Maker [28/11/2014 21:12:59] - |SHD| - [319416075] - C:\Program Files\Fichiers communs [20/01/2017 11:20:22] - |D| - [143860] - C:\Program Files\FinalMediaPlayer [20/07/2016 18:39:58] - |D| - [0] - C:\Program Files\Glarysoft [28/12/2014 18:13:59] - |D| - [374265351] - C:\Program Files\Google [02/09/2015 22:54:39] - |D| - [7294320] - C:\Program Files\GUM8527.tmp [02/09/2015 22:54:39] - |A| - [6420480] - C:\Program Files\GUT8537.tmp [23/05/2015 19:16:09] - |D| - [12736839] - C:\Program Files\HSPA USB Modem [28/12/2014 18:08:24] - |HD| - [8634499] - C:\Program Files\InstallShield Installation Information [28/12/2014 18:53:49] - |D| - [96667] - C:\Program Files\Intel [14/07/2009 03:37:05] - |D| - [26840232] - C:\Program Files\Internet Explorer [31/12/2014 08:16:26] - |D| - [566524917] - C:\Program Files\Microsoft Office [04/01/2015 09:45:19] - |D| - [14904] - C:\Program Files\Microsoft Visual Studio [04/01/2015 09:41:03] - |D| - [1387249] - C:\Program Files\Microsoft Visual Studio 8 [04/01/2015 09:45:44] - |D| - [3726168] - C:\Program Files\Microsoft Works [04/01/2015 09:44:36] - |D| - [8152064] - C:\Program Files\Microsoft.NET [14/07/2009 05:52:30] - |D| - [26521] - C:\Program Files\MSBuild [31/12/2014 08:13:52] - |D| - [66546585] - C:\Program Files\MSECache [04/01/2015 06:32:15] - |D| - [16312839] - C:\Program Files\MyPC Backup [04/01/2015 06:25:10] - |D| - [872] - C:\Program Files\Opera [19/05/2015 17:55:52] - |D| - [0] - C:\Program Files\PatternGenerators [19/01/2017 19:11:12] - |D| - [0] - C:\Program Files\Real [28/12/2014 18:08:24] - |D| - [1877787] - C:\Program Files\Realtek [14/07/2009 05:52:30] - |D| - [39175425] - C:\Program Files\Reference Assemblies [06/02/2017 15:17:23] - |D| - [3806744] - C:\Program Files\SDA [19/01/2017 21:38:49] - |D| - [0] - C:\Program Files\SPlayer [14/07/2009 05:53:23] - |HD| - [0] - C:\Program Files\Uninstall Information [13/11/2016 11:25:16] - |D| - [126263314] - C:\Program Files\VideoLAN [14/07/2009 05:52:30] - |D| - [3050496] - C:\Program Files\Windows Defender [12/04/2011 02:45:14] - |D| - [7021176] - C:\Program Files\Windows Journal [14/07/2009 03:37:05] - |D| - [6181376] - C:\Program Files\Windows Mail [14/07/2009 05:52:30] - |D| - [7041794] - C:\Program Files\Windows Media Player [14/07/2009 03:37:05] - |D| - [5022972] - C:\Program Files\Windows NT [14/07/2009 05:52:30] - |D| - [4417800] - C:\Program Files\Windows Photo Viewer [14/07/2009 05:52:30] - |D| - [189952] - C:\Program Files\Windows Portable Devices [14/07/2009 05:52:30] - |D| - [17603943] - C:\Program Files\Windows Sidebar [06/12/2015 14:16:32] - |D| - [4548631] - C:\Program Files\WinRAR ---------- | C:\Program Files\Common Files [28/12/2014 21:50:25] - |D| - [8766371] - C:\Program Files\Common Files\Adobe [16/03/2015 12:08:48] - |D| - [99992] - C:\Program Files\Common Files\DESIGNER [14/07/2009 03:37:05] - |D| - [266236787] - C:\Program Files\Common Files\microsoft shared [14/07/2009 03:37:05] - |D| - [2702] - C:\Program Files\Common Files\Services [14/07/2009 03:37:05] - |D| - [44310223] - C:\Program Files\Common Files\System ---------- | Tasks [MD5.00000000000000000000000000000000] - [04/01/2015 19:56:53] - |D| - [0] - C:\Windows\Tasks\360Disabled [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 05:53:47] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.6C6DD17963E3C5A9C6CC8FBA7123B66E] - [14/07/2009 05:53:46] - |A| - [32482] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.D43914509EC405D38A70AC42B64EB3D0] - [20/01/2017 12:19:39] - |A| - [988] - C:\Windows\Tasks\Secured Yahoo Powered ratoc.job [MD5.5816DF6A992A053509D0E6A66DD370E3] - [20/01/2017 12:19:20] - |A| - [266] - C:\Windows\Tasks\{74B98AF2-CDC1-BFD3-1698-7DC3C0C86D0C}.job [MD5.3E526C676A9D59FB2674535165DE56ED] - [04/01/2015 06:18:25] - |A| - [3876] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.57A8A89D71E50FB7C5558D2CA065E159] - [28/12/2014 18:14:01] - |A| - [3360] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.3F896027A5066DB1F90900BC3994BA66] - [28/12/2014 18:14:02] - |A| - [3488] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.975717AA41AFA665A31E42E41507A25E] - [04/01/2015 06:35:22] - |A| - [4006] - C:\Windows\System32\Tasks\LaunchSignup : C:\Program Files\MyPC Backup\Signup Wizard.exe [MD5.00000000000000000000000000000000] - [14/07/2009 03:37:09] - |D| - [260714] - C:\Windows\System32\Tasks\Microsoft [MD5.8EEA2454446EE413C5096A6102B53FFF] - [19/01/2017 19:29:50] - |A| - [3400] - C:\Windows\System32\Tasks\RealDownloader Update Check : C:\Program Files\Real\RealDownloader\downloader2.exe [MD5.BB489A35E7B0F9A2CF3D37AFEB8F42CE] - [20/01/2017 12:19:39] - |A| - [4020] - C:\Windows\System32\Tasks\Secured Yahoo Powered ratoc : C:\Windows\system32\wscript.exe [MD5.00000000000000000000000000000000] - [14/07/2009 05:54:35] - |D| - [4478] - C:\Windows\System32\Tasks\WPD [MD5.F4E6BF74A3541DCD08F1EEC45C8D2B66] - [01/01/2015 21:13:38] - |A| - [3146] - C:\Windows\System32\Tasks\{412CA31E-2916-4D59-ABA1-28A8673D5BC8} : "c:\program files\google\chrome\application\chrome.exe" [MD5.96C4E705E923E23FA417BCC15A038989] - [19/02/2015 19:59:41] - |A| - [3092] - C:\Windows\System32\Tasks\{5695C0AA-5582-4CAB-B414-BEBB2438FC95} : "c:\program files\google\chrome\application\chrome.exe" [MD5.4CA06C45B5409F49C018E8B395E252EE] - [20/01/2017 12:19:21] - |A| - [3210] - C:\Windows\System32\Tasks\{74B98AF2-CDC1-BFD3-1698-7DC3C0C86D0C} : C:\Users\habiba\AppData\Local\74B98A~1\Sync.exe [MD5.E54C2EC94C055BDA4BEA8251D3EB3ADC] - [28/12/2014 18:11:24] - |A| - [3040] - C:\Windows\System32\Tasks\{A339CCB1-A5E6-47D7-882F-339586B6E3A3} : C:\Windows\system32\pcalua.exe [MD5.F4E6BF74A3541DCD08F1EEC45C8D2B66] - [12/01/2015 20:01:36] - |A| - [3146] - C:\Windows\System32\Tasks\{FE9E4681-B1F9-4D8A-83A4-389955927C35} : "c:\program files\google\chrome\application\chrome.exe" ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{B24677CC-A8C2-43A3-B97F-3D28685E3467}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\360\Total Security\safemon\QHSafeTray.exe|Name=360????????| "{2848AD01-E609-4F59-947B-12206FA90CDF}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\360\Total Security\safemon\QHSafeTray.exe|Name=360????????| "{2A5ACFC1-5B22-42AE-9CC5-E725C39770A8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\360\Total Security\LiveUpdate360.exe|Name=LiveUpdate360| "{BC7DEB46-BBED-4882-B148-CF226EFCAB47}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\360\Total Security\LiveUpdate360.exe|Name=LiveUpdate360| "{39076127-B8E9-43A1-838D-7E8A1D29CDB6}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [30/01/2017 08:40:40] - (15.0.10.312) - (Avira Operations GmbH & Co. KG - Avira Manager Driver) - C:\Windows\system32\DRIVERS\avkmgr.sys [30/01/2017 08:40:40] - (15.0.24.84) - (Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement) - C:\Windows\system32\DRIVERS\avipbb.sys [30/01/2017 08:40:40] - (15.0.24.81) - (Avira Operations GmbH & Co. KG - Avira Minifilter Driver) - C:\Windows\system32\DRIVERS\avgntflt.sys [30/01/2017 08:40:40] - (15.0.17.264) - (Avira Operations GmbH & Co. KG - Avira WFP Network Driver) - C:\Windows\system32\DRIVERS\avnetflt.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - atapi (Canal IDE) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Compbatt (Pilote de batterie composite Microsoft) -> system32\drivers\compbatt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Wd (Pilote du Minuteur de surveillance Microsoft) -> system32\drivers\wd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - avipbb (avipbb) -> system32\DRIVERS\avipbb.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - avkmgr (avkmgr) -> system32\DRIVERS\avkmgr.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: False R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> system32\DRIVERS\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - TermDD (Pilote de périphérique terminal) -> system32\DRIVERS\termdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - avgntflt (avgntflt) -> system32\DRIVERS\avgntflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - avnetflt (avnetflt) -> system32\DRIVERS\avnetflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - Parvdm () -> \SystemRoot\system32\drivers\parvdm.sys - AcceptPause: False - AcceptStop: False R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft Files whitelisted) [MD5.21E785EBD7DC90A06391141AAC7892FB] - [10/06/2009 22:19:05] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [413.06 Ko] - (1.6.6.4) - C:\Windows\System32\Drivers\adp94xx.sys [MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - [13/07/2009 23:09:16] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [290.58 Ko] - (1.6.6.1) - C:\Windows\System32\Drivers\adpahci.sys [MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - [13/07/2009 23:09:16] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) - [143.08 Ko] - (7.2.0.0) - C:\Windows\System32\Drivers\adpu320.sys [MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - [14/07/2009 00:11:17] - (.Copyright (C) Acer Laboratories Inc. 2000 - ALi mini IDE Driver.) - [14.06 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\aliide.sys [MD5.CD5914170297126B6266860198D1D4F0] - [14/07/2009 00:11:19] - (.Copyright (C) AMD 2003 - Pilote IDE AMD.) - [14.56 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\amdide.sys [MD5.D320BF87125326F996D4904FE24300FC] - [05/02/2012 05:04:54] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [78.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdsata.sys [MD5.EA43AF0C423FF267355F74E7A53BDABA] - [10/06/2009 22:20:03] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows family.) - [155.58 Ko] - (3.6.1540.127) - C:\Windows\System32\Drivers\amdsbs.sys [MD5.46387FB17B086D16DEA267D5BE23A2F2] - [05/02/2012 05:04:54] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [21.88 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdxata.sys [MD5.2932004F49677BD84DBC72EDB754FFB3] - [13/07/2009 23:09:17] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [74.58 Ko] - (5.2.0.10384) - C:\Windows\System32\Drivers\arc.sys [MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - [13/07/2009 23:09:17] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [84.58 Ko] - (5.2.0.16119) - C:\Windows\System32\Drivers\arcsas.sys [MD5.AC848E99627AE02493D57A3117756610] - [30/01/2017 08:40:40] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira Minifilter Driver.) - [116.41 Ko] - (15.0.24.81) - C:\Windows\System32\Drivers\avgntflt.sys [MD5.ED91715AAE2BBBF539519CC75AC1872A] - [30/01/2017 08:40:40] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira Driver for Security Enhancement.) - [137.54 Ko] - (15.0.24.84) - C:\Windows\System32\Drivers\avipbb.sys [MD5.F80F5DCA8A5D9D93CC5BE933D20CAF05] - [30/01/2017 08:40:40] - (.Copyright © 2015 Avira Operations GmbH & Co. KG and its Licensors - Avira Manager Driver.) - [37.01 Ko] - (15.0.10.312) - C:\Windows\System32\Drivers\avkmgr.sys [MD5.9A7AE0B9D18749A79B3E523A97CA104A] - [30/01/2017 08:40:40] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira WFP Network Driver.) - [58.68 Ko] - (15.0.17.264) - C:\Windows\System32\Drivers\avnetflt.sys [MD5.0CA918E542B7F627A0F114EF8703C8EC] - [07/02/2017 17:22:44] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira USB Filter Driver.) - [29.95 Ko] - (15.0.24.123) - C:\Windows\System32\Drivers\avusbflt.sys [MD5.BD8869EB9CDE6BBE4508D869929869EE] - [13/07/2009 23:02:49] - (.Copyright 2000-2007, Broadcom Corporation. - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) - [224.5 Ko] - (10.100.4.0) - C:\Windows\System32\Drivers\b57nd60x.sys [MD5.9E209171C51B1D750F53777253B80E81] - [01/07/2011 15:07:44] - (.1998-2010, Broadcom Corp. All Rights Rsvd - Broadcom 802.11 Network Adapter wireless driver.) - [4166.56 Ko] - (5.100.82.95) - C:\Windows\System32\Drivers\BCMWL6.SYS [MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - [14/07/2009 01:59:16] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [13.25 Ko] - (1.10.0.2) - C:\Windows\System32\Drivers\BrFiltLo.sys [MD5.56801AD62213A41F6497F96DEE83755A] - [14/07/2009 01:58:59] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [5.13 Ko] - (1.4.0.1) - C:\Windows\System32\Drivers\BrFiltUp.sys [MD5.845B8CE732E67F3B4133164868C666EA] - [14/07/2009 01:57:25] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Pilote Brother Série I/F (WDM).) - [265.75 Ko] - (1.0.1.6) - C:\Windows\System32\Drivers\BrSerId.sys [MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - [14/07/2009 01:59:02] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [60.88 Ko] - (1.0.0.20) - C:\Windows\System32\Drivers\BrSerWdm.sys [MD5.BD456606156BA17E60A04E18016AE54B] - [14/07/2009 01:58:27] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [11.88 Ko] - (1.0.0.12) - C:\Windows\System32\Drivers\BrUsbMdm.sys [MD5.AF72ED54503F717A43268B3CC5FAEC2E] - [14/07/2009 01:58:35] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [11.63 Ko] - (1.0.1.3) - C:\Windows\System32\Drivers\BrUsbSer.sys [MD5.1A231ABEC60FD316EC54C66715543CEC] - [10/06/2009 22:17:52] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [420 Ko] - (4.8.2.0) - C:\Windows\System32\Drivers\bxvbdx.sys [MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - [14/07/2009 00:11:18] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [15.58 Ko] - (2.0.7.0) - C:\Windows\System32\Drivers\cmdide.sys [MD5.BDDE322DD3E6ABBC589C5DC8A948A661] - [29/08/2008 16:54:40] - (.Copyright © 2001-2008 - USB Modem/Serial Device Driver.) - [101.13 Ko] - (2.0.5.1) - C:\Windows\System32\Drivers\cmusbser.sys [MD5.8B30250D573A8F6B4BD23195160D8707] - [10/06/2009 22:20:26] - (.Copyright © Adaptec, Inc. 2000 - Adaptec Ultra SCSI miniport.) - [69.06 Ko] - (6.0.0.0) - C:\Windows\System32\Drivers\djsvs.sys [MD5.22EF8965101685ADD128F03A2B03CE16] - [13/07/2009 23:02:50] - (.1998-2007, Intel Corporation. Tous droits réservés. - Pilote désérialisé NDIS 6 de la carte Intel(R) PRO/1000.) - [116 Ko] - (8.4.1.0) - C:\Windows\System32\Drivers\E1G60I32.sys [MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - [10/06/2009 22:19:19] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [443.08 Ko] - (5.2.10.211) - C:\Windows\System32\Drivers\elxstor.sys [MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - [10/06/2009 22:17:55] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3027.5 Ko] - (4.8.13.0) - C:\Windows\System32\Drivers\evbdx.sys [MD5.C44E3C2BAB6837DB337DDEE7544736DB] - [13/07/2009 23:54:14] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [26 Ko] - (1.31.27127.0) - C:\Windows\System32\Drivers\hcw85cir.sys [MD5.295FDC419039090EB8B49FFDBB374549] - [13/07/2009 23:09:17] - (.Copyright (c) 2004-2008 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [65.58 Ko] - (6.12.4.32) - C:\Windows\System32\Drivers\HpSAMD.sys [MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - [05/02/2012 05:04:54] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - ia32.) - [324.38 Ko] - (8.6.2.1014) - C:\Windows\System32\Drivers\iaStorV.sys [MD5.4173FF5708F3236CF25195FECD742915] - [13/07/2009 23:09:17] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [40.08 Ko] - (5.4.22.0) - C:\Windows\System32\Drivers\iirsp.sys [MD5.EB119A53CCF2ACC000AC71B065B78FEF] - [13/07/2009 23:09:19] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [93.58 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_fc.sys [MD5.8ADE1C877256A22E49B75D1CC9161F9C] - [13/07/2009 23:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [87.08 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_sas.sys [MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - [13/07/2009 23:09:18] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [53.58 Ko] - (2.0.2.71) - C:\Windows\System32\Drivers\lsi_sas2.sys [MD5.0A036C7D7CAB643A7F07135AC47E0524] - [13/07/2009 23:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [94.58 Ko] - (1.28.3.67) - C:\Windows\System32\Drivers\lsi_scsi.sys [MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - [10/06/2009 22:19:35] - (.Copyright © LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) - [30.08 Ko] - (4.5.1.32) - C:\Windows\System32\Drivers\megasas.sys [MD5.DCBAB2920C75F390CAF1D29F675D03D6] - [13/07/2009 23:09:17] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [230.06 Ko] - (13.5.409.2009) - C:\Windows\System32\Drivers\MegaSR.sys [MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - [13/07/2009 23:09:17] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [43.58 Ko] - (7.10.0.0) - C:\Windows\System32\Drivers\nfrd960.sys [MD5.B3E25EE28883877076E0E1FF877D02E0] - [05/02/2012 05:04:54] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [114.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvraid.sys [MD5.4380E59A170D88C4F1022EFF6719A8A4] - [05/02/2012 05:04:54] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [140.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvstor.sys [MD5.AB95ECF1F6659A60DDC166D8315B0751] - [10/06/2009 22:20:06] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1351.06 Ko] - (9.1.8.6) - C:\Windows\System32\Drivers\ql2300.sys [MD5.B4DD51DD25182244B86737DC51AF2270] - [13/07/2009 23:09:18] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [103.58 Ko] - (2.1.3.20) - C:\Windows\System32\Drivers\ql40xx.sys [MD5.D5EDE44CA85899E0478208C8413C1C31] - [28/12/2014 18:08:27] - (.Copyright (C) 2010 Realtek Semiconductor Corporation. All Right Reserved. - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver .) - [268.6 Ko] - (7.23.623.2010) - C:\Windows\System32\Drivers\Rt86win7.sys [MD5.90A3935D05B494A5A39D37E71F09A677] - [14/07/2009 03:05:20] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [20 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys [MD5.A9F0486851BECB6DDA1D89D381E71055] - [10/06/2009 22:20:08] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [39.08 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys [MD5.3727097B55738E2F554972C3BE5BC1AA] - [13/07/2009 23:09:18] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [76.06 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys [MD5.317A9DB20BDB9A81EE9D75388CF5CF90] - [30/01/2017 08:40:44] - (.Copyright © 2000 - 2014 Avira Operations GmbH & Co. KG and its Licensors - ssmdrv.) - [18.32 Ko] - (15.0.19.1) - C:\Windows\System32\Drivers\ssmdrv.sys [MD5.DB32D325C192B801DF274BFD12A7E72B] - [13/07/2009 23:09:18] - (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) - [20.58 Ko] - (5.0.1.1) - C:\Windows\System32\Drivers\stexstor.sys [MD5.E43574F6A56A0EE11809B48C09E4FD3C] - [14/07/2009 00:11:20] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [16.58 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys [MD5.9DFA0CC2F8855A04816729651175B631] - [10/06/2009 22:20:24] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [138.58 Ko] - (6.0.6000.6210) - C:\Windows\System32\Drivers\vsmraid.sys ---------- | Uninstall [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\5ddddc9f6910e2696a64a4ab34410429] : (.-.) -> [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\f42b8d0478a09a4] : (.-.) -> [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (.-.) -> [HKU\S-1-5-21-536618584-166276851-2366321824-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SoftonicAssistant] : (Softonic Assistant.-.Softonic International S.A.) -> C:\Users\habiba\AppData\Local\SoftonicAssistant\Uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\7-Zip] : (7-Zip 9.20.-.) -> "C:\Program Files\7-Zip\Uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Avira Antivirus] : (Avira Antivirus.-.Avira Operations GmbH & Co. KG) -> C:\Program Files\Avira\Antivirus\setup.exe /REMOVE [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Bandicam] : (Bandicam.-.Bandisoft.com) -> "C:\Program Files\Bandicam\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\BandiMPEG1] : (Bandisoft MPEG-1 Decoder.-.Bandisoft.com) -> "C:\Program Files\BandiMPEG1\uninstall.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EPANET 2.0 Fr] : (EPANET 2.0 Fr.-.) -> C:\Windows\GPInstall.exe "/UNINST=C:\Users\habiba\Desktop\Downloads\ENSH 2emeo\ina\2 ieme semestre\AEP\Epanet\UnInst.log" "/APPNAME=EPANET 2.0 Fr" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\setup.exe" --uninstall --system-level [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{06ADE2A0-E46A-4A84-A211-64CF50520185}] : (HSPA USB Modem.-.Nom de votre société) -> "C:\Program Files\InstallShield Installation Information\{06ADE2A0-E46A-4A84-A211-64CF50520185}\setup.exe" -runfromtemp -l0x040c -removeonly [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MyPC Backup] : (MyPC Backup .-.JDi Backup Ltd) -> C:\Program Files\MyPC Backup\uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\RealPlayer 18.1] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files\VideoLAN\VLC\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.30 (32-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{06ADE2A0-E46A-4A84-A211-64CF50520185}] : (HSPA USB Modem.-.Nom de votre société) -> MsiExec.exe /I{06ADE2A0-E46A-4A84-A211-64CF50520185} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{179324FF-7B16-4BA8-9836-055CAAEE4F08}] : (SDFormatter.-.SD Association) -> MsiExec.exe /X{179324FF-7B16-4BA8-9836-055CAAEE4F08} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{62BCFA7C-FA9E-ADF2-C5AE-3C2645786AA5}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7774002B-60B3-4146-BF82-5BF767D468B8}] : (Avira Connect.-.Avira Operations GmbH & Co. KG) -> MsiExec.exe /X{7774002B-60B3-4146-BF82-5BF767D468B8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{845380e2-f0b5-4584-bc40-cc54345b3c06}] : (Avira Connect.-.Avira Operations GmbH & Co. KG) -> "C:\ProgramData\Package Cache\{845380e2-f0b5-4584-bc40-cc54345b3c06}\Avira.OE.Setup.Bundle.exe" /uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver For Windows 7.-.Realtek) -> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001802114130}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AB0000000001}] : (Adobe Reader XI (11.0.19) - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AB0000000001} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}] : (vs2015_redist x86.-.Realnetworks) -> MsiExec.exe /I{BD46163A-0331-4A61-B65A-7B66D7C93F8E} ---------- | Installer [HKCR\Installer\Products\0A2EDA60A64E48A42A1146FC05251058] : HSPA USB Modem -> C:\Windows\Installer\{06ADE2A0-E46A-4A84-A211-64CF50520185}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA408033019195008120111403] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001802114130}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744BA0000000010] : Adobe Reader XI (11.0.19) - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A36164DB133016A46BA5B7667D9CF3E8] : vs2015_redist x86 [HKCR\Installer\Products\B20047773B066414FB28B57F764D868B] : Avira Connect [HKCR\Installer\Products\FF42397161B78AB4896350C5AAEEF480] : SDFormatter -> C:\Windows\Installer\{179324FF-7B16-4BA8-9836-055CAAEE4F08}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Drives Disk: 0 Size=305G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 100M Yes No 2,048 204,800 1 1 07-NTFS 305G No No 206,848 624,932,864 ---------- | MBR Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 32-bit Base Board Manufacturer: Hewlett-Packard BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: Compaq Mini CQ10-600 Logical Drives Mask: 0x00000004 Analysis of file "C:\QuickDiag\MBR.bin": Windows 7 MBR code detected Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: TOSHIBA_MK3265GSX_H rev.GJ001Q -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys ndis.sys bcmwl6.sys win32k.sys C:\Windows\system32\DRIVERS\bcmwl6.sys Broadcom Corporation Broadcom 802.11 Network Adapter wireless driver 1 ntkrnlpa!IofCallDriver[0x820560C5] -> \Device\Harddisk0\DR0[0x84B0E030] 3 CLASSPNP[0x86BAD59E] -> ntkrnlpa!IofCallDriver[0x820560C5] -> \Device\Ide\IdeDeviceP0T0L0-0[0x84A44030] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } user & kernel MBR OK ---------- | 20 LastEventLog Nom de l’application défaillante chrome.exe, version : 56.0.2924.87, horodatage : 0x58916dcd Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.23392, horodatage : 0x56eb2fb9 Code d’exception : 0xe06d7363 Décalage d’erreur : 0x0000845d ID du processus défaillant : 0x194 Heure de début de l’application défaillante : 0x01d282ca2f11ca08 Chemin d’accès de l’application défaillante : C:\Program Files\Google\Chrome\Application\chrome.exe Chemin d’accès du module défaillant: C:\Windows\system32\KERNELBASE.dll ID de rapport : 16bdba4b-eec1-11e6-b161-78acc0c7b0ab ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Impossible de fermer l’application ou le service « Avira OnDemand File Scanner ». ------------ Impossible de fermer l’application ou le service « Avira OnDemand File Scanner ». ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Nom de l’application défaillante chrome.exe, version : 56.0.2924.87, horodatage : 0x58916dcd Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.23392, horodatage : 0x56eb2fb9 Code d’exception : 0xe06d7363 Décalage d’erreur : 0x0000845d ID du processus défaillant : 0x6d0 Heure de début de l’application défaillante : 0x01d2807a043c3a5c Chemin d’accès de l’application défaillante : C:\Program Files\Google\Chrome\Application\chrome.exe Chemin d’accès du module défaillant: C:\Windows\system32\KERNELBASE.dll ID de rapport : e3769fc1-ec6e-11e6-a27e-78acc0c7b0ab ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Nom de l’application défaillante chrome.exe, version : 56.0.2924.87, horodatage : 0x58916dcd Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00000000 ID du processus défaillant : 0x14b0 Heure de début de l’application défaillante : 0x01d27ee01320e749 Chemin d’accès de l’application défaillante : C:\Program Files\Google\Chrome\Application\chrome.exe Chemin d’accès du module défaillant: unknown ID de rapport : 60d98d3d-eb07-11e6-8a70-78acc0c7b0ab ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ----------( EOF)---------- - 2931 | 13:43:23