--------------- QuickDiag | g3n-h@ckm@n | V3_31.01.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 04/03/2017 09:52:58 Updated 31/01/2017 | 13.00 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Afrique centrale - Ouest [KADER IDH (Administrator)] - [KADERIDH-PC] (S-1-5-21-435501677-4175685979-3547123774-1000) System: Microsoft Windows 7 Professionnel - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Professionnel |C:\Windows|\Device\Harddisk0\Partition1 Boot : Normal boot PC: HP Pro 3010 Microtower PC - Hewlett-Packard - IdNumber: CZC00605LZ - UUID: A40D3200-151C-11DF-B679-47A225905D0F Processor : X64 - 2693 Mhz - Pentium(R) Dual-Core CPU E5400 @ 2.70GHz BIOS Date: 11/13/09 09:50:31 Ver: 5.14 - en|US|iso8859-1 - American Megatrends Inc. - S/N: CZC00605LZ - 5.14 - HPQOEM - 20091113 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice Périphérique High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_103C2A94&REV_1002\4&8F500C0&0&0001 ---------- | Video Intel(R) G45/G43 Express Chipset - Resolution: 1600x900 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll,igd10umd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_2E23&SUBSYS_2A94103C&REV_03\3&11583659&0&11 - AdapterCompatibility: Intel Corporation - RAM: Intel(R) G45/G43 Express Chipset - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll,igd10umd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_2E22&SUBSYS_2A94103C&REV_03\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 820604928 Inegrated Video Chipset DeviceName: Intel(R) G45/G43 Express Chipset - DriverVersion: 8.15.10.2202 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK ---------- | CPU CPU #1 value:81 % CPU #2 value:19 % Total Overall CPU Usage value:50 % ---------- | Network Carte réseau Realtek RTL8168D_8111D Family PCI-E Gigabit Ethernet [NDIS 6.20] : SENT:102,983 bytes/sec / RECVD:102,983 bytes/sec isatap.{4C280DF3-7602-4008-AC1A-B8A0911C8CEE} : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:102,983 bytes/sec, / RECEIVE Maximum:102,983 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Carte réseau Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet (NDIS 6.20) - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_2A94103C&REV_03\4&2CECE7CE&0&00E5 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000 RAS Async Adapter - Réseau étendu (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000 Remote NDIS based Internet Sharing Device - - - Status: - PnPID : Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001 Remote NDIS based Internet Sharing Device - - - Status: - PnPID : Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002 ---------- | Memory RAM = Total (MB) : 2061 | Free (MB) : 360 Pagefile = Total (MB) : 4123 | Free (MB) : 906 Virtual = Total (MB) : 2097 | Free (MB) : 1947 Physical Memory 1 : Capacity: 2147483648 - DIMM1 - Posit.: - Manufacturer: CE80000000000000 - PartNumber: M378B5673EH1-CH9 - S/N: SerNum1 ---------- | SID Users Administrateur : [S-1-5-21-435501677-4175685979-3547123774-500] Invité : [S-1-5-21-435501677-4175685979-3547123774-501] KADER IDH : [S-1-5-21-435501677-4175685979-3547123774-1000] TEST : [S-1-5-21-435501677-4175685979-3547123774-1001] ZAINA : [S-1-5-21-435501677-4175685979-3547123774-1002] Administrateurs : [S-1-5-32-544] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 58.59 Go | Free : 26.11 Go -> NTFS [ATA] D:\ -> [Fixed] | [] | Total : 58.59 Go | Free : 53.81 Go -> NTFS [ATA] E:\ -> [Fixed] | [] | Total : 180.89 Go | Free : 180.8 Go -> NTFS [ATA] Disk Usage Information [6 total Physical Disks] Physical Drive #0 [C:, D:, E:] : Read:96,736 bytes/sec, Written:731,566 bytes/sec Max Read:96,736 bytes/sec, Max Write:731,566 bytes/sec Physical Drive #1 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [H:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #4 [J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #5 [K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:96,736 bytes/sec, Write Maximum:731,566 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKST3320418AS_____________________________HP34____\5&267CBC22&0&0.0.0 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00\20060413092100000&0 DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC-&PROD_MS/MS-PRO/HG&REV_1.00\20060413092100000&3 DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC-&PROD_SD/MMC/MS/MSPRO&REV_1.00\20060413092100000&4 DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC-&PROD_SD/MMC&REV_1.00\20060413092100000&2 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC-&PROD_SM/XD-PICTURE&REV_1.00\20060413092100000&1 ---------- | Windows updates Last detection : 2014-03-04 08:05:57 Downloaded last ones : 2014-03-04 10:28:31 Installed last ones : 2014-03-04 09:27:46 Windows Is Activated ---------- | Browsers IE : 11.0.9600.17840 (© Microsoft Corporation. Tous droits réservés.) FF : 51.0.1.6234 (©Firefox and Mozilla Developers; available under the MPL 2 license.) Default : "C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1" ---------- | FlashPlayer FlashPlayer Plugin : 24.0.0.221 ---------- | Security AV : Avira Antivirus Disabled AS : Windows Defender Enabled AM : Malwarebytes' Anti-Malware ( 2.3.173.0) [Update : 19/12/2015 10:53:50] FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 240 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.18113) = C:\Windows\System32\smss.exe [26/02/2014 16:42:19] CPU Usage:0 % 388 | [Owner : | Parent : 320() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 00:36:49] CPU Usage:0 % 436 | [Owner : | Parent : 388(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) = C:\Windows\System32\services.exe [14/07/2009 00:11:26] CPU Usage:0 % 452 | [Owner : | Parent : 388(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18270) = C:\Windows\System32\lsass.exe [03/03/2014 10:22:24] CPU Usage:0 % 460 | [Owner : | Parent : 388(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [01/03/2014 09:52:58] CPU Usage:0 % 528 | [Owner : | Parent : 380() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) = C:\Windows\System32\winlogon.exe [01/03/2014 09:53:00] CPU Usage:0 % 624 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 716 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 776 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 856 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 904 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 944 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1172 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1344 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe [01/03/2014 09:52:51] CPU Usage:0 % 1380 | [Owner : | Parent : 436(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.24.143) = C:\Program Files\Avira\AntiVir Desktop\sched.exe [26/02/2014 14:56:27] CPU Usage:0 % 1400 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1580 | [Owner : | Parent : 436(services.exe) | ?????] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.1354) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [19/12/2016 22:38:14] CPU Usage:0 % 1600 | [Owner : | Parent : 436(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.24.143) = C:\Program Files\Avira\AntiVir Desktop\avguard.exe [26/02/2014 14:56:26] CPU Usage:0 % 1644 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.7766.1349) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [18/07/2016 09:13:57] CPU Usage:0 % 1748 | [Owner : | Parent : 436(services.exe) | ?????] - (.Nitro PDF Software - Nitro PDF Spool Service.) - (7.0.0.1) = C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [17/12/2013 16:15:18] CPU Usage:0 % 1860 | [Owner : | Parent : 436(services.exe) | ?????] - (.Nalpeiron Ltd. - This service enables products that use the Nalpeiron Licensing System.) - (7.3.4.0) = C:\Windows\System32\NLSSRV32.EXE [17/12/2013 16:15:30] CPU Usage:0 % 1932 | [Owner : | Parent : 436(services.exe) | ?????] - (.@ByELDI - Service_KMS.) - (16.0.0.6) = C:\Program Files\KMSpico\Service_KMS.exe [18/07/2016 09:47:21] CPU Usage:0 % 428 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 732 | [Owner : | Parent : 436(services.exe) | ?????] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.6829.0) = C:\Program Files\TeamViewer\TeamViewer_Service.exe [17/08/2016 14:35:48] CPU Usage:0 % 1576 | [Owner : | Parent : 436(services.exe) | ?????] - (.Amadeus - Automatic Update Service.) - (4.4.100.4) = C:\Program Files\Automatic Update\AutoUpdate.exe [26/02/2014 09:49:51] CPU Usage:0 % 1300 | [Owner : | Parent : 436(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Avira Service Host.) - (1.2.77.41287) = C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [29/12/2016 09:20:16] CPU Usage:0 % 2348 | [Owner : KADER IDH | Parent : 436(services.exe) | 2.54 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [04/03/2014 09:11:17] CPU Usage:0 % 2432 | [Owner : KADER IDH | Parent : 856(svchost.exe) | 1.04 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 00:24:23] CPU Usage:0 % 2456 | [Owner : KADER IDH | Parent : 2420() | 29.89 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe [01/03/2014 09:53:07] CPU Usage:0 % 2864 | [Owner : | Parent : 2456(explorer.exe) | 3.65 Mo] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) - (15.0.24.143) = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [26/02/2014 14:56:26] CPU Usage:0 % 2872 | [Owner : KADER IDH | Parent : 2456(explorer.exe) | 0.27 Mo] - (.Intel Corporation - igfxTray Module.) - (8.15.10.2202) = C:\Windows\System32\igfxtray.exe [25/08/2010 19:45:44] CPU Usage:0 % 2880 | [Owner : KADER IDH | Parent : 2456(explorer.exe) | 0.25 Mo] - (.Intel Corporation - persistence Module.) - (8.15.10.2202) = C:\Windows\System32\igfxpers.exe [25/08/2010 19:45:40] CPU Usage:0 % 2888 | [Owner : KADER IDH | Parent : 2456(explorer.exe) | 0.11 Mo] - (.CANON INC. - Canon Advanced Printing Technology Printer Status Window Launcher.) - (4.1.1.3) = C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE [06/09/2007 00:48:00] CPU Usage:50 % 2980 | [Owner : KADER IDH | Parent : 2456(explorer.exe) | 0.72 Mo] - (.CANON INC. - Canon Printer Status Window Launcher.) - (5.0.0.3) = C:\Windows\System32\spool\drivers\w32x86\3\CNAP3LAK.exe [10/03/2016 11:48:34] CPU Usage:0 % 3060 | [Owner : KADER IDH | Parent : 2456(explorer.exe) | 0.08 Mo] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) - (3.11.500.0) = C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe [19/01/2017 07:09:02] CPU Usage:0 % 3100 | [Owner : KADER IDH | Parent : 1576(AutoUpdate.exe) | 0.68 Mo] - (.AMADEUS - AutoUpdateGUI.) - (4.4.100.1) = C:\Program Files\Automatic Update\AutoUpdateGUI.exe [26/02/2014 09:49:51] CPU Usage:0 % 3164 | [Owner : KADER IDH | Parent : 2980(CNAP3LAK.exe) | 2.48 Mo] - (.CANON INC. - Canon Printer Status Window.) - (5.2.0.23) = C:\Windows\System32\spool\drivers\w32x86\3\CNABHSWK.EXE [10/03/2016 11:48:34] CPU Usage:0 % 3172 | [Owner : KADER IDH | Parent : 944(svchost.exe) | 0.92 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [01/03/2014 09:52:53] CPU Usage:0 % 3252 | [Owner : KADER IDH | Parent : 3172(taskeng.exe) | 2.26 Mo] - (.Piriform Ltd - CCleaner.) - (5.20.0.5668) = C:\Program Files\CCleaner\CCleaner.exe [13/07/2016 21:40:28] CPU Usage:0 % 3532 | [Owner : KADER IDH | Parent : 2888(CNAP2LAK.EXE) | 2.75 Mo] - (.CANON INC. - Canon Advanced Printing Technology Printer Status Window.) - (4.3.3.4) = C:\Windows\System32\spool\drivers\w32x86\3\CNAB8SWK.EXE [22/09/2008 07:02:08] CPU Usage:0 % 3576 | [Owner : KADER IDH | Parent : 624(svchost.exe) | 1.16 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe [14/07/2009 00:30:28] CPU Usage:0 % 3756 | [Owner : KADER IDH | Parent : 2980(CNAP3LAK.exe) | 2.44 Mo] - (.CANON INC. - Canon Advanced Printing Technology Printer Status Window.) - (4.3.3.4) = C:\Windows\System32\spool\drivers\w32x86\3\CNAB8SWK.EXE [22/09/2008 07:02:08] CPU Usage:0 % 2744 | [Owner : | Parent : 1600(avguard.exe) | ?????] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) - (15.0.24.146) = C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [26/02/2014 14:56:26] CPU Usage:0 % 3924 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [26/02/2014 16:34:53] CPU Usage:0 % 260 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 4168 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 4644 | [Owner : KADER IDH | Parent : 1300(Avira.ServiceHost.exe) | 4.9 Mo] - (.Avira Operations GmbH & Co. KG - Avira.) - (1.2.77.41287) = C:\Program Files\Avira\Launcher\Avira.Systray.exe [29/12/2016 09:24:44] CPU Usage:0 % 5396 | [Owner : KADER IDH | Parent : 2456(explorer.exe) | 96.8 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 5412 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 1.17 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 5444 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 0.37 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 5540 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 65.52 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 5740 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 61.26 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 5748 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 113 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 5784 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 125.47 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 3192 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 5272 | [Owner : KADER IDH | Parent : 2456(explorer.exe) | 104.6 Mo] - (.Microsoft Corporation - Microsoft Outlook.) - (16.0.7766.2060) = C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE [18/07/2016 09:16:08] CPU Usage:0 % 3948 | [Owner : KADER IDH | Parent : 2456(explorer.exe) | 5.3 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.17840) = C:\Program Files\Internet Explorer\iexplore.exe [08/03/2016 09:52:13] CPU Usage:0 % 5688 | [Owner : KADER IDH | Parent : 3948(iexplore.exe) | 16.3 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.17840) = C:\Program Files\Internet Explorer\iexplore.exe [08/03/2016 09:52:13] CPU Usage:0 % 2828 | [Owner : KADER IDH | Parent : 5688(iexplore.exe) | 56.03 Mo] - (.- Amadeus ShowcaseExe Y09W29D1B01.) - (1.0.0.44) = C:\Users\KADER IDH\AppData\Roaming\Amadeus\Viewer\Showcase.exe [06/11/2014 15:35:52] CPU Usage:0 % 3956 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 11.1 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 5116 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 79.99 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 4664 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 76.68 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 5060 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 103.16 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 1112 | [Owner : | Parent : 1644(OfficeClickToRun.exe) | ?????] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.7870.1316) = C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.7870.2013\OfficeClickToRun.exe [04/03/2017 09:39:36] CPU Usage:0 % 1044 | [Owner : KADER IDH | Parent : 5396(chrome.exe) | 118.79 Mo] - (.Google Inc. - Google Chrome.) - (56.0.2924.87) = C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe [25/02/2014 13:58:21] CPU Usage:0 % 1224 | [Owner : | Parent : 776(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.1.7601.17514) = C:\Windows\System32\audiodg.exe [01/03/2014 09:52:36] CPU Usage:0 % 5736 | [Owner : KADER IDH | Parent : 2456(explorer.exe) | 22.68 Mo] - (.SosVirus - QuickDiag.) - (31.1.17.1) = C:\Users\KADER IDH\Desktop\QuickDiag.exe [04/03/2017 09:51:26] CPU Usage:0 % 5172 | [Owner : | Parent : 436(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [01/03/2014 09:52:32] CPU Usage:0 % ---------- | MD5 [MD5.40D777B7A95E00593EB1568C68514493] - [01/03/2014 09:53:07] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17514) : C:\Windows\Explorer.exe [MD5.AD7B9C14083B52BC532FBA5948342B98] - [01/03/2014 09:52:55] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 00:11:09] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [14/07/2009 00:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.6933E2AFF444A7A95D5C67E98449163E] - [03/03/2014 10:08:21] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [848 Ko] - (6.1.7601.18229) : C:\Windows\System32\Kernel32.dll [MD5.803B370865D907EA21DC0C2B6A8936B5] - [03/03/2014 10:22:24] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.18270) : C:\Windows\System32\lsass.exe [MD5.7660F01D3B38ACA1747E397D21D790AF] - [01/03/2014 09:52:55] - (.© Microsoft Corporation. - Distributed COM Services.) - [368 Ko] - (6.1.7601.17514) : C:\Windows\System32\rpcss.dll [MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 00:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.5F1B6A9C35D3D5CA72D6D6FDEF9747D6] - [14/07/2009 00:11:26] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [253 Ko] - (6.1.7600.16385) : C:\Windows\System32\services.exe [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.F1DD3ACAEE5E6B4BBC69BC6DF75CEF66] - [01/03/2014 09:53:00] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [792.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\user32.dll [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [01/03/2014 09:52:30] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 00:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.6D13E1406F50C66E2A95D97F22C47560] - [01/03/2014 09:53:00] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [280 Ko] - (6.1.7601.17514) : C:\Windows\System32\Winlogon.exe [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - [03/03/2014 10:24:31] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.18264) : C:\Windows\System32\Drivers\afd.sys [MD5.338C86357871C167A96AB976519BF59E] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [03/03/2014 10:09:12] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys [MD5.77EA11B065E0A8AB902D78145CA51E10] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [01/03/2014 09:52:03] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.F024449C97EC1E464AAFFDA18593DB88] - [01/03/2014 09:52:01] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [76.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys [MD5.9036377B8A6C15DC2EEC53E489D159B5] - [01/03/2014 09:51:57] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [14/07/2009 00:11:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [14/07/2009 00:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - [26/02/2014 16:39:29] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121 Ko] - (6.1.7601.17605) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.8C9C922D71F1CD4DEF73F186416B7896] - [03/03/2014 10:24:29] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [695.36 Ko] - (6.1.7601.17939) : C:\Windows\System32\Drivers\ndis.sys [MD5.280122DDCF04B378EDD1AD54D71C1E54] - [01/03/2014 09:52:34] - (.© Microsoft Corporation. - MBT Transport driver.) - [183.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\netbt.sys [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - [26/02/2014 16:44:38] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1183.35 Ko] - (6.1.7601.18127) : C:\Windows\System32\Drivers\ntfs.sys [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [14/07/2009 00:45:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [14/07/2009 00:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.B973FCFC50DC1434E1970A146F7E3885] - [01/03/2014 09:52:42] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [130.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys [MD5.3E21C083B8A01CB70BA1F09303010FCE] - [14/07/2009 00:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.CA59F7C570AF70BC174F477CFE2D9EE3] - [03/03/2014 10:11:36] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1263.94 Ko] - (6.1.7601.18254) : C:\Windows\System32\Drivers\tcpip.sys [MD5.B459575348C20E8121D6039DA063C704] - [01/03/2014 09:52:20] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\tdx.sys [MD5.F497F67932C6FA693D7DE2780631CFE7] - [01/03/2014 09:52:55] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.Fraunhofer Institut Integrierte Schaltungen IIS.-.MPEG Layer-3 Audio Codec for MSACM.) - (1.9.0.401) -- C:\Windows\System32\l3codeca.acm (..-..) - (4.1.0.0) -- C:\Program Files\WinRAR\rarext.dll (.Malwarebytes.-.Malwarebytes Anti-Malware.) - (3.1.1.0) -- C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll (.Avira Operations GmbH & Co. KG.-.AntiVirus context menu.) - (15.0.24.119) -- C:\Program Files\Avira\AntiVir Desktop\shlext.dll (.Nitro PDF.-.Nitro Pro ShellExtension.) - (9.0.5.9) -- C:\PROGRA~1\Nitro\PRO9~1\NPSHEL~1.DLL ---------- | Svchost.exe component call (Microsoft Files Whitelisted) ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Google Update - (C:\Users\KADER IDH\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\...\Run]) - User: KADERIDH-PC\KADER IDH CNAP2 Launcher - (C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\...\Run]) - User: KADERIDH-PC\KADER IDH CNAP3 Launcher - (C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP3LAK.EXE [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\...\Run]) - User: KADERIDH-PC\KADER IDH CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\...\Run]) - User: KADERIDH-PC\KADER IDH McAfee Security Scan Plus - (C:\PROGRA~1\MCAFEE~1\311~1.500\SSSCHE~1.EXE [Common Startup]) - User: Public avgnt - ("C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [HKLM\SOFTWARE\...\Run]) - User: Public IgfxTray - (C:\Windows\system32\igfxtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public Persistence - (C:\Windows\system32\igfxpers.exe [HKLM\SOFTWARE\...\Run]) - User: Public CNAP2 Launcher - (C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [HKLM\SOFTWARE\...\Run]) - User: Public Avira SystrayStartTrigger - ("C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [HKLM\SOFTWARE\...\Run]) - User: Public CNAP3 Launcher - (C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP3LAK.EXE [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\KADER IDH\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [16/12/2016 21:07:59] "CNAP2 Launcher"=C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [06/09/2007 00:48:00] "CNAP3 Launcher"=C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP3LAK.EXE [10/03/2016 11:48:34] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\KADER IDH\AppData\Roaming [25/02/2014 13:47:26] "Local AppData"=C:\Users\KADER IDH\AppData\Local [25/02/2014 13:47:26] "My Video"=C:\Users\KADER IDH\Videos [25/02/2014 13:47:26] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Libraries [25/02/2014 13:47:54] "My Pictures"=C:\Users\KADER IDH\Pictures [25/02/2014 13:47:26] "Desktop"=C:\Users\KADER IDH\Desktop [25/02/2014 13:47:26] "History"=C:\Users\KADER IDH\AppData\Local\Microsoft\Windows\History [25/02/2014 13:47:26] "NetHood"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Network Shortcuts [25/02/2014 13:47:26] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\KADER IDH\Contacts [25/02/2014 13:47:39] "Cookies"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Cookies [25/02/2014 13:47:26] "Favorites"=C:\Users\KADER IDH\Favorites [25/02/2014 13:47:26] "SendTo"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\SendTo [25/02/2014 13:47:26] "Start Menu"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu [25/02/2014 13:47:26] "My Music"=C:\Users\KADER IDH\Music [25/02/2014 13:47:26] "Programs"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [25/02/2014 13:47:26] "Recent"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Recent [25/02/2014 13:47:26] "CD Burning"=C:\Users\KADER IDH\AppData\Local\Microsoft\Windows\Burn\Burn [25/02/2014 13:48:00] "PrintHood"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [25/02/2014 13:47:26] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\KADER IDH\Searches [25/02/2014 13:47:54] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\KADER IDH\Downloads [25/02/2014 13:47:26] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\KADER IDH\AppData\LocalLow [25/02/2014 13:47:27] "Startup"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [25/02/2014 13:47:54] "Administrative Tools"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [25/02/2014 13:47:54] "Personal"=C:\Users\KADER IDH\Documents [25/02/2014 13:47:26] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\KADER IDH\Links [25/02/2014 13:47:26] "Cache"=C:\Users\KADER IDH\AppData\Local\Microsoft\Windows\Temporary Internet Files [25/02/2014 13:47:26] "Templates"=C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Templates [25/02/2014 13:47:26] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\KADER IDH\Saved Games [25/02/2014 13:47:26] "Fonts"=C:\Windows\Fonts [14/07/2009 03:37:06] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files "Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DebugOptions"=2048 "Documents"= "DosPrint"=no "Load"= "NetMessage"=no "NullPort"=None "Programs"=com exe bat pif cmd "Device"=\\192.168.1.77\Canon MF210 Series,winspool,Ne12: "UserSelectedDefault"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "IgfxTray"=C:\Windows\system32\igfxtray.exe [25/08/2010 19:45:44] "Persistence"=C:\Windows\system32\igfxpers.exe [25/08/2010 19:45:40] "CNAP2 Launcher"=C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [06/09/2007 00:48:00] "Avira SystrayStartTrigger"="C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" "CNAP3 Launcher"=C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP3LAK.EXE [10/03/2016 11:48:34] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 03:37:05] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 03:37:05] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 03:37:05] "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 03:37:05] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 03:37:05] "CommonMusic"=C:\Users\Public\Music [14/07/2009 03:37:05] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 05:52:30] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 03:37:05] "Common Documents"=C:\Users\Public\Documents [14/07/2009 03:37:05] "OEM Links"=C:\ProgramData\OEM Links "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 03:37:05] "Common AppData"=C:\ProgramData [14/07/2009 03:37:05] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "CommonPictures"=%PUBLIC%\Pictures "CommonMusic"=%PUBLIC%\Music "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "Common Templates"=%ProgramData%\Microsoft\Windows\Templates [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "IconServiceLib"=IconCodecService.dll "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "GDIProcessHandleQuota"=10000 "ShutdownWarningDialogTimeout"=4294967295 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "DeviceNotSelectedTimeout"=15 "Spooler"=yes "TransmissionRetryTimeout"=90 "AppInit_DLLs"= "LoadAppInit_DLLs"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Config.sys : FILES=40 ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=f8f19f9c-6c0f-435e-a933-a57d6bb [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=452 "SecureBoot"=1 "ProductType"=6 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=0 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=0 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=0 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9012018010000000 "Wallpaper"= "SCRNSAVE.EXE"=C:\Windows\system32\scrnsave.scr [14/07/2009 00:41:03] "ScreenSaveTimeOut"=25200 "ScreenSaverIsSecure"=0 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003828000000000000000000000000000001000000120000000000000032000000 "CleanShutdown"=0 "link"=0x15000000 "Browse For Folder Width"=347 "Browse For Folder Height"=328 "Reason Setting"=255 [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=1 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=0 "ListviewShadow"=0 "TaskbarAnimations"=0 "StartMenuInit"=4 "Start_ShowMyGames"=0 "TaskbarSizeMove"=0 [HKLM\Software\Policies\Microsoft\Windows\System] "EnableSmartScreen"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=6 "SmartScreenEnabled"=Off [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\System32\Userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=43 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\System32\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [08/03/2016 09:52:13] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "\\admin\partage\LOg\Firefox Setup 13.0.exe"=1 "\\admin\partage\LOg\OFFICE 2007\SETUP.EXE"=1 "\\admin\partage\LOg\avira-free-antivirus_avira_free_antivirus_2012_francais_404708.exe"=1 "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE"=1 "C:\Users\KADER IDH\Downloads\reader10_fr_ga_install.exe"=1 "\\admin\partage\karimus\mbam-setup-2.2.0.1024.exe"=1 "\\admin\partage\LOg\Office 2016 AIO FR SELECTION MANUEL by Flamme-Demon\O16Setup.exe"=1 "C:\Users\KADER IDH\Downloads\CCleaner.Professional+Business+Technician.v5.20+Portable\ccsetup520.exe"=1 "C:\Users\KADER IDH\Downloads\Nitro PDF Pro 9.0.5.2\nitro_pro9_x32.exe"=1 "SIGN.MEDIA=A2B0DB42 Football.Manager.2017-ALI213\ÓÎÏÀÍøNETSHOW.exe"=2 "C:\Users\KADER IDH\Downloads\MEGAsyncSetup.exe"=1 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\L] : L:\Auto.exe (AutoRun) [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{202e95e0-945d-11e6-b881-f4ce46028843}] : L:\Auto.exe (AutoRun) [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{7a213f88-3f0f-11e4-a72b-f4ce46028843}] : L:\LGAutoRun.exe (AutoRun) [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{f1bf0c76-d329-11e6-8dcd-f4ce46028843}] : L:\Auto.exe (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920209537502489 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 "ProductStatus"=0 "InstallTime"=0x64A7D4A42632CF01 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts # pour Windows. # De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des 127.0.0.1 localhost ---------- | Ping La requ?te Ping n'a pas pu trouver l'h?te google.fr. V?rifiez le nom et essayez ? nouveau. ---------- | @ [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page Redirect Cache"=http://www.msn.com/ar-eg/?ocid=iehp "Start Page Redirect Cache AcceptLangs"=fr-FR "NotifyDownloadComplete"=yes "Check_Associations"=yes "DisableScriptDebuggerIE"=yes "IconCache"=w9jay2d "IE10RunOnceLastShown"=1 "IE10TourShown"=0 "IE10TourShownTime"=0x0AF8CF061979D101 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "StatusBarWeb"=1 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "DisableRequiresActiveXPrompt"= "GotoIntranetSiteForSingleWordEntry"=0 "AutoSearch"=1 "SuppressScriptDebuggerDialog"=0 "PredictedViewExpansion"=100 "PredictedViewChangeThreshold"=10 "PredictedViewChangeThresholdPaint"=10 "ContentLayerCacheExpansion"=300 "RenderingLoopMaxTime"=250 "NscSingleExpand"=0 "Error Dlg Displayed On Every Error"=no "Friendly http errors"=yes "CSS_Compat"=doctype "Expand Alt Text"=no "Display Inline Videos"=1 "Print_Background"=no "Use Stylesheets"=1 "SmoothScroll"=1 "Show image placeholders"=0 "Disable Diagnostics Mode"=no "Move System Caret"=no "Enable AutoImageResize"=yes "UseThemes"=1 "UseHR"=0 "Q300829"=0 "Cleanup HTCs"=0 "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "JScriptProfileCacheEventDelay"=5000 "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "IE10RunOncePerInstallCompleted"=1 "IE10TourNoShow"=0 "IE10RecommendedSettingsNo"=0 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "HangRecovery"=1 "Isolation"=PMIL "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "FrameShutdownDelay"=0 "Search Bar"=Preserve "MinIEEnabled"=1 "FormSuggest PW Ask"=yes "RefcountTracker"=0 "TabDragOnSingleProc"=0 "IE10RunOnceCompletionTime"=0x5111C020FE7CD101 "ImageStoreRandomFolder"=20tp258 "DoNotTrack"=1 "ScriptDebugger_EnableHiddenTabs"=0 "ScrollTimeoutInMS"=6000 "DesktopTransparentCoverWindowTime"=8 "TSEnable"=1 "Isolation64Bit"=0 "FormSuggest Passwords"=yes "ForceBFCacheCandidacyPass"=0 "Fasterback"=1 "BackForwardInstrumentation"=0 "DisableFirstRunCustomize"=3 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7D0000007D0000009D030000FD020000 "OperationalData"=5 "CompatibilityFlags"=0 "Start Page Redirect Cache_TIMESTAMP"=0x62E3004B1A79D101 "IE10RunOnceLastShown_TIMESTAMP"=0x8B4A76977E7BD101 "Start Page"=http://amadeusvista.com/ [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=IEUser@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0xA3DB46A91879D101 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "GlobalUserOffline"=0 "ProxyHttp1.1"=1 "EnableAutodial"=0 "NoNetAutodial"=0 "BackgroundConnections"=1 "EnablePunycode"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "SyncMode5"=4 "EnableSPDY3_0"=0 "EnableSSL3Fallback"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE "StatusBarWeb"=1 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "GotoIntranetSiteForSingleWordEntry"=0 "AutoSearch"=1 "DEPOff"=0 "MaxRenderLine"=4000 "Use_DlgBox_Colors"=yes "Anchor Underline"=yes "Display Inline Images"=yes "Display Inline Videos"=1 "Play_Background_Sounds"=yes "Play_Animations"=yes "Print_Background"=no "SmoothScroll"=1 "XMLHTTP"=1 "Show image placeholders"=0 "Disable Script Debugger"=yes "Disable Diagnostics Mode"=no "Enable AutoImageResize"=yes "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "IE10RunOnceLastShown"=0 "IE10RunOncePerInstallCompleted"=0 "IE10TourNoShow"=0 "IE10TourShown"=0 "IE10RecommendedSettingsNo"=0 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "HangRecovery"=1 "Isolation"=PMIL "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "FrameShutdownDelay"=0 "TabProcGrowth"=Medium "ScriptDebugger_EnableHiddenTabs"=0 "ScrollTimeoutInMS"=6000 "DesktopTransparentCoverWindowTime"=8 "TSEnable"=1 "Isolation64Bit"=0 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files "UrlEncoding"=0 "SecureProtocols"=2688 "EnableHttp1_1"=1 "ProxyHttp1.1"=1 "BackgroundConnections"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "DisableCachingOfSSLPages"=0 "SyncMode5"=4 "EnableSPDY3_0"=0 "EnableSSL3Fallback"=1 "ProxyEnable"=0 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- C:\Users\KADER IDH\AppData\Local\MEGAsync\ShellExtX32.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- C:\Users\KADER IDH\AppData\Local\MEGAsync\ShellExtX32.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- C:\Users\KADER IDH\AppData\Local\MEGAsync\ShellExtX32.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll ---------- | Toolbar [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{41564952-412D-5637-4300-7A786E7484D7}"=0x524956412D41375643007A786E7484D7 "ITBar7Layout"=0x13000000000000000000000020000000100001001E00000001000000000700005E010000060000000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000524956412D41375643007A786E7484D70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=0 [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "UpgradeTime"=0xC76538AA1A79D101 "TopResult"=1 "ShowSearchSuggestionsGlobal"=1 "ShowSearchSuggestionsInAddressGlobal"=1 "DefaultPackCorrection"=1 "KnownProvidersUpgradeTime"=0x6038EDA81A79D101 "Version"=4 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{41564952-412D-5637-4300-7A786E7484D7}"=0 "Locked"=0 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "TopResult"=1 "ShowSearchSuggestionsGlobal"=1 "ShowSearchSuggestionsInAddressGlobal"=1 ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () - [] ---------- | SearchScopes [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [18/07/2016 09:17:30] ---------- | Chrome [HKLM\Software\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] [HKLM\Software\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk] [HKLM\Software\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl] ---------- | Opera ---------- | Firefox [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Users\KADER IDH\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Users\KADER IDH\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 24.0.0.221 Plugin) : C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll ---------- | DNS [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4C280DF3-7602-4008-AC1A-B8A0911C8CEE}] "NameServer"=8.8.8.8,8.8.4.4 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{50B305CF-96CD-4B18-BEF7-8D31B068AADC}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{9C32F086-81D0-4052-ADCD-5C71A2F66727}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{4C280DF3-7602-4008-AC1A-B8A0911C8CEE}] "NameServer"=8.8.8.8,8.8.4.4 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{50B305CF-96CD-4B18-BEF7-8D31B068AADC}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{9C32F086-81D0-4052-ADCD-5C71A2F66727}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4C280DF3-7602-4008-AC1A-B8A0911C8CEE}] "NameServer"=8.8.8.8,8.8.4.4 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{50B305CF-96CD-4B18-BEF7-8D31B068AADC}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9C32F086-81D0-4052-ADCD-5C71A2F66727}] "DhcpNameServer"=192.168.42.129 ---------- | Applications [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~1\MICROS~1\Office12\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "RPCSS"=RpcEptMapper RpcSs "defragsvc"=defragsvc "LocalSystemNetworkRestricted"=UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc IPBusEnum dot3svc hidserv irmon sysmain WPDBusEnum homegrouplistener TabletInputService PcaSvc wlansvc CscService StorSvc UmRdpService "LocalService"=nsi WdiServiceHost w32time EventSystem RemoteRegistry WinHttpAutoProxySvc sppuinotify THREADORDER netprofm lltdsvc fdphost SstpSvc WebClient FontCache "netsvcs"=AeLookupSvc CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS wercplsupport EapHost ProfSvc schedule hkmsvc SessionEnv winmgmt browser Themes BDESVC AppMgmt "WerSvcGroup"=wersvc "LocalServiceNoNetwork"=DPS PLA BFE mpssvc WwanSvc "termsvcs"=TermService "swprv"=swprv "LocalServiceNetworkRestricted"=DHCP eventlog AudioSrv BthHFSrv LmHosts wscsvc homegroupprovider WPCSvc "LocalServicePeerNet"=PNRPSvc p2pimsvc p2psvc PnrpAutoReg "NetworkServiceAndNoImpersonation"=KtmRm "regsvc"=RemoteRegistry "LocalServiceAndNoImpersonation"=SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc "DcomLaunch"=Power PlugPlay DcomLaunch "NetworkServiceNetworkRestricted"=PolicyAgent "NetworkService"=CryptSvc DHCP TermService DNSCache lanmanworkstation NapAgent nlasvc WinRM WECSVC Tapisrv "sdrsvc"=sdrsvc "WbioSvcGroup"=WbioSrvc "imgsvc"=StiSvc "wcssvc"=WcsPlugInService "AxInstSVGroup"=AxInstSV "secsvcs"=WinDefend "bthsvcs"=bthserv "PeerDist"=PeerDistSvc ---------- | SvcHost - Netsvcs (Whitelisted) Term - : ---------- | Software [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Adobe] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Amadeus] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\AppDataLow] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Avira] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\BitTorrent] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\BugSplat] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Canon] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Clients] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\EPSON] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Google] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\IM Providers] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Intel] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Kyocera Mita] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Macromedia] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Mozilla] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\MozillaPlugins] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\MTK] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Netscape] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Nitro] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Nitro PDF] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\ODBC] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Piriform] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Policies] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\SHAREit] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Skype] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\sysinternals] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\TeamViewer] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Trolltech] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\VNT] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\WinRAR] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\WinRAR SFX] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Adobe] [HKLM\Software\Amadeus] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI Technologies] [HKLM\Software\Avira] [HKLM\Software\Canon] [HKLM\Software\Clients] [HKLM\Software\EPSON] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\Kyocera Mita] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\McAfee.com] [HKLM\Software\mcafeeupdater] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nalpeiron] [HKLM\Software\Nitro] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\SHAREit] [HKLM\Software\Skype] [HKLM\Software\Sonic] [HKLM\Software\SyncIntegrationClients] [HKLM\Software\sysinternals] [HKLM\Software\TeamViewer] [HKLM\Software\TVInstallTemp] [HKLM\Software\VideoLAN] [HKLM\Software\WinRAR] [HKLM\Software\X-AVCSD] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] ---------- | Drives D: E: ---------- | C: [14/07/2009 03:36:15] - |SHD| - [258] - C:\$Recycle.Bin [MD5.5C65D7209A5268B988D18942B19C8D3D] - [01/10/2013 12:40:43] - |A| - (.-.) - [3072] - (0.0.0.0) - C:\ads_err.adi [MD5.A9F4B57859CF148A12116BA6B7711B69] - [01/10/2013 12:40:43] - |A| - (.-.) - [5039] - (0.0.0.0) - C:\ads_err.adm [MD5.C2564A72B8E9866D1184219082D7BEF0] - [01/10/2013 12:40:43] - |A| - (.-.) - [26298] - (0.0.0.0) - C:\ads_err.adt [21/07/2013 12:30:59] - |D| - [1021651] - C:\AIR [MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [14/07/2009 03:04:04] - |A| - (.-.) - [24] - (0.0.0.0) - C:\autoexec.bat [05/02/2014 12:34:20] - |SHD| - [14611252] - C:\Boot [MD5.DB08BF378F82C393013223745424BBD2] - [05/02/2014 12:34:20] - |H| - (.-.) - [211] - (0.0.0.0) - C:\Boot.BAK [MD5.7C22372513B0C05F0284F5F6035B6910] - [04/12/2010 15:52:03] - |RASH| - (.-.) - [355] - (0.0.0.0) - C:\Boot.ini.saved [MD5.C37C1B3F6505BD3A7F5AAE8B71973902] - [02/03/2006 13:00:00] - |RASH| - (.-.) - [4952] - (0.0.0.0) - C:\Bootfont.bin [MD5.259525CFB422E6AC8E87BC9777B1DF73] - [25/02/2014 13:35:24] - |RASH| - (.-.) - [383786] - (0.0.0.0) - C:\bootmgr [MD5.D6AE2D5521DD93AEBC90D411D099FA36] - [05/02/2014 12:34:20] - |N| - (.-.) - [383562] - (0.0.0.0) - C:\bootmgr.sav.org [MD5.9556E99263CA58322946693ACF1B6732] - [05/02/2014 12:34:21] - |RASH| - (.-.) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK [26/11/2013 15:32:43] - |SHD| - [2720376] - C:\Config.Msi [MD5.ED4FC5980BD8B1AD869FF725C7776338] - [14/07/2009 03:04:04] - |A| - (.-.) - [10] - (0.0.0.0) - C:\config.sys [18/05/2013 14:23:34] - |D| - [1879] - C:\Data [14/07/2009 05:53:55] - |SHD| - [0] - C:\Documents and Settings [MD5.E7832D67AD190A920970CB5ADFC6D5D1] - [02/11/2015 11:28:48] - |A| - (.-.) - [383] - (0.0.0.0) - C:\ftconfig.ini [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/02/2014 12:35:17] - |ASH| - (.-.) - [1583226880] - (0.0.0.0) - C:\hiberfil.sys [27/02/2014 09:34:27] - |D| - [10826] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/12/2010 15:02:38] - |RASH| - (.-.) - [0] - (0.0.0.0) - C:\IO.SYS [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/12/2010 15:02:38] - |RASH| - (.-.) - [0] - (0.0.0.0) - C:\MSDOS.SYS [06/12/2010 10:27:11] - |RHD| - [530787347] - C:\MSOCache [MD5.B2DE3452DE03674C6CEC68B8C8CE7C78] - [02/03/2006 13:00:00] - |RASH| - (.-.) - [47564] - (0.0.0.0) - C:\NTDETECT.COM [MD5.7794C3221F670DE270586A2CF6E68383] - [02/03/2006 13:00:00] - |RASH| - (.-.) - [252240] - (0.0.0.0) - C:\ntldr [MD5.D05555182627D02E5BD59AC121882C2E] - [05/01/2011 12:43:13] - |A| - (.-.) - [262144] - (0.0.0.0) - C:\ntuser.dat [MD5.F8A3D1F9A0AA5E09AB1275E54DCE32D7] - [05/01/2011 12:43:13] - |AH| - (.-.) - [1024] - (0.0.0.0) - C:\ntuser.dat.LOG [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/02/2014 09:05:57] - |ASH| - (.-.) - [2110971904] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 03:37:05] - |D| - [0] - C:\PerfLogs [05/02/2014 15:40:42] - |D| - [56629237] - C:\phonegap [MD5.4BD601815ABE4E67B76E4C6C901E4284] - [05/02/2014 15:40:32] - |A| - (.-.) - [43625769] - (0.0.0.0) - C:\phonegap-2.4.0.zip [14/07/2009 03:37:05] - |RD| - [5426909707] - C:\Program Files [14/07/2009 03:37:05] - |HD| - [1100889961] - C:\ProgramData [01/06/2011 15:24:18] - |D| - [0] - C:\QLINK [04/03/2017 09:52:32] - |D| - [262068] - C:\QuickDiag [MD5.6E6C4ACB231CF2C6D8474509F6421BAD] - [04/03/2017 09:52:58] - |A| - (.-.) - [102637] - (0.0.0.0) - C:\QuickDiag.txt [05/02/2014 12:51:16] - |SHD| - [299098056] - C:\Recovery [10/01/2011 11:45:15] - |SHD| - [1167012] - C:\RECYCLER [21/07/2013 12:23:25] - |D| - [69] - C:\SGW_log [04/12/2010 15:12:52] - |D| - [8272810] - C:\swsetup [04/12/2010 15:52:37] - |SHD| - [0] - C:\System Volume Information [28/02/2017 09:15:43] - |D| - [0] - C:\Tor_folder [14/07/2009 03:37:05] - |RD| - [7955232450] - C:\Users [05/02/2014 15:51:18] - |D| - [496963293] - C:\wamp [14/07/2009 03:37:05] - |AD| - [14574879206] - C:\Windows [05/02/2014 12:22:46] - |D| - [25978658] - C:\Windows---.old ---------- | C:\Windows [MD5.0D512D2B890A296A9E4B4B7492FC7B89] - [26/02/2014 11:25:53] - |A| - (.-.) - [2522] - (0.0.0.0) - C:\Windows\1aAutoUpdate.ini [14/07/2009 05:52:30] - |D| - [802] - C:\Windows\addins [14/07/2009 03:37:05] - |D| - [52073] - C:\Windows\AppCompat [14/07/2009 03:37:05] - |D| - [9913976] - C:\Windows\AppPatch [14/07/2009 03:37:05] - |RSD| - [753536850] - C:\Windows\assembly [MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [01/03/2014 09:52:12] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 03:37:06] - |D| - [18304606] - C:\Windows\Boot [MD5.F8AF306DED742CEE3A46B28994A7259A] - [14/07/2009 05:57:37] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 03:37:06] - |D| - [3233280] - C:\Windows\Branding [14/07/2009 10:01:19] - |D| - [0] - C:\Windows\CSC [14/07/2009 03:37:06] - |D| - [2113488] - C:\Windows\Cursors [14/07/2009 05:34:21] - |D| - [1484] - C:\Windows\debug [14/07/2009 05:52:30] - |D| - [3042330] - C:\Windows\diagnostics [14/07/2009 09:39:39] - |D| - [0] - C:\Windows\DigitalLocker [14/07/2009 05:52:30] - |D| - [94684] - C:\Windows\Downloaded Program Files [14/07/2009 10:01:19] - |D| - [106301103] - C:\Windows\ehome [MD5.40D777B7A95E00593EB1568C68514493] - [01/03/2014 09:53:07] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2616320] - (6.1.7601.17514) - C:\Windows\explorer.exe [14/07/2009 03:37:06] - |RSD| - [480780103] - C:\Windows\Fonts [14/07/2009 09:39:39] - |D| - [142336] - C:\Windows\fr-FR [MD5.F9202335BBA03A02F084FE588564BBF5] - [14/07/2009 00:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 03:37:06] - |D| - [21741460] - C:\Windows\Globalization [14/07/2009 03:37:06] - |D| - [41067359] - C:\Windows\Help [MD5.2FF3A32F01DF61836FED59D441D8B9DF] - [14/07/2009 01:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [497152] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.9B90B0C78671A4881D06C91941F6F379] - [14/07/2009 01:12:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe [14/07/2009 03:37:06] - |D| - [143547244] - C:\Windows\IME [14/07/2009 03:37:06] - |D| - [244185919] - C:\Windows\inf [25/02/2014 13:57:05] - |SHD| - [922340884] - C:\Windows\Installer [14/07/2009 03:37:06] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 03:37:06] - |D| - [0] - C:\Windows\LiveKernelReports [14/07/2009 03:37:06] - |D| - [27708716] - C:\Windows\Logs [14/07/2009 03:37:06] - |RSD| - [13327133] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 00:55:01] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 03:37:07] - |D| - [829294510] - C:\Windows\Microsoft.NET [04/03/2014 10:00:41] - |D| - [851] - C:\Windows\Migration [14/07/2009 03:37:07] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:04:57] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.D378BFFB70923139D6A4F546864AA61C] - [14/07/2009 00:41:04] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [179712] - (6.1.7600.16385) - C:\Windows\notepad.exe [14/07/2009 05:52:30] - |D| - [65] - C:\Windows\Offline Web Pages [25/02/2014 13:35:39] - |D| - [898484] - C:\Windows\Panther [25/02/2014 14:06:17] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 05:52:30] - |D| - [62360375] - C:\Windows\Performance [14/07/2009 03:37:07] - |D| - [1132015] - C:\Windows\PLA [14/07/2009 03:37:07] - |D| - [5759934] - C:\Windows\PolicyDefinitions [25/02/2014 13:36:56] - |D| - [41775235] - C:\Windows\Prefetch [MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [14/07/2009 10:02:52] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\Windows\Professional.xml [MD5.8A4883F5E7AC37444F23279239553878] - [14/07/2009 00:17:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 03:37:07] - |D| - [21544] - C:\Windows\registration [27/02/2014 13:09:01] - |D| - [10728515] - C:\Windows\rescache [14/07/2009 03:37:07] - |D| - [1674534] - C:\Windows\Resources [14/07/2009 03:37:07] - |D| - [0] - C:\Windows\SchCache [14/07/2009 03:37:07] - |D| - [55533] - C:\Windows\schemas [14/07/2009 03:37:07] - |D| - [1070380] - C:\Windows\security [14/07/2009 05:34:13] - |D| - [82974377] - C:\Windows\ServiceProfiles [14/07/2009 03:37:07] - |D| - [46249978] - C:\Windows\servicing [14/07/2009 05:34:16] - |D| - [42] - C:\Windows\Setup [MD5.640DAD2C12AB9C0D0D3070666B6CCF80] - [01/03/2017 15:32:21] - |A| - (.-.) - [224] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/03/2017 15:32:21] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [14/07/2009 10:01:19] - |D| - [101851] - C:\Windows\ShellNew [25/02/2014 13:39:41] - |D| - [677198472] - C:\Windows\SoftwareDistribution [14/07/2009 03:37:07] - |D| - [70586312] - C:\Windows\Speech [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 05:48:09] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 03:37:07] - |D| - [700380] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:04:23] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 03:37:07] - |D| - [3095600665] - C:\Windows\System32 [14/07/2009 03:37:09] - |D| - [15] - C:\Windows\TAPI [14/07/2009 03:37:09] - |D| - [35586] - C:\Windows\Tasks [14/07/2009 03:37:09] - |D| - [558411] - C:\Windows\Temp [14/07/2009 03:37:09] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 22:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 05:52:30] - |D| - [6144] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [01/03/2014 09:52:15] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 23:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 01:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [14/07/2009 03:37:09] - |D| - [12420] - C:\Windows\Vss [14/07/2009 03:37:09] - |D| - [40681427] - C:\Windows\Web [MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - [14/07/2009 03:04:23] - |A| - (.-.) - [478] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 05:41:57] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.66B98F67DFB7EE61FC9A8E65D140C17A] - [25/02/2014 13:39:38] - |A| - (.-.) - [1545975] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 21:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 01:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 03:37:09] - |D| - [6807547804] - C:\Windows\winsxs [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:34:23] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.6E8EACC0B339365D79A2C06896865D3D] - [14/07/2009 00:41:00] - |A| - (.© Microsoft Corporation. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe [MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 22:30:30] - |A| - (.-.) - [707] - (0.0.0.0) - C:\Windows\_default.pif ---------- | C:\Windows\System32\GroupPolicy ---------- | Systemroot\System [14/07/2009 00:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL) [14/07/2009 00:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library) [13/07/2009 22:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries) [13/07/2009 22:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module) [13/07/2009 21:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library) [14/07/2009 00:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI) [14/07/2009 00:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer) [14/07/2009 00:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio) [13/07/2009 22:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia) [13/07/2009 22:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module) [13/07/2009 22:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module) [10/06/2009 22:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL) [13/07/2009 21:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library) [13/07/2009 22:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library) [13/07/2009 22:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library) [13/07/2009 22:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module) [13/07/2009 23:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library) [13/07/2009 22:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component) [13/07/2009 22:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles) [13/07/2009 21:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries) [13/07/2009 22:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module) [13/07/2009 22:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [17/03/2015 09:41:29] - C:\Windows\Installer\1ee625.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/03/2016 09:55:26] - C:\Windows\Installer\2e3392.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/11/2015 10:55:07] - C:\Windows\Installer\429989.msi : (Avira SearchFree Toolbar - APN, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/12/2016 09:30:08] - C:\Windows\Installer\523d82d.msi : (Avira Connect - Avira Operations GmbH & Co. KG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/01/2017 09:50:50] - C:\Windows\Installer\a68e718.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [14/07/2009 05:42:29] - [73] - C:\Windows\System32\desktop.ini [08/03/2016 09:52:12] - [16303] - C:\Windows\System32\ieuinit.inf [14/07/2009 05:42:26] - [535] - C:\Windows\System32\mapisvc.inf [25/02/2014 13:52:14] - [1667292] - C:\Windows\System32\PerfStringBackup.INI [10/06/2009 22:39:59] - [60124] - C:\Windows\System32\tcpmon.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.D674C9C6E4ED06A7545035848AEA0107] - |A| - [01/03/2017 09:59:38] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\2017030100000536.zip [MD5.A8B0EA99171FEAC472312AB35C1B9064] - |A| - [01/03/2017 09:08:00] - (.-.) - [159.56 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170301-0908.log [MD5.0B0C9F3B000916E05111438AFB1F8187] - |A| - [01/03/2017 09:18:05] - (.-.) - [6.31 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170301-0918.log [MD5.8592D2E9F6857B2442FAC0320FDF8317] - |A| - [01/03/2017 09:23:30] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170301-0923.log [MD5.98AFB1BF8842A20B98E6B67CE3E2B588] - |A| - [01/03/2017 09:53:26] - (.-.) - [4.26 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170301-0953.log [MD5.618E1749442C26CCA8B2C4D8564E2E1D] - |A| - [01/03/2017 10:23:24] - (.-.) - [4.29 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170301-1023.log [MD5.3FE1B76ABB35790E0BBA3DE963BF9ADC] - |A| - [01/03/2017 14:10:37] - (.-.) - [159 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170301-1410.log [MD5.AF0DB79946CD7BCC018E01D5C1F4CF47] - |A| - [01/03/2017 14:25:51] - (.-.) - [4.26 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170301-1425.log [MD5.EC5F88B5378D678245531F62ADB9706A] - |A| - [01/03/2017 14:56:05] - (.-.) - [4.26 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170301-1456.log [MD5.438EE32F6830A03FD9AEA3DFB926E891] - |A| - [01/03/2017 15:25:58] - (.-.) - [4.26 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170301-1525.log [MD5.A1F7D4FB49709AB2A688E9CFBF3A8EBB] - |A| - [02/03/2017 08:54:16] - (.-.) - [159.09 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170302-0854.log [MD5.FF3FB8102B7A438CB76F55FFB41EEED8] - |A| - [02/03/2017 09:05:21] - (.-.) - [1.99 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170302-0905.log [MD5.4AE4BBE10F53917BB858E2BF75811EA7] - |A| - [02/03/2017 09:10:39] - (.-.) - [4.26 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170302-0910.log [MD5.4E6A711277E5E48CFC816E5E76B92303] - |A| - [02/03/2017 09:39:37] - (.-.) - [4.27 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170302-0939.log [MD5.A769E60D360F5706EEBB0504C0596A3F] - |A| - [02/03/2017 10:09:38] - (.-.) - [4.26 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170302-1009.log [MD5.BCC17B2ECE22A07D7B2C3908DCED42D9] - |A| - [04/03/2017 09:18:21] - (.-.) - [80.01 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170304-0918.log [MD5.E74A6AFE1EA9AD8D05BAF3ABAE3DB0CC] - |A| - [04/03/2017 09:35:28] - (.-.) - [6.29 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170304-0935.log [MD5.8AFAD3FF415CEA875437318532B32AB7] - |A| - [04/03/2017 09:35:28] - (.-.) - [4.26 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170304-0935a.log [MD5.5777436F5B7E5ACC02CEF8E1C69F056E] - |A| - [04/03/2017 09:39:41] - (.-.) - [70.16 Ko] - (0.0.0.0) - C:\Windows\Temp\KADERIDH-PC-20170304-0939.log [MD5.00000000000000000000000000000000] - |D| - [10/02/2015 14:37:47] - [0 Ko] - C:\Windows\Temp\Low [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/03/2017 09:08:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(20170301090800668).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/03/2017 08:54:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(2017030208541666C).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/03/2017 09:18:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(2017030409182266C).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/03/2017 09:39:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\officeclicktorun.exe_streamserver(20170304093942458).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [04/03/2017 09:56:35] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP00000017FF3EBD2D19A41100 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/03/2017 09:39:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\{7AB2452A-7B98-4D76-A79A-237F5EDC7DEF} - OProcSessId.dat [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/03/2017 09:18:21] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\{AFD3CFB3-54AB-4225-BE96-317C6109958F} - OProcSessId.dat [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/03/2017 09:08:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\{F9F77949-A91B-4BB8-AE6E-31E18D383D8D} - OProcSessId.dat [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 09:39:38] - [0 Ko] - C:\Windows\System32\040C [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 05:34:15] - (.-.) - [15.81 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 05:34:15] - (.-.) - [15.81 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [2913 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.C3F102C026F325B1467223B14276826B] - |A| - [26/02/2014 11:25:21] - (.-.) - [300.5 Ko] - (0.0.0.0) - C:\Windows\System32\Amadeus.fon [MD5.8AAD333C876590293F72B315E162BCC7] - |A| - [13/07/2009 22:40:41] - (.-.) - [8.82 Ko] - (0.0.0.0) - C:\Windows\System32\ANSI.SYS [MD5.D753EEE17725526A67ACDDAA5D63EF68] - |A| - [13/07/2009 22:40:49] - (.-.) - [12.21 Ko] - (0.0.0.0) - C:\Windows\System32\append.exe [MD5.00000000000000000000000000000000] - |D| - [04/12/2015 10:15:54] - [0 Ko] - C:\Windows\System32\appmgmt [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [201.5 Ko] - C:\Windows\System32\ar-SA [MD5.30475F091008E24550523515A023270D] - |A| - [14/07/2009 03:04:04] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\autoexec.nt [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [173 Ko] - C:\Windows\System32\bg-BG [MD5.84BDB1E378591D930482B896A1648C53] - |A| - [10/06/2009 22:42:54] - (.-.) - [27.75 Ko] - (0.0.0.0) - C:\Windows\System32\bios1.rom [MD5.B44C4C9CA9D4BCC8430F3276576F562B] - |A| - [13/07/2009 22:30:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\bios4.rom [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [994.45 Ko] - C:\Windows\System32\Boot [MD5.278EE111CB021686C7BDB45C12EAC6E2] - |A| - [14/07/2009 01:59:14] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [17 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll [MD5.D1E5E5826ECB8F87BDB0CF9E28B48465] - |A| - [14/07/2009 00:51:43] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [72 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [38027.15 Ko] - C:\Windows\System32\catroot [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [21136.63 Ko] - C:\Windows\System32\catroot2 [MD5.CA6219312B58DEABA63B515D3E64EEE9] - |A| - [15/03/2014 16:42:49] - (.Copyright CANON INC. 2008 - Canon Advanced Printing Technology Engine Manager.) - [376 Ko] - (4.3.3.4) - C:\Windows\System32\CNAB8EMK.DLL [MD5.D501237D5E46D17C4AAE43E6B99362A1] - |A| - [15/03/2014 16:42:49] - (.Copyright CANON INC. 2008 - Canon Advanced Printing Technology Language Monitor.) - [216 Ko] - (4.4.2.7) - C:\Windows\System32\CNAP2LMK.DLL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [3723.79 Ko] - C:\Windows\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [302.5 Ko] - C:\Windows\System32\com [MD5.BA597F9A4BB90F038266CE1A3C3BE3FB] - |A| - [13/07/2009 22:40:48] - (.-.) - [49.46 Ko] - (0.0.0.0) - C:\Windows\System32\COMMAND.COM [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [309205.52 Ko] - C:\Windows\System32\config [MD5.01C47C2ECED034EF6F8C1552A97CFF00] - |A| - [14/07/2009 03:04:04] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\Windows\System32\config.nt [MD5.0FE9F16075C9ACB941C957B7C649176E] - |A| - [13/07/2009 22:40:44] - (.-.) - [26.46 Ko] - (0.0.0.0) - C:\Windows\System32\country.sys [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [432 Ko] - C:\Windows\System32\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [427.5 Ko] - C:\Windows\System32\da-DK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [457.5 Ko] - C:\Windows\System32\de-DE [MD5.C17AFA0AAD78C621F818DD6729572C48] - |A| - [13/07/2009 22:40:52] - (.-.) - [20.15 Ko] - (0.0.0.0) - C:\Windows\System32\debug.exe [MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 05:42:29] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:07] - [3407 Ko] - C:\Windows\System32\Dism [MD5.03783D0840B2C54D7665248425C74417] - |A| - [01/03/2014 09:52:04] - (.-.) - [52.34 Ko] - (0.0.0.0) - C:\Windows\System32\dosx.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [46861.17 Ko] - C:\Windows\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [814541.55 Ko] - C:\Windows\System32\DriverStore [MD5.F6E368E10B600836DD349FF937B183A2] - |A| - [10/06/2009 22:42:32] - (.-.) - [68.25 Ko] - (0.0.0.0) - C:\Windows\System32\edit.com [MD5.8AA8DCC96FA0492E3B5D415537FAB8FE] - |A| - [10/06/2009 22:42:32] - (.-.) - [10.54 Ko] - (0.0.0.0) - C:\Windows\System32\EDIT.HLP [MD5.B7A0AA49CBB604B2C3A42A49C36D8A4F] - |A| - [13/07/2009 22:40:50] - (.-.) - [12.35 Ko] - (0.0.0.0) - C:\Windows\System32\edlin.exe [MD5.52E91EAC2F3175B1A5B0150382B6D771] - |A| - [13/07/2009 21:31:17] - (.-.) - [124.23 Ko] - (0.0.0.0) - C:\Windows\System32\ega.cpi [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [457 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [2825.59 Ko] - C:\Windows\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [448 Ko] - C:\Windows\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [160.5 Ko] - C:\Windows\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [02/03/2014 09:24:11] - [153.5 Ko] - C:\Windows\System32\EventProviders [MD5.683626544E81387771ED55E1A0F2047B] - |A| - [13/07/2009 22:40:51] - (.-.) - [8.23 Ko] - (0.0.0.0) - C:\Windows\System32\exe2bin.exe [MD5.A622A7F07406723EC2A34D8E2788A5EA] - |A| - [09/04/2007 18:06:00] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_DCINST.) - [8 Ko] - (1.0.0.6) - C:\Windows\System32\E_DCINST.DLL [MD5.F7E8465680D7889174E6C7284E74B586] - |A| - [14/03/2011 20:03:00] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB x86.) - [79.5 Ko] - (3.3.0.0) - C:\Windows\System32\E_TD4BNFE.DLL [MD5.3AAA538FE1D1C28613EF0841DCE57DB9] - |A| - [05/12/2013 21:05:00] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2014. - EPSON Bi-directional Monitor x86.) - [139.5 Ko] - (4.5.0.0) - C:\Windows\System32\E_TLMBNFE.DLL [MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 22:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\fastopen.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [430 Ko] - C:\Windows\System32\fi-FI [MD5.9FAFE493FE22B4D5361237C1888FFADA] - |A| - [14/07/2009 05:33:53] - (.-.) - [423.77 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 09:39:38] - [1840 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [42652.08 Ko] - C:\Windows\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 22:19:05] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.4C0994EF84FA3E6F5133A4A6E942C2CE] - |A| - [25/08/2010 19:02:38] - (.-.) - [136.55 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.ar-SA.resources [MD5.8E3E24850FDAFBF71047172C6802054C] - |A| - [25/08/2010 19:02:38] - (.-.) - [115.9 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.cs-CZ.resources [MD5.6EA5A586747A3A962A1DB6A8CB7407EF] - |A| - [25/08/2010 19:02:40] - (.-.) - [111.5 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.da-DK.resources [MD5.0B862805044360303519C165D8EEDCC2] - |A| - [25/08/2010 19:02:40] - (.-.) - [119.76 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.de-DE.resources [MD5.2E902734F1813BDF906D4D52338B49D2] - |A| - [25/08/2010 19:02:42] - (.-.) - [174.11 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.el-GR.resources [MD5.63FE933402C7CD1DA34BCB6D7F9D423C] - |A| - [25/08/2010 19:02:24] - (.-.) - [107.57 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.en-US.resources [MD5.389F4A5AE5C95C333015B2C616C4E122] - |A| - [25/08/2010 19:02:42] - (.-.) - [119.98 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.es-ES.resources [MD5.810DDF2661ACBD8EE3C2D2E117ED8B93] - |A| - [25/08/2010 19:02:44] - (.-.) - [115.85 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.fi-FI.resources [MD5.E6583BAD6C0EF26926162E48494B97FD] - |A| - [25/08/2010 19:02:44] - (.-.) - [117.87 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.fr-FR.resources [MD5.311DE46160B9A5EF44AC96630C167332] - |A| - [25/08/2010 19:02:46] - (.-.) - [130.55 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.he-IL.resources [MD5.4B56DEFA3A20CA0FCE9361C47D57D1B7] - |A| - [25/08/2010 19:02:46] - (.-.) - [116.73 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.hu-HU.resources [MD5.0A9E698179D5DF1DB50F0C7807C1944B] - |A| - [25/08/2010 19:02:48] - (.-.) - [122.54 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.it-IT.resources [MD5.CA69936A326B39162457045F23647388] - |A| - [25/08/2010 19:02:48] - (.-.) - [133.13 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.ja-JP.resources [MD5.F39889FED2F26A5BAF385E9161BD01E1] - |A| - [25/08/2010 19:02:50] - (.-.) - [120.28 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.ko-KR.resources [MD5.937321867B5C7D5C97DCDAB40F871808] - |A| - [25/08/2010 19:02:50] - (.-.) - [112.09 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.nb-NO.resources [MD5.3A00512FD746D0F68E2BDFCE8FB378EB] - |A| - [25/08/2010 19:02:52] - (.-.) - [116.71 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.nl-NL.resources [MD5.F994B9A921AB65F35C6E30FDE13854E7] - |A| - [25/08/2010 19:02:52] - (.-.) - [115.54 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.pl-PL.resources [MD5.CE3C93D52B484981B866F1FC91E26FCA] - |A| - [25/08/2010 19:02:54] - (.-.) - [117.47 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.pt-BR.resources [MD5.E5D20C1C68D7E9F2922ACAE4140F758F] - |A| - [25/08/2010 19:02:54] - (.-.) - [116.21 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.pt-PT.resources [MD5.BD0405C17ABCF0CF22CA83B1FC9EEA1C] - |A| - [25/08/2010 19:02:56] - (.-.) - [161.38 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.ru-RU.resources [MD5.9288CCB89A720CB01D13633A632DA7A9] - |A| - [25/08/2010 19:02:56] - (.-.) - [115.22 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.sk-SK.resources [MD5.C002ED0F7ADD104574E92633946B08B2] - |A| - [25/08/2010 19:02:58] - (.-.) - [111.63 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.sl-SI.resources [MD5.67514D7988A481FE41E401A570FA7235] - |A| - [25/08/2010 19:02:58] - (.-.) - [116.49 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.sv-SE.resources [MD5.ADBC5FCEF117B83927407B05770EB885] - |A| - [25/08/2010 19:03:00] - (.-.) - [184.97 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.th-TH.resources [MD5.B38AE409B71B1756564B99F153985FC1] - |A| - [25/08/2010 19:03:02] - (.-.) - [118.28 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.tr-TR.resources [MD5.411F650BD692601F046B42FD32BF7853] - |A| - [25/08/2010 19:03:02] - (.-.) - [100.43 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.zh-CN.resources [MD5.B1D68AB7FDFD603DEC88B0F816C42778] - |A| - [25/08/2010 19:03:04] - (.-.) - [101.56 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxres.zh-TW.resources [MD5.FFB49EE58EF3E271AA25F847D3299047] - |A| - [25/08/2010 18:57:00] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\GfxUI.exe.config [MD5.6E4E7884E6489AC4F5E6DAB176A73E52] - |A| - [13/07/2009 22:41:01] - (.-.) - [19.23 Ko] - (0.0.0.0) - C:\Windows\System32\GRAPHICS.COM [MD5.BC33AA625D6B807F718627386DF78426] - |A| - [10/06/2009 22:42:32] - (.-.) - [20.73 Ko] - (0.0.0.0) - C:\Windows\System32\graphics.pro [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [0 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - |A| - [13/07/2009 22:40:40] - (.-.) - [4.66 Ko] - (0.0.0.0) - C:\Windows\System32\HIMEM.SYS [MD5.7CAACE1DF07B3656E458D07115A71600] - |A| - [25/08/2010 19:30:02] - (.-.) - [429.01 Ko] - (0.0.0.0) - C:\Windows\System32\igcompkrng500.bin [MD5.87031985145FE4FC13E8DABF387E78A4] - |A| - [13/07/2009 23:09:19] - (.-.) - [136.55 Ko] - (0.0.0.0) - C:\Windows\System32\igfcg500.bin [MD5.385B8EFE468E3A4A3E2E65FC8764E4BF] - |A| - [25/08/2010 19:30:00] - (.-.) - [90.19 Ko] - (0.0.0.0) - C:\Windows\System32\igfcg500m.bin [MD5.58C9C1ABDF7D9AA1A4E9ADC379C09A08] - |A| - [25/08/2010 19:39:46] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [80 Ko] - (1.2.30.0) - C:\Windows\System32\igfxCoIn_v2202.dll [MD5.BF0E656D728C2F13616B4E1AFB7AE7CC] - |A| - [25/08/2010 18:59:08] - (.-.) - [4 Ko] - (1.0.0.0) - C:\Windows\System32\IGFXDEVLib.dll [MD5.C4CF4FA6C9399B277E86D602BF251A11] - |A| - [25/08/2010 19:30:00] - (.-.) - [959.22 Ko] - (0.0.0.0) - C:\Windows\System32\igkrng500.bin [MD5.99AF886F548DFA1AEC9868A8BF0F74FC] - |A| - [25/08/2010 18:52:00] - (.-.) - [1876.24 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.cpa [MD5.7FEF5563D091D8A44B96DD4EBE0350AA] - |A| - [25/08/2010 18:52:00] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa32.vp [MD5.A16E966DEBE65033E703CA9514753E11] - |A| - [25/08/2010 18:52:00] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc32.vp [MD5.251D22DE1DF611739E4D0C7BAB2E80D6] - |A| - [25/08/2010 18:52:00] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg32.vp [MD5.CB4DCAF11675F52D39035BCEE14ABA77] - |A| - [25/08/2010 18:52:00] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo32.vp [MD5.8135813B381231920749099962943175] - |A| - [25/08/2010 19:58:00] - (.-.) - [50.23 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs32.vp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [34095.44 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [0 Ko] - C:\Windows\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [452 Ko] - C:\Windows\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [365 Ko] - C:\Windows\System32\ja-JP [MD5.4D7E256377A5E934EA1820B2CEA79131] - |A| - [13/07/2009 22:40:59] - (.-.) - [14.37 Ko] - (0.0.0.0) - C:\Windows\System32\KB16.COM [MD5.492090267B9608C62B956CD29BE3AFB7] - |A| - [13/07/2009 22:40:43] - (.-.) - [41.81 Ko] - (0.0.0.0) - C:\Windows\System32\KEY01.SYS [MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - |A| - [13/07/2009 22:40:43] - (.-.) - [41.54 Ko] - (0.0.0.0) - C:\Windows\System32\KEYBOARD.SYS [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [360 Ko] - C:\Windows\System32\ko-KR [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 03:05:05] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex [MD5.536460507B20AE0F03D7BEE8111028CF] - |A| - [13/07/2009 22:40:57] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\LOADFIX.COM [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [3531.07 Ko] - C:\Windows\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [165 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [166 Ko] - C:\Windows\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [16/06/2014 14:50:15] - [25273.13 Ko] - C:\Windows\System32\Macromed [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 21:22:04] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [2029.01 Ko] - C:\Windows\System32\manifeststore [MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 05:42:26] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\System32\mapisvc.inf [MD5.390762963E6B4C861E5E0CA5A3E56E40] - |A| - [13/07/2009 22:40:56] - (.-.) - [38.35 Ko] - (0.0.0.0) - C:\Windows\System32\mem.exe [MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 05:34:06] - [4.18 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [3563.43 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [32695.71 Ko] - C:\Windows\System32\migwiz [MD5.A311363F3C887D8C3A524A51B7F20D69] - |A| - [14/07/2009 05:42:29] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk [MD5.52C7505D68C3CE8496EC8DC17D8FF75A] - |A| - [13/07/2009 22:41:05] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\mscdexnt.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [4148.28 Ko] - C:\Windows\System32\Msdtc [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [23.66 Ko] - C:\Windows\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [422.5 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [384 Ko] - C:\Windows\System32\NDF [MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 23:10:48] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [85 Ko] - C:\Windows\System32\NetworkList [MD5.BE5FE9B73C692F5BD53A82935619BC66] - |A| - [28/08/2016 10:32:51] - (.Copyright (C) 2000-2011 Nitro PDF Software - Windows NT Nitro Print PDF Interface Driver.) - [26.51 Ko] - (7.0.0.1) - C:\Windows\System32\nitrolocalmon9.dll [MD5.3C57F877DED3CB59423C2D2C3B73F0F4] - |A| - [28/08/2016 10:32:51] - (.Copyright (C) 2000-2011 Nitro PDF Software - Windows NT Nitro Print PDF Interface Driver.) - [18.01 Ko] - (7.0.0.1) - C:\Windows\System32\nitrolocalui9.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [443.5 Ko] - C:\Windows\System32\nl-NL [MD5.5E835121A3899CFA37E285E0CA2B4E7D] - |A| - [13/07/2009 22:40:57] - (.-.) - [6.89 Ko] - (0.0.0.0) - C:\Windows\System32\nlsfunc.exe [MD5.AB79CB0824032FD5E7948625690A764F] - |A| - [17/12/2013 16:15:30] - (.Copyright © Nalpeiron 2004 - 2013 - This service enables products that use the Nalpeiron Licensing System.) - [68.01 Ko] - (7.3.4.0) - C:\Windows\System32\NLSSRV32.EXE [MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 03:05:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor [MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - |A| - [13/07/2009 22:40:23] - (.-.) - [27.21 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS.SYS [MD5.CF9ED169FF86D935E47999E82359E898] - |A| - [13/07/2009 22:40:31] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS404.SYS [MD5.03B945AC0481CD8BB161C3569D8ED1C3] - |A| - [13/07/2009 22:40:35] - (.-.) - [28.68 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS411.SYS [MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - |A| - [13/07/2009 22:40:39] - (.-.) - [28.59 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS412.SYS [MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - |A| - [13/07/2009 22:40:27] - (.-.) - [28.46 Ko] - (0.0.0.0) - C:\Windows\System32\NTDOS804.SYS [MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - |A| - [13/07/2009 22:40:11] - (.-.) - [33.16 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO.SYS [MD5.A98EBD4C2DF983665BF2D1AF49949974] - |A| - [13/07/2009 22:40:15] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO404.SYS [MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - |A| - [13/07/2009 22:40:17] - (.-.) - [34.94 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO411.SYS [MD5.3E64D681B776CC57BDC38A46D881F85B] - |A| - [13/07/2009 22:40:19] - (.-.) - [34.7 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO412.SYS [MD5.D86B6435729231C171432B4E77801BDB] - |A| - [13/07/2009 22:40:13] - (.-.) - [33.86 Ko] - (0.0.0.0) - C:\Windows\System32\NTIO804.SYS [MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 21:30:24] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [12076.09 Ko] - C:\Windows\System32\oobe [MD5.8B2B74BE2476FE9E577887D9D116A905] - |A| - [14/07/2009 03:05:48] - (.-.) - [118.55 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.8E8B94CA96EF8236532E9558EC97B902] - |A| - [14/07/2009 09:39:49] - (.-.) - [145.94 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico [MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 03:05:48] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [14/07/2009 09:39:49] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.46BD837992BA0A6E12BE16368F14E466] - |A| - [14/07/2009 03:05:48] - (.-.) - [638.21 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.48E26D5C4F3188A575F3DED3A9A359FF] - |A| - [14/07/2009 09:39:49] - (.-.) - [729.41 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.54757C3B6D5B4CB7A4C3F09A07B0DDEB] - |A| - [25/02/2014 13:52:14] - (.-.) - [1628.21 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [439 Ko] - C:\Windows\System32\pl-PL [MD5.EB6C16CE0163AD282E95FCE5EE9BA518] - |A| - [01/03/2014 09:52:05] - (.Copyright (C) 2001 - Application PrintBrm.) - [64.5 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 09:39:37] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [436 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [438.5 Ko] - C:\Windows\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [23.75 Ko] - C:\Windows\System32\ras [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [0.77 Ko] - C:\Windows\System32\Recovery [MD5.BBB40CA86B88918864D16CFAC9D4ABA4] - |A| - [13/07/2009 22:41:04] - (.-.) - [2.78 Ko] - (0.0.0.0) - C:\Windows\System32\redir.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [0.07 Ko] - C:\Windows\System32\restore [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [169 Ko] - C:\Windows\System32\ro-RO [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [434 Ko] - C:\Windows\System32\ru-RU [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [01/03/2014 09:52:01] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.AD7B906FC883959E56E210B2B077CA00] - |A| - [13/07/2009 22:40:54] - (.-.) - [11.48 Ko] - (0.0.0.0) - C:\Windows\System32\setver.exe [MD5.68062C0ECE86AB7801B5B47FDC855A06] - |A| - [13/07/2009 22:41:02] - (.-.) - [0.86 Ko] - (0.0.0.0) - C:\Windows\System32\share.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:08] - [169.5 Ko] - C:\Windows\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [166 Ko] - C:\Windows\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 09:39:38] - [42.67 Ko] - C:\Windows\System32\slmgr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [10114.02 Ko] - C:\Windows\System32\SMI [MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 22:46:53] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [16337.5 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [181115.35 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [2133.3 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [30.19 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [02/03/2014 09:25:02] - [1699 Ko] - C:\Windows\System32\SPReview [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [170 Ko] - C:\Windows\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [426.5 Ko] - C:\Windows\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [124.76 Ko] - C:\Windows\System32\sysprep [MD5.B8CBB46B42570D373C9933FBDF25EBCE] - |A| - [01/03/2014 09:53:09] - (.-.) - [143.41 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [325.76 Ko] - C:\Windows\System32\Tasks [MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 22:39:59] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [157 Ko] - C:\Windows\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [424 Ko] - C:\Windows\System32\tr-TR [MD5.4EFD8FC76E659723CBA4F9BA8DBF3848] - |A| - [25/08/2010 19:46:02] - (.Copyright © 2006 - Intel(R) TVWizard.) - [8006.52 Ko] - (1.0.1.0) - C:\Windows\System32\TVWSetup.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [166.5 Ko] - C:\Windows\System32\uk-UA [MD5.2653282D9DC9DB635E03780C02B053D8] - |A| - [14/07/2009 05:34:00] - (.-.) - [21 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl [MD5.132EEA9C6FEE5A7CE43264BF2614F4B7] - |A| - [14/07/2009 05:34:00] - (.-.) - [9 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl [MD5.86491AD7BC0964089CD4E703E65D45DB] - |A| - [13/07/2009 22:30:26] - (.-.) - [18.39 Ko] - (0.0.0.0) - C:\Windows\System32\v7vga.rom [MD5.CC7C694B2BD1510C5AAE7374A5B52B92] - |A| - [03/02/1999 07:45:42] - (.-.) - [26.46 Ko] - (2.0.0.5215) - C:\Windows\System32\VBAFR32.OLB [MD5.3D733144477CADCF77009EF614413630] - |A| - [18/07/2016 09:47:21] - (.Copyright (c) Vestris Inc. - ResourceLib.) - [88 Ko] - (1.3.8360.0) - C:\Windows\System32\Vestris.ResourceLib.dll [MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 03:04:56] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\System32\vfpodbc.dll [MD5.00000000000000000000000000000000] - |D| - [25/02/2014 13:51:44] - [1793.16 Ko] - C:\Windows\System32\Wat [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [49369.03 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 09:39:38] - [47.61 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [53126.6 Ko] - C:\Windows\System32\wdi [MD5.BDDF10F9D8E179323BC1B49603809EB0] - |A| - [13/07/2009 22:38:33] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [16 Ko] - C:\Windows\System32\wfp [MD5.C980C971AD4FF3CA5CEFDEF40932D3A1] - |A| - [13/07/2009 21:29:46] - (.-.) - [13 Ko] - (0.0.0.0) - C:\Windows\System32\win87em.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [71 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:52:30] - [9162.93 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [112932 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 09:39:39] - [106.26 Ko] - C:\Windows\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 09:39:38] - [9.34 Ko] - C:\Windows\System32\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [336.5 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [258.5 Ko] - C:\Windows\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:37:09] - [337 Ko] - C:\Windows\System32\zh-TW ---------- | [KADER IDH] [01/04/2014 16:06:31] - |D| - [0] - C:\Users\KADER IDH\AppData\Amadeus [25/02/2014 13:47:26] - |D| - [2485742285] - C:\Users\KADER IDH\AppData\Local [25/02/2014 13:47:27] - |D| - [2112966] - C:\Users\KADER IDH\AppData\LocalLow [25/02/2014 13:47:26] - |D| - [510388228] - C:\Users\KADER IDH\AppData\Roaming [25/02/2014 13:58:04] - |D| - [40794123] - C:\Users\KADER IDH\AppData\Local\Adobe [25/02/2014 13:47:27] - |SHD| - [26600482440] - C:\Users\KADER IDH\AppData\Local\Application Data [07/03/2016 09:18:36] - |D| - [0] - C:\Users\KADER IDH\AppData\Local\CEF [25/02/2014 16:18:38] - |D| - [5879277] - C:\Users\KADER IDH\AppData\Local\Diagnostics [16/03/2014 14:40:40] - |D| - [1937986] - C:\Users\KADER IDH\AppData\Local\ElevatedDiagnostics [25/02/2014 13:50:50] - |A| - [110696] - C:\Users\KADER IDH\AppData\Local\GDIPFONTCACHEV1.DAT [25/02/2014 13:58:12] - |D| - [901958925] - C:\Users\KADER IDH\AppData\Local\Google [25/02/2014 13:47:27] - |SHD| - [290] - C:\Users\KADER IDH\AppData\Local\Historique [25/02/2014 16:59:45] - |AH| - [2389056] - C:\Users\KADER IDH\AppData\Local\IconCache.db [26/07/2016 10:21:40] - |D| - [0] - C:\Users\KADER IDH\AppData\Local\Lenovo [07/12/2015 10:33:17] - |D| - [0] - C:\Users\KADER IDH\AppData\Local\Macromedia [22/11/2016 10:23:15] - |D| - [0] - C:\Users\KADER IDH\AppData\Local\Mega Limited [22/11/2016 10:22:37] - |D| - [592384] - C:\Users\KADER IDH\AppData\Local\MEGAsync [25/02/2014 13:47:26] - |D| - [1489629946] - C:\Users\KADER IDH\AppData\Local\Microsoft [25/02/2014 14:03:34] - |D| - [96764] - C:\Users\KADER IDH\AppData\Local\Microsoft Help [25/02/2014 13:57:41] - |D| - [37626340] - C:\Users\KADER IDH\AppData\Local\Mozilla [19/12/2015 10:53:38] - |D| - [0] - C:\Users\KADER IDH\AppData\Local\Programs [26/07/2016 10:21:37] - |D| - [64934] - C:\Users\KADER IDH\AppData\Local\SHAREit [10/02/2015 14:37:19] - |D| - [0] - C:\Users\KADER IDH\AppData\Local\Skype [01/11/2015 12:07:21] - |D| - [425471] - C:\Users\KADER IDH\AppData\Local\Sublime Text 3 [25/02/2014 13:47:26] - |D| - [3852487] - C:\Users\KADER IDH\AppData\Local\Temp [25/02/2014 13:47:27] - |SHD| - [3622061] - C:\Users\KADER IDH\AppData\Local\Temporary Internet Files [25/02/2014 13:47:31] - |D| - [0] - C:\Users\KADER IDH\AppData\Local\VirtualStore [26/02/2014 15:00:53] - |D| - [383896] - C:\Users\KADER IDH\AppData\Local\VNT [07/12/2015 10:59:34] - |D| - [238638] - C:\Users\KADER IDH\AppData\LocalLow\Adobe [25/02/2014 13:56:13] - |SD| - [245940] - C:\Users\KADER IDH\AppData\LocalLow\Microsoft [19/11/2016 10:18:50] - |D| - [0] - C:\Users\KADER IDH\AppData\LocalLow\Mozilla [25/02/2014 13:56:21] - |D| - [0] - C:\Users\KADER IDH\AppData\LocalLow\Netopsystems [31/08/2016 14:08:19] - |D| - [1595620] - C:\Users\KADER IDH\AppData\LocalLow\Temp [28/02/2017 09:14:59] - |D| - [32768] - C:\Users\KADER IDH\AppData\LocalLow\uTorrent [25/02/2014 14:07:29] - |D| - [1714920] - C:\Users\KADER IDH\AppData\Roaming\Adobe [25/02/2014 16:28:46] - |D| - [12726868] - C:\Users\KADER IDH\AppData\Roaming\Amadeus [26/02/2014 14:57:40] - |D| - [0] - C:\Users\KADER IDH\AppData\Roaming\Avira [09/04/2016 11:26:04] - |D| - [0] - C:\Users\KADER IDH\AppData\Roaming\DMCache [28/08/2016 10:31:02] - |D| - [228585472] - C:\Users\KADER IDH\AppData\Roaming\Downloaded Installations [25/02/2014 13:47:41] - |D| - [0] - C:\Users\KADER IDH\AppData\Roaming\Identities [25/02/2014 14:25:42] - |D| - [506] - C:\Users\KADER IDH\AppData\Roaming\Macromedia [25/02/2014 13:47:26] - |D| - [0] - C:\Users\KADER IDH\AppData\Roaming\Media Center Programs [25/02/2014 13:47:26] - |SD| - [54124636] - C:\Users\KADER IDH\AppData\Roaming\Microsoft [25/02/2014 13:57:41] - |D| - [33276354] - C:\Users\KADER IDH\AppData\Roaming\Mozilla [28/08/2016 10:34:39] - |D| - [1664] - C:\Users\KADER IDH\AppData\Roaming\Nitro [28/08/2016 10:35:35] - |D| - [4181] - C:\Users\KADER IDH\AppData\Roaming\Nitro PDF [10/02/2015 14:37:17] - |D| - [149946208] - C:\Users\KADER IDH\AppData\Roaming\Skype [01/11/2015 12:07:21] - |D| - [4646] - C:\Users\KADER IDH\AppData\Roaming\Sublime Text 3 [26/02/2014 09:38:50] - |D| - [87610] - C:\Users\KADER IDH\AppData\Roaming\TeamViewer [27/11/2015 13:49:58] - |D| - [29828861] - C:\Users\KADER IDH\AppData\Roaming\uTorrent [31/08/2016 11:47:49] - |D| - [86290] - C:\Users\KADER IDH\AppData\Roaming\vlc [25/02/2014 13:56:14] - |D| - [12] - C:\Users\KADER IDH\AppData\Roaming\WinRAR [25/02/2014 13:47:54] - |ASH| - [174] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [25/02/2014 13:47:27] - |SHD| - [24987] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [25/02/2014 13:47:26] - |RD| - [24987] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [27/11/2015 13:51:12] - |A| - [2619] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [25/02/2014 13:47:26] - |RD| - [14639] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [25/02/2014 13:47:54] - |RD| - [174] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [25/02/2014 13:47:54] - |ASH| - [338] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [25/02/2014 13:58:21] - |A| - [2393] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [25/02/2014 13:47:55] - |A| - [1429] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [25/02/2014 13:47:26] - |RD| - [580] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [18/07/2016 09:21:47] - |A| - [2174] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk [25/02/2014 13:47:54] - |RD| - [174] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [25/02/2014 13:56:14] - |D| - [3086] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [25/02/2014 13:47:54] - |ASH| - [174] - C:\Users\KADER IDH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] ---------- | [TEST] [15/05/2014 13:51:27] - |D| - [988805036] - C:\Users\TEST\AppData\Local [15/05/2014 13:51:27] - |D| - [77135] - C:\Users\TEST\AppData\LocalLow [15/05/2014 13:51:27] - |D| - [17283862] - C:\Users\TEST\AppData\Roaming [15/05/2014 16:19:23] - |D| - [153156] - C:\Users\TEST\AppData\Local\Adobe [15/05/2014 13:51:27] - |SHD| - [10403573266] - C:\Users\TEST\AppData\Local\Application Data [15/06/2014 12:32:02] - |D| - [565802] - C:\Users\TEST\AppData\Local\Diagnostics [19/05/2014 08:33:06] - |A| - [110696] - C:\Users\TEST\AppData\Local\GDIPFONTCACHEV1.DAT [16/05/2014 10:13:42] - |D| - [833863586] - C:\Users\TEST\AppData\Local\Google [15/05/2014 13:51:27] - |SHD| - [130] - C:\Users\TEST\AppData\Local\Historique [15/05/2014 16:37:06] - |AH| - [1605043] - C:\Users\TEST\AppData\Local\IconCache.db [16/06/2014 14:51:26] - |D| - [0] - C:\Users\TEST\AppData\Local\Macromedia [15/05/2014 13:51:27] - |D| - [59823439] - C:\Users\TEST\AppData\Local\Microsoft [09/06/2014 10:25:51] - |D| - [180784] - C:\Users\TEST\AppData\Local\Microsoft Help [15/05/2014 13:56:02] - |D| - [68595637] - C:\Users\TEST\AppData\Local\Mozilla [15/05/2014 13:51:27] - |D| - [23524021] - C:\Users\TEST\AppData\Local\Temp [15/05/2014 13:51:27] - |SHD| - [3230032] - C:\Users\TEST\AppData\Local\Temporary Internet Files [15/05/2014 13:51:30] - |D| - [0] - C:\Users\TEST\AppData\Local\VirtualStore [15/05/2014 13:51:51] - |D| - [382872] - C:\Users\TEST\AppData\Local\VNT [15/05/2014 13:51:52] - |SD| - [77135] - C:\Users\TEST\AppData\LocalLow\Microsoft [15/05/2014 13:51:32] - |D| - [234163] - C:\Users\TEST\AppData\Roaming\Adobe [15/05/2014 13:51:35] - |D| - [654] - C:\Users\TEST\AppData\Roaming\Amadeus [15/05/2014 13:56:57] - |D| - [0] - C:\Users\TEST\AppData\Roaming\Avira [15/05/2014 13:51:37] - |D| - [0] - C:\Users\TEST\AppData\Roaming\Identities [16/05/2014 10:16:27] - |D| - [602] - C:\Users\TEST\AppData\Roaming\Macromedia [15/05/2014 13:51:27] - |D| - [0] - C:\Users\TEST\AppData\Roaming\Media Center Programs [15/05/2014 13:51:27] - |SD| - [1562849] - C:\Users\TEST\AppData\Roaming\Microsoft [15/05/2014 13:56:02] - |D| - [15485582] - C:\Users\TEST\AppData\Roaming\Mozilla [16/06/2014 14:51:21] - |D| - [12] - C:\Users\TEST\AppData\Roaming\WinRAR [15/05/2014 13:51:46] - |ASH| - [174] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [15/05/2014 13:51:27] - |SHD| - [19657] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [15/05/2014 13:51:27] - |RD| - [19657] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [15/05/2014 13:51:27] - |RD| - [14639] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [15/05/2014 13:51:46] - |RD| - [174] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [15/05/2014 13:51:32] - |ASH| - [334] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [16/05/2014 10:13:47] - |A| - [2327] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [15/05/2014 13:51:32] - |A| - [1429] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [15/05/2014 13:51:27] - |RD| - [580] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [15/05/2014 13:51:46] - |RD| - [174] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [15/05/2014 13:51:46] - |ASH| - [174] - C:\Users\TEST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\ProgramData [25/02/2014 13:57:45] - |D| - [213449175] - C:\ProgramData\Adobe [26/02/2014 11:25:37] - |D| - [8914898] - C:\ProgramData\Amadeus [26/02/2014 14:58:06] - |D| - [0] - C:\ProgramData\APN [14/07/2009 05:53:55] - |SHD| - [11796150761] - C:\ProgramData\Application Data [26/02/2014 14:56:25] - |D| - [273584560] - C:\ProgramData\Avira [25/02/2014 13:47:20] - |SHD| - [433757663] - C:\ProgramData\Bureau [14/07/2009 05:53:55] - |SHD| - [433757663] - C:\ProgramData\Desktop [14/07/2009 05:53:55] - |SHD| - [278] - C:\ProgramData\Documents [04/10/2015 09:11:29] - |D| - [12875090] - C:\ProgramData\EPSON [25/02/2014 13:47:20] - |SHD| - [0] - C:\ProgramData\Favoris [14/07/2009 05:53:55] - |SHD| - [0] - C:\ProgramData\Favorites [09/04/2016 11:26:04] - |D| - [0] - C:\ProgramData\IDM [26/07/2016 10:21:40] - |D| - [6634] - C:\ProgramData\Lenovo [19/12/2015 10:53:49] - |D| - [109066266] - C:\ProgramData\Malwarebytes [07/12/2015 10:42:50] - |D| - [12337] - C:\ProgramData\McAfee [07/12/2015 10:42:52] - |D| - [1282] - C:\ProgramData\McAfee Security Scan [25/02/2014 13:47:20] - |SHD| - [182488] - C:\ProgramData\Menu Démarrer [14/07/2009 03:37:05] - |SD| - [600267437] - C:\ProgramData\Microsoft [25/02/2014 14:03:31] - |D| - [64186] - C:\ProgramData\Microsoft Help [18/07/2016 09:21:26] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [25/02/2014 13:47:20] - |SHD| - [0] - C:\ProgramData\Modèles [25/02/2014 13:57:28] - |D| - [17152] - C:\ProgramData\Mozilla [28/08/2016 10:32:31] - |D| - [35533134] - C:\ProgramData\Nitro [25/11/2014 15:02:05] - |D| - [5185683] - C:\ProgramData\Package Cache [18/07/2016 09:16:34] - |D| - [3211] - C:\ProgramData\regid.1991-06.com.microsoft [10/02/2015 14:37:02] - |D| - [92237824] - C:\ProgramData\Skype [01/10/2016 12:20:13] - |D| - [73629] - C:\ProgramData\SP_FT_Logs [14/07/2009 05:53:55] - |SHD| - [182488] - C:\ProgramData\Start Menu [14/07/2009 05:53:55] - |SHD| - [0] - C:\ProgramData\Templates ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 05:46:35] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 05:37:43] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [25/02/2014 13:47:20] - |SHD| - [179498] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [14/07/2009 03:37:05] - |RD| - [179498] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:37:43] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 03:37:05] - |RD| - [41403] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [10/05/2016 16:00:27] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [14/07/2009 05:52:30] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [26/02/2014 14:56:39] - |D| - [4455] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [25/08/2016 11:37:09] - |D| - [1065] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [14/07/2009 05:41:57] - |ASH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [04/10/2015 09:11:31] - |D| - [1235] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [06/10/2016 10:08:35] - |A| - [2368] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk [14/07/2009 05:52:30] - |RD| - [778] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [18/07/2016 09:47:23] - |D| - [7563] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico [14/07/2009 03:37:05] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [19/12/2015 10:53:52] - |D| - [3553] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [03/02/2017 11:23:40] - |D| - [3197] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [25/02/2014 13:40:26] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [25/02/2014 14:09:43] - |D| - [32320] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [25/02/2014 13:57:32] - |A| - [1100] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [28/08/2016 10:32:40] - |A| - [2519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk [06/10/2016 10:08:35] - |D| - [15065] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016 [06/10/2016 10:08:36] - |A| - [2380] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk [06/10/2016 10:08:36] - |A| - [2395] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk [15/03/2014 16:42:49] - |D| - [1440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programme de désinstallation de l'imprimante Canon [26/07/2016 10:21:09] - |D| - [1089] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit [14/07/2009 05:42:29] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [10/03/2016 09:10:55] - |D| - [2095] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [14/07/2009 03:37:05] - |RD| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 10:00:41] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [14/12/2016 11:08:42] - |A| - [929] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk [31/08/2016 11:47:22] - |D| - [6498] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [14/07/2009 05:42:30] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [25/02/2014 13:40:16] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [14/07/2009 05:42:24] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [14/07/2009 05:46:36] - |A| - [1515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [25/02/2014 13:56:14] - |D| - [3032] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [06/10/2016 10:08:36] - |A| - [2378] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk [14/07/2009 05:42:30] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 05:41:57] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [07/12/2015 10:42:51] - |A| - [2045] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ---------- | C:\Program Files [07/03/2016 09:15:39] - |D| - [221054528] - C:\Program Files\Adobe [26/02/2014 11:25:52] - |D| - [34508081] - C:\Program Files\Amadeus [25/02/2014 16:28:44] - |D| - [86159145] - C:\Program Files\Automatic Update [26/02/2014 14:56:25] - |D| - [850508865] - C:\Program Files\Avira [15/03/2014 16:42:49] - |D| - [1217298] - C:\Program Files\Canon [25/08/2016 11:37:04] - |D| - [10331248] - C:\Program Files\CCleaner [14/07/2009 03:37:05] - |D| - [479583110] - C:\Program Files\Common Files [14/07/2009 05:41:57] - |ASH| - [174] - C:\Program Files\desktop.ini [01/10/2016 12:26:40] - |D| - [921992] - C:\Program Files\DIFX [14/07/2009 05:52:30] - |D| - [83226644] - C:\Program Files\DVD Maker [25/02/2014 13:47:20] - |SHD| - [479583110] - C:\Program Files\Fichiers communs [27/02/2014 09:34:27] - |D| - [948760] - C:\Program Files\Intel [09/04/2016 11:25:56] - |D| - [0] - C:\Program Files\Internet Download Manager [14/07/2009 03:37:05] - |D| - [26803590] - C:\Program Files\Internet Explorer [18/07/2016 09:47:20] - |D| - [27435272] - C:\Program Files\KMSpico [19/12/2015 10:53:49] - |D| - [59384708] - C:\Program Files\Malwarebytes Anti-Malware [10/12/2015 10:42:49] - |D| - [14572881] - C:\Program Files\McAfee Security Scan [25/02/2014 14:03:31] - |D| - [2804213234] - C:\Program Files\Microsoft Office [18/07/2016 09:14:00] - |D| - [5216656] - C:\Program Files\Microsoft Office 15 [18/07/2016 09:21:49] - |D| - [7217832] - C:\Program Files\Microsoft OneDrive [25/02/2014 14:06:47] - |D| - [14904] - C:\Program Files\Microsoft Visual Studio [25/02/2014 14:04:18] - |D| - [1387249] - C:\Program Files\Microsoft Visual Studio 8 [25/02/2014 14:07:33] - |D| - [3178824] - C:\Program Files\Microsoft Works [25/02/2014 14:06:17] - |D| - [8175999] - C:\Program Files\Microsoft.NET [16/11/2016 11:46:49] - |D| - [110057030] - C:\Program Files\Mozilla Firefox [25/02/2014 13:57:28] - |D| - [323182] - C:\Program Files\Mozilla Maintenance Service [14/07/2009 05:52:30] - |D| - [26521] - C:\Program Files\MSBuild [27/09/2014 13:14:30] - |D| - [41473082] - C:\Program Files\MSECache [27/02/2014 09:02:56] - |D| - [0] - C:\Program Files\MSXML 4.0 [28/08/2016 10:32:31] - |D| - [152699953] - C:\Program Files\Nitro [14/07/2009 05:52:30] - |D| - [39171329] - C:\Program Files\Reference Assemblies [26/07/2016 10:21:08] - |D| - [13702443] - C:\Program Files\SHAREit [10/02/2015 14:37:05] - |RD| - [78882133] - C:\Program Files\Skype [10/05/2014 10:47:17] - |D| - [87859098] - C:\Program Files\TeamViewer [14/07/2009 05:53:23] - |HD| - [0] - C:\Program Files\Uninstall Information [31/08/2016 11:46:47] - |D| - [126263314] - C:\Program Files\VideoLAN [14/07/2009 05:52:30] - |D| - [3050496] - C:\Program Files\Windows Defender [14/07/2009 10:01:38] - |D| - [7012984] - C:\Program Files\Windows Journal [14/07/2009 03:37:05] - |D| - [6181376] - C:\Program Files\Windows Mail [14/07/2009 05:52:30] - |D| - [6604034] - C:\Program Files\Windows Media Player [14/07/2009 03:37:05] - |D| - [12197556] - C:\Program Files\Windows NT [14/07/2009 05:52:30] - |D| - [4417800] - C:\Program Files\Windows Photo Viewer [14/07/2009 05:52:30] - |D| - [189952] - C:\Program Files\Windows Portable Devices [14/07/2009 05:52:30] - |D| - [6683807] - C:\Program Files\Windows Sidebar [25/02/2014 13:56:02] - |D| - [4052827] - C:\Program Files\WinRAR ---------- | C:\Program Files\Common Files [07/12/2015 10:42:16] - |D| - [7750715] - C:\Program Files\Common Files\Adobe [25/02/2014 14:06:47] - |D| - [116216] - C:\Program Files\Common Files\DESIGNER [04/10/2015 09:11:32] - |D| - [143424] - C:\Program Files\Common Files\EPSON [14/07/2009 03:37:05] - |D| - [367924530] - C:\Program Files\Common Files\microsoft shared [28/08/2016 10:32:31] - |D| - [16035234] - C:\Program Files\Common Files\Nitro [14/07/2009 03:37:05] - |D| - [2702] - C:\Program Files\Common Files\Services [24/03/2016 09:56:05] - |D| - [2399872] - C:\Program Files\Common Files\Skype [14/07/2009 03:37:05] - |D| - [41103783] - C:\Program Files\Common Files\SpeechEngines [14/07/2009 03:37:05] - |D| - [44106634] - C:\Program Files\Common Files\System ---------- | Tasks [MD5.586DF64F3A19C4B95CC04584729E5606] - [16/06/2014 14:50:20] - |A| - [1002] - C:\Windows\Tasks\Adobe Flash Player Updater.job [MD5.0761DEB1D44A415DF659D95B1679E95C] - [16/05/2014 10:20:02] - |A| - [1022] - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435501677-4175685979-3547123774-1001Core.job [MD5.63A7BAE43651835E1F12EB32CC97FED9] - [16/05/2014 10:20:03] - |A| - [1074] - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435501677-4175685979-3547123774-1001UA.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 05:53:47] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.51D627B22C699F865B257D0CDB9E8F08] - [14/07/2009 05:53:46] - |A| - [32482] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.60420EAFBCE862DF42F52FBF1BB4148F] - [09/12/2015 08:50:32] - |A| - [4464] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.064AF08C05744963F8E680C2916776D1] - [16/06/2014 14:50:20] - |A| - [3940] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.3C86744C23DB687405EC71BB2D1A4198] - [18/07/2016 09:47:25] - |A| - [3372] - C:\Windows\System32\Tasks\AutoPico Daily Restart : "C:\Program Files\KMSpico\AutoPico.exe" [MD5.929B9F3D30E87DF6F65039B57F95AA62] - [25/08/2016 11:37:21] - |A| - [2804] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.00000000000000000000000000000000] - [16/10/2016 14:22:31] - |D| - [4752] - C:\Windows\System32\Tasks\Games [MD5.F8AEE3D3340A03D67F88A735F8F311F8] - [25/02/2014 14:30:44] - |A| - [3412] - C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-435501677-4175685979-3547123774-1000Core : C:\Users\KADER IDH\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.3EA270F303346D1AE48C9F086222D2B7] - [25/02/2014 14:30:45] - |A| - [3684] - C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-435501677-4175685979-3547123774-1000UA : C:\Users\KADER IDH\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.83189AE9796083DA70F7EF0A66392CCD] - [16/05/2014 10:20:03] - |A| - [3646] - C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-435501677-4175685979-3547123774-1001Core : C:\Users\TEST\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.0887B6300BF107154B859FF1A206A003] - [16/05/2014 10:20:03] - |A| - [4042] - C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-435501677-4175685979-3547123774-1001UA : C:\Users\TEST\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [14/07/2009 03:37:09] - |D| - [285762] - C:\Windows\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [18/07/2016 09:16:39] - |D| - [4728] - C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.00000000000000000000000000000000] - [14/07/2009 05:54:35] - |D| - [8970] - C:\Windows\System32\Tasks\WPD ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{05CC0510-57D7-4216-9151-3C81AEFE97B3}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2002| "{9972D3DA-3D7F-4489-8BD8-ED275F168263}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Skype\Phone\Skype.exe|Name=Skype| "TCP Query User{6C98BAA7-9626-41A4-966E-448E1F1CB35B}C:\users\kader idh\appdata\local\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\kader idh\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe| "UDP Query User{62C6202C-A96D-4F0B-9C5B-7690D927F8E2}C:\users\kader idh\appdata\local\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\kader idh\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe| "{BD7D4F1C-A000-40D9-ADDC-9F0869F9C695}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\KADER IDH\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In) (KADER IDH)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{3B05F9BE-B6CB-48D5-BCA3-3942B5E2D40D}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\KADER IDH\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-Out) (KADER IDH)|Desc=Allow µTorrent network traffic| "{F86AB042-6E8A-41D4-9233-417583DE9394}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\KADER IDH\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In) (KADER IDH)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{4232BA5C-0F5A-4280-B791-AD3A760B92F5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\KADER IDH\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (KADER IDH)| "{CBAEB844-4D76-44F3-98B1-99D9A6C42160}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\KADER IDH\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (KADER IDH)| "{3D4B50FF-59DD-4788-8C1E-BF500AF8B2AD}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\KADER IDH\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-Out) (KADER IDH)|Desc=Allow µTorrent network traffic| "{D010E78A-6716-4B40-A06D-83CD4968DEB8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| "{B8063672-C95D-4D13-BAE4-B57BA7AD3A76}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| "TCP Query User{63CE4B41-0CB3-47CB-9370-692281586CE9}C:\users\kader idh\appdata\local\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\kader idh\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe| "UDP Query User{D84C5CDA-19D1-40F6-955F-05B0F7EBD52C}C:\users\kader idh\appdata\local\google\chrome\application\chrome.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\kader idh\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe| "{911235BC-6D83-429F-9659-819CB811DC84}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\KADER IDH\AppData\Local\Microsoft\OneDrive\OneDrive.exe|Name=Microsoft OneDrive| "{69DFDA3E-8104-432E-A0EA-C557BF71C066}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files\SHAREit\SHAREit\SHAREit.exe|Name=SHAREit.exe| "{177F7350-6CA0-4EBB-85A1-A30187A2BF19}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files\SHAREit\SHAREit\SHAREit.exe|Name=SHAREit.exe| "{32FB4356-E746-400A-AB40-B25D482B8426}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{58283EE6-2931-451B-B795-FC5A8073560E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{CA020013-CBDE-41EB-A28D-F22EEFF65621}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{90BCA86B-D792-456E-8FB6-65B702D7649E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3F966BD9-FA04-4EC5-991C-D326973B5128}] : (AndroidUsbDeviceClass) [] -> @oem4.inf,%ClassName%;Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [11/10/2016 11:21:13] - (15.0.24.123) - (Avira Operations GmbH & Co. KG - Avira USB Filter Driver) - C:\Windows\System32\Drivers\avusbflt.sys [26/02/2014 14:56:26] - (15.0.10.312) - (Avira Operations GmbH & Co. KG - Avira Manager Driver) - C:\Windows\system32\DRIVERS\avkmgr.sys [26/02/2014 14:56:26] - (15.0.24.84) - (Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement) - C:\Windows\system32\DRIVERS\avipbb.sys [03/03/2014 10:21:39] - (5.1.2.238) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL [26/02/2014 14:56:26] - (15.0.24.81) - (Avira Operations GmbH & Co. KG - Avira Minifilter Driver) - C:\Windows\system32\DRIVERS\avgntflt.sys [26/02/2014 14:56:26] - (15.0.17.264) - (Avira Operations GmbH & Co. KG - Avira WFP Network Driver) - C:\Windows\system32\DRIVERS\avnetflt.sys [14/07/2009 03:05:20] - (4.3.86.0) - (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - Macrovision SECURITY Driver) - C:\Windows\System32\Drivers\secdrv.SYS ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - atapi (Canal IDE) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - avusbflt (avusbflt) -> System32\Drivers\avusbflt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\DRIVERS\disk.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pciide () -> system32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> system32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - avipbb (avipbb) -> system32\DRIVERS\avipbb.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - avkmgr (avkmgr) -> system32\DRIVERS\avkmgr.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> \SystemRoot\system32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - TermDD (Pilote de périphérique terminal) -> \SystemRoot\system32\drivers\termdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - avgntflt (avgntflt) -> system32\DRIVERS\avgntflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - avnetflt (avnetflt) -> system32\DRIVERS\avnetflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - Parvdm () -> \SystemRoot\system32\DRIVERS\parvdm.sys - AcceptPause: False - AcceptStop: False R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - secdrv (Security Driver) -> (?) - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft Files whitelisted) [MD5.21E785EBD7DC90A06391141AAC7892FB] - [10/06/2009 22:19:05] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [413.06 Ko] - (1.6.6.4) - C:\Windows\System32\Drivers\adp94xx.sys [MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - [13/07/2009 23:09:16] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [290.58 Ko] - (1.6.6.1) - C:\Windows\System32\Drivers\adpahci.sys [MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - [13/07/2009 23:09:16] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) - [143.08 Ko] - (7.2.0.0) - C:\Windows\System32\Drivers\adpu320.sys [MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - [14/07/2009 00:11:17] - (.Copyright (C) Acer Laboratories Inc. 2000 - ALi mini IDE Driver.) - [14.06 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\aliide.sys [MD5.CD5914170297126B6266860198D1D4F0] - [14/07/2009 00:11:19] - (.Copyright (C) AMD 2003 - Pilote IDE AMD.) - [14.56 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\amdide.sys [MD5.D320BF87125326F996D4904FE24300FC] - [27/02/2014 12:47:34] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [78.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdsata.sys [MD5.EA43AF0C423FF267355F74E7A53BDABA] - [10/06/2009 22:20:03] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows family.) - [155.58 Ko] - (3.6.1540.127) - C:\Windows\System32\Drivers\amdsbs.sys [MD5.46387FB17B086D16DEA267D5BE23A2F2] - [27/02/2014 12:47:34] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [21.88 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdxata.sys [MD5.2932004F49677BD84DBC72EDB754FFB3] - [13/07/2009 23:09:17] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [74.58 Ko] - (5.2.0.10384) - C:\Windows\System32\Drivers\arc.sys [MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - [13/07/2009 23:09:17] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [84.58 Ko] - (5.2.0.16119) - C:\Windows\System32\Drivers\arcsas.sys [MD5.AC848E99627AE02493D57A3117756610] - [26/02/2014 14:56:26] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira Minifilter Driver.) - [116.41 Ko] - (15.0.24.81) - C:\Windows\System32\Drivers\avgntflt.sys [MD5.ED91715AAE2BBBF539519CC75AC1872A] - [26/02/2014 14:56:26] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira Driver for Security Enhancement.) - [137.54 Ko] - (15.0.24.84) - C:\Windows\System32\Drivers\avipbb.sys [MD5.F80F5DCA8A5D9D93CC5BE933D20CAF05] - [26/02/2014 14:56:26] - (.Copyright © 2015 Avira Operations GmbH & Co. KG and its Licensors - Avira Manager Driver.) - [37.01 Ko] - (15.0.10.312) - C:\Windows\System32\Drivers\avkmgr.sys [MD5.9A7AE0B9D18749A79B3E523A97CA104A] - [26/02/2014 14:56:26] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira WFP Network Driver.) - [58.68 Ko] - (15.0.17.264) - C:\Windows\System32\Drivers\avnetflt.sys [MD5.0CA918E542B7F627A0F114EF8703C8EC] - [11/10/2016 11:21:13] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira USB Filter Driver.) - [29.95 Ko] - (15.0.24.123) - C:\Windows\System32\Drivers\avusbflt.sys [MD5.BD8869EB9CDE6BBE4508D869929869EE] - [13/07/2009 23:02:49] - (.Copyright 2000-2007, Broadcom Corporation. - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) - [224.5 Ko] - (10.100.4.0) - C:\Windows\System32\Drivers\b57nd60x.sys [MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - [14/07/2009 01:59:16] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [13.25 Ko] - (1.10.0.2) - C:\Windows\System32\Drivers\BrFiltLo.sys [MD5.56801AD62213A41F6497F96DEE83755A] - [14/07/2009 01:58:59] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [5.13 Ko] - (1.4.0.1) - C:\Windows\System32\Drivers\BrFiltUp.sys [MD5.845B8CE732E67F3B4133164868C666EA] - [14/07/2009 01:57:25] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Pilote Brother Série I/F (WDM).) - [265.75 Ko] - (1.0.1.6) - C:\Windows\System32\Drivers\BrSerId.sys [MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - [14/07/2009 01:59:02] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [60.88 Ko] - (1.0.0.20) - C:\Windows\System32\Drivers\BrSerWdm.sys [MD5.BD456606156BA17E60A04E18016AE54B] - [14/07/2009 01:58:27] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [11.88 Ko] - (1.0.0.12) - C:\Windows\System32\Drivers\BrUsbMdm.sys [MD5.AF72ED54503F717A43268B3CC5FAEC2E] - [14/07/2009 01:58:35] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [11.63 Ko] - (1.0.1.3) - C:\Windows\System32\Drivers\BrUsbSer.sys [MD5.1A231ABEC60FD316EC54C66715543CEC] - [10/06/2009 22:17:52] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [420 Ko] - (4.8.2.0) - C:\Windows\System32\Drivers\bxvbdx.sys [MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - [14/07/2009 00:11:18] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [15.58 Ko] - (2.0.7.0) - C:\Windows\System32\Drivers\cmdide.sys [MD5.8B30250D573A8F6B4BD23195160D8707] - [10/06/2009 22:20:26] - (.Copyright © Adaptec, Inc. 2000 - Adaptec Ultra SCSI miniport.) - [69.06 Ko] - (6.0.0.0) - C:\Windows\System32\Drivers\djsvs.sys [MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - [10/06/2009 22:19:19] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [443.08 Ko] - (5.2.10.211) - C:\Windows\System32\Drivers\elxstor.sys [MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - [10/06/2009 22:17:55] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3027.5 Ko] - (4.8.13.0) - C:\Windows\System32\Drivers\evbdx.sys [MD5.71128764F38DD6B8A8FA102C0C57AEAC] - [01/10/2016 12:17:23] - (.Copyright © 2011 - USB NDIS Miniport Driver.) - [166.55 Ko] - (1.0.8.2) - C:\Windows\System32\Drivers\gnusbnet.sys [MD5.91DCA0524A805C445CE0D7FB6F3ABE6A] - [01/10/2016 12:17:23] - (.Copyright © 2001-2010 - USB Modem/Serial Device Driver.) - [130.8 Ko] - (2.1.0.4) - C:\Windows\System32\Drivers\gnusbser.sys [MD5.C44E3C2BAB6837DB337DDEE7544736DB] - [13/07/2009 23:54:14] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [26 Ko] - (1.31.27127.0) - C:\Windows\System32\Drivers\hcw85cir.sys [MD5.295FDC419039090EB8B49FFDBB374549] - [13/07/2009 23:09:17] - (.Copyright (c) 2004-2008 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [65.58 Ko] - (6.12.4.32) - C:\Windows\System32\Drivers\HpSAMD.sys [MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - [27/02/2014 12:47:34] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - ia32.) - [324.38 Ko] - (8.6.2.1014) - C:\Windows\System32\Drivers\iaStorV.sys [MD5.8266AE06DF974E5BA047B3E9E9E70B3F] - [25/08/2010 19:31:30] - (.Copyright (c) 1998-2006 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [8813 Ko] - (8.15.10.2202) - C:\Windows\System32\Drivers\igdkmd32.sys [MD5.4173FF5708F3236CF25195FECD742915] - [13/07/2009 23:09:17] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [40.08 Ko] - (5.4.22.0) - C:\Windows\System32\Drivers\iirsp.sys [MD5.EB119A53CCF2ACC000AC71B065B78FEF] - [13/07/2009 23:09:19] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [93.58 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_fc.sys [MD5.8ADE1C877256A22E49B75D1CC9161F9C] - [13/07/2009 23:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [87.08 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_sas.sys [MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - [13/07/2009 23:09:18] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [53.58 Ko] - (2.0.2.71) - C:\Windows\System32\Drivers\lsi_sas2.sys [MD5.0A036C7D7CAB643A7F07135AC47E0524] - [13/07/2009 23:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [94.58 Ko] - (1.28.3.67) - C:\Windows\System32\Drivers\lsi_scsi.sys [MD5.A1D52DB330E18B5A7A718D31D950CA87] - [19/12/2015 10:53:49] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [23.88 Ko] - (0.1.16.0) - C:\Windows\System32\Drivers\mbam.sys [MD5.22649DC583AE1F124C12FB1D39AE8B0B] - [19/12/2015 10:53:49] - (.© Malwarebytes. - Malwarebytes Chameleon Protection Driver.) - [123.38 Ko] - (1.1.22.0) - C:\Windows\System32\Drivers\mbamchameleon.sys [MD5.5023F594D5448E16F920157174C61358] - [19/12/2015 10:54:47] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [166.21 Ko] - (0.3.0.4) - C:\Windows\System32\Drivers\MBAMSwissArmy.sys [MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - [10/06/2009 22:19:35] - (.Copyright © LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) - [30.08 Ko] - (4.5.1.32) - C:\Windows\System32\Drivers\megasas.sys [MD5.DCBAB2920C75F390CAF1D29F675D03D6] - [13/07/2009 23:09:17] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [230.06 Ko] - (13.5.409.2009) - C:\Windows\System32\Drivers\MegaSR.sys [MD5.66DDF98174707CBADBCA6BBABDA1231C] - [19/12/2015 10:53:49] - (.© Malwarebytes Corporation. - Malwarebytes Web Access Control.) - [51.88 Ko] - (1.0.6.0) - C:\Windows\System32\Drivers\mwac.sys [MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - [13/07/2009 23:09:17] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [43.58 Ko] - (7.10.0.0) - C:\Windows\System32\Drivers\nfrd960.sys [MD5.B3E25EE28883877076E0E1FF877D02E0] - [27/02/2014 12:47:35] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [114.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvraid.sys [MD5.4380E59A170D88C4F1022EFF6719A8A4] - [27/02/2014 12:47:35] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [140.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvstor.sys [MD5.AB95ECF1F6659A60DDC166D8315B0751] - [10/06/2009 22:20:06] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1351.06 Ko] - (9.1.8.6) - C:\Windows\System32\Drivers\ql2300.sys [MD5.B4DD51DD25182244B86737DC51AF2270] - [13/07/2009 23:09:18] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [103.58 Ko] - (2.1.3.20) - C:\Windows\System32\Drivers\ql40xx.sys [MD5.7DFD48E24479B68B258D8770121155A0] - [10/06/2009 22:18:34] - (.Copyright (C) 2008 Realtek Corporation. This product is covered by one or more of the following patents:US5,307,459, US5,434,872, US5,732,094, US6,570,884, US6,115,776, and US6,327,625. - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver .) - [136.5 Ko] - (7.2.1125.2008) - C:\Windows\System32\Drivers\Rt86win7.sys [MD5.90A3935D05B494A5A39D37E71F09A677] - [14/07/2009 03:05:20] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [20 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys [MD5.A9F0486851BECB6DDA1D89D381E71055] - [10/06/2009 22:20:08] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [39.08 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys [MD5.3727097B55738E2F554972C3BE5BC1AA] - [13/07/2009 23:09:18] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [76.06 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys [MD5.317A9DB20BDB9A81EE9D75388CF5CF90] - [26/02/2014 14:56:27] - (.Copyright © 2000 - 2014 Avira Operations GmbH & Co. KG and its Licensors - ssmdrv.) - [18.32 Ko] - (15.0.19.1) - C:\Windows\System32\Drivers\ssmdrv.sys [MD5.DB32D325C192B801DF274BFD12A7E72B] - [13/07/2009 23:09:18] - (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) - [20.58 Ko] - (5.0.1.1) - C:\Windows\System32\Drivers\stexstor.sys [MD5.E43574F6A56A0EE11809B48C09E4FD3C] - [14/07/2009 00:11:20] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [16.58 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys [MD5.9DFA0CC2F8855A04816729651175B631] - [10/06/2009 22:20:24] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [138.58 Ko] - (6.0.6000.6210) - C:\Windows\System32\Drivers\vsmraid.sys ---------- | Uninstall [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Users\KADER IDH\AppData\Local\Google\Chrome\Application\56.0.2924.87\Installer\setup.exe" --uninstall [HKU\S-1-5-21-435501677-4175685979-3547123774-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> "C:\Users\KADER IDH\AppData\Roaming\uTorrent\uTorrent.exe" /UNINSTALL [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\350179D4FEEF8D83146365E4FD7427A21F5D955A] : (Package de pilotes Windows - Condor (gnusbnet) Net (11/11/2013 1.2.0.0).-.Condor) -> C:\PROGRA~1\DIFX\277D1C50D2B49142\dpinst_x86.exe /u C:\Windows\System32\DriverStore\FileRepository\gnnet.inf_x86_neutral_58f2a952e6129741\gnnet.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235] : (Package de pilotes Windows - MediaTek Inc. (usbser) Ports (01/05/2012 2.0000.0.1).-.MediaTek Inc.) -> C:\PROGRA~1\DIFX\277D1C50D2B49142\dpinst_x86.exe /u C:\Windows\System32\DriverStore\FileRepository\usbvcom_brom.inf_x86_neutral_34bc26000f2802a8\usbvcom_brom.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\760ECD7B4391C69CC34B300D57CAAE1D7BF4D16B] : (Package de pilotes Windows - Condor Communication Equipment Co.,Ltd. (gnusbser) Ports (11/11/2013 1.2.0.0).-.Condor Communication Equipment Co.,Ltd.) -> C:\PROGRA~1\DIFX\277D1C50D2B49142\dpinst_x86.exe /u C:\Windows\System32\DriverStore\FileRepository\gnser.inf_x86_neutral_180578caf47e894f\gnser.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 24 NPAPI.-.Adobe Systems Incorporated) -> C:\Windows\system32\Macromed\Flash\FlashUtil32_24_0_0_221_Plugin.exe -maintain plugin [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Avira Antivirus] : (Avira Antivirus.-.Avira Operations GmbH & Co. KG) -> C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Canon LBP3010/LBP3018/LBP3050] : (Canon LBP3010/LBP3018/LBP3050.-.) -> C:\Program Files\Canon\PrnUninstall\Canon LBP3010 LBP3018 LBP3050\CNAB8UN.EXE [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\D0E6296D177F42BB31C0200E49412003DB6C4633] : (Package de pilotes Windows - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0).-.MediaTek Inc.) -> C:\PROGRA~1\DIFX\277D1C50D2B49142\dpinst_x86.exe /u C:\Windows\System32\DriverStore\FileRepository\usbvcom.inf_x86_neutral_846b9fbe2ab928df\usbvcom.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\E304C591E3B27BA4FEDE756A7033259C81448FE5] : (Package de pilotes Windows - Condor Corporation Net (11/11/2013 1.2.0.0).-.Condor Corporation) -> C:\PROGRA~1\DIFX\277D1C50D2B49142\dpinst_x86.exe /u C:\Windows\System32\DriverStore\FileRepository\rndis.inf_x86_neutral_5eaad38be4b28c13\rndis.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EA52A0024D67167EA2BC865080C775727661BB60] : (Package de pilotes Windows - SPA Condor Electronics (WinUSB) AndroidUsbDeviceClass (11/11/2013 1.2.0.0).-.SPA Condor Electronics) -> C:\PROGRA~1\DIFX\277D1C50D2B49142\dpinst_x86.exe /u C:\Windows\System32\DriverStore\FileRepository\gnadb.inf_x86_neutral_f8fa7c3baa2670d0\gnadb.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EPSON XP-225 Series] : (EPSON XP-225 Series Printer Uninstall.-.SEIKO EPSON Corporation) -> C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TINSNFE.EXE /R /APD /P:"EPSON XP-225 Series" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\FD4B3DDA263F0DD0154678E963EE8341AB29EAFE] : (Package de pilotes Windows - Condor Communication Equipment Co.,Ltd. (gnusbser) Modem (11/11/2013 1.2.0.0).-.Condor Communication Equipment Co.,Ltd.) -> C:\PROGRA~1\DIFX\277D1C50D2B49142\dpinst_x86.exe /u C:\Windows\System32\DriverStore\FileRepository\gnmdm.inf_x86_neutral_9ab1d83dc3e72b1d\gnmdm.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\McAfee Security Scan] : (McAfee Security Scan Plus.-.McAfee, Inc.) -> "C:\Program Files\McAfee Security Scan\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 51.0.1 (x86 fr)] : (Mozilla Firefox 51.0.1 (x86 fr).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeamViewer] : (TeamViewer 12.-.TeamViewer) -> "C:\Program Files\TeamViewer\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files\VideoLAN\VLC\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 4.01 (32 bits).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7774002B-60B3-4146-BF82-5BF767D468B8}] : (Avira Connect.-.Avira Operations GmbH & Co. KG) -> MsiExec.exe /X{7774002B-60B3-4146-BF82-5BF767D468B8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{845380e2-f0b5-4584-bc40-cc54345b3c06}] : (Avira Connect.-.Avira Operations GmbH & Co. KG) -> "C:\ProgramData\Package Cache\{845380e2-f0b5-4584-bc40-cc54345b3c06}\Avira.OE.Setup.Bundle.exe" /uninstall ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824211354}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824211354} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D36E2958-CD7D-4DC8-B3E1-9BEF95E5ACDE}] : (Nitro Pro 9.-.Nitro) -> MsiExec.exe /X{D36E2958-CD7D-4DC8-B3E1-9BEF95E5ACDE} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.21.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6} ---------- | Installer [HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109E70000000000000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\25946514D214736534007A857BC05200] : Avira SearchFree Toolbar -> C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C2500}\ToolbarIcon.exe [HKCR\Installer\Products\68AB67CA408033019195008142123145] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824211354}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE] : MSXML 4.0 SP2 (KB973688) [HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.21 -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe [HKCR\Installer\Products\8592E63DD7DC8CD43B1EB9FE595ECAED] : Nitro Pro 9 -> C:\Windows\Installer\{D36E2958-CD7D-4DC8-B3E1-9BEF95E5ACDE}\Professional.ico [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\B20047773B066414FB28B57F764D868B] : Avira Connect [HKCR\Installer\Products\DDA39468D428E8B4DB27C8D5DC5CA217] : MSXML 4.0 SP2 (KB954430) ---------- | ADS @C:\Windows:nlsPreferences ---------- | Drives Disk: 0 Size=305G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 60G Yes No 63 122,881,122 1 1 0F-EXTEND 245G No No 122,881,185 502,240,095 ---------- | MBR Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 32-bit Base Board Manufacturer: PEGATRON CORPORATION BIOS Manufacturer: American Megatrends Inc. System Manufacturer: Hewlett-Packard System Product Name: HP Pro 3010 Microtower PC Logical Drives Mask: 0x000007fc Analysis of file "C:\QuickDiag\MBR.bin": Windows 7 MBR code detected Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: ST3320418AS rev.HP34 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 1 ntkrnlpa!IofCallDriver[0x82E85BBA] -> \Device\Harddisk0\DR0[0x85A09568] 3 CLASSPNP[0x88E0459E] -> ntkrnlpa!IofCallDriver[0x82E85BBA] -> [0x85586818] 5 ACPI[0x88AA03D4] -> ntkrnlpa!IofCallDriver[0x82E85BBA] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85586030] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } user & kernel MBR OK ---------- | 20 LastEventLog Nom de l’application défaillante Showcase.exe, version : 1.0.0.44, horodatage : 0x4a5ad5a3 Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521ea91c Code d’exception : 0xc0000374 Décalage d’erreur : 0x000c3873 ID du processus défaillant : 0x1640 Heure de début de l’application défaillante : 0x01d290067f1682b0 Chemin d’accès de l’application défaillante : C:\Users\KADER IDH\AppData\Roaming\Amadeus\Viewer\Showcase.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : 0ac3cdfe-fc15-11e6-a689-f4ce46028843 ------------ Produit : Microsoft Office Professional Plus 2007 - La mise à jour ‘{8B689F89-5E1C-4DA9-B2B1-7B3843275596}’ n’a pas pu être installée. Code d’erreur 1642. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127 ------------ Le programme EXCEL.EXE version 16.0.7766.2047 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 920 Heure de début : 01d28c26e4b8aa94 Heure de fin : 266 Chemin d’accès de l’application : C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE ID de rapport : ------------ Le programme iexplore.exe version 11.0.9600.17840 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 904 Heure de début : 01d28c1941ec1e45 Heure de fin : 156 Chemin d’accès de l’application : C:\Program Files\Internet Explorer\iexplore.exe ID de rapport : ------------ Nom de l’application défaillante OUTLOOK.EXE, version : 16.0.7766.2047, horodatage : 0x588e6039 Nom du module défaillant : OUTLOOK.EXE, version : 16.0.7766.2047, horodatage : 0x588e6039 Code d’exception : 0xc0000005 Décalage d’erreur : 0x005089d1 ID du processus défaillant : 0xfec Heure de début de l’application défaillante : 0x01d28c1967ff680a Chemin d’accès de l’application défaillante : C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE Chemin d’accès du module défaillant: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ID de rapport : 1369371a-f819-11e6-bcd6-f4ce46028843 ------------ Nom de l’application défaillante Showcase.exe, version : 1.0.0.44, horodatage : 0x4a5ad5a3 Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521ea91c Code d’exception : 0xc0000374 Décalage d’erreur : 0x000c3873 ID du processus défaillant : 0x698 Heure de début de l’application défaillante : 0x01d28a88819f5b70 Chemin d’accès de l’application défaillante : C:\Users\KADER IDH\AppData\Roaming\Amadeus\Viewer\Showcase.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : c40dd355-f6a2-11e6-bc4d-f4ce46028843 ------------ Nom de l’application défaillante NitroPDF.exe, version : 9.0.5.9, horodatage : 0x52aa624b Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x241ff550 ID du processus défaillant : 0xa68 Heure de début de l’application défaillante : 0x01d28767f67397f2 Chemin d’accès de l’application défaillante : C:\PROGRA~1\Nitro\PRO9~1\NitroPDF.exe Chemin d’accès du module défaillant: unknown ID de rapport : 97d3187f-f368-11e6-bc1f-f4ce46028843 ------------ Nom de l’application défaillante NitroAssistant.exe, version : 9.0.5.9, horodatage : 0x52aa606e Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325, horodatage : 0x4df2be1e Code d’exception : 0x40000015 Décalage d’erreur : 0x0008d6fd ID du processus défaillant : 0xd9c Heure de début de l’application défaillante : 0x01d28767f695031f Chemin d’accès de l’application défaillante : C:\PROGRA~1\Nitro\PRO9~1\NitroAssistant.exe Chemin d’accès du module défaillant: C:\Windows\system32\MSVCR100.dll ID de rapport : 02a2c400-f35c-11e6-bc1f-f4ce46028843 ------------ Nom de l’application défaillante Showcase.exe, version : 1.0.0.44, horodatage : 0x4a5ad5a3 Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521ea91c Code d’exception : 0xc0000374 Décalage d’erreur : 0x000c3873 ID du processus défaillant : 0x12f4 Heure de début de l’application défaillante : 0x01d28508aef5e31a Chemin d’accès de l’application défaillante : C:\Users\KADER IDH\AppData\Roaming\Amadeus\Viewer\Showcase.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : b8bd49c2-f106-11e6-a698-f4ce46028843 ------------ Produit : Microsoft Office Professional Plus 2007 - La mise à jour ‘{8B689F89-5E1C-4DA9-B2B1-7B3843275596}’ n’a pas pu être installée. Code d’erreur 1642. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127 ------------ Produit : Microsoft Office Professional Plus 2007 - La mise à jour ‘{8B689F89-5E1C-4DA9-B2B1-7B3843275596}’ n’a pas pu être installée. Code d’erreur 1642. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127 ------------ Produit : Microsoft Office Professional Plus 2007 - La mise à jour ‘{8B689F89-5E1C-4DA9-B2B1-7B3843275596}’ n’a pas pu être installée. Code d’erreur 1642. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127 ------------ Microsoft Outlook: Accepted Safe Mode action : Outlook n'a pas pu démarrer la dernière fois. Le mode sans échec permet de résoudre le problème, mais certaines fonctionnalités risquent de ne pas être disponibles sous ce mode. Voulez-vous démarrer en mode sans échec ?. ------------ Produit : Microsoft Office Professional Plus 2007 - La mise à jour ‘{8B689F89-5E1C-4DA9-B2B1-7B3843275596}’ n’a pas pu être installée. Code d’erreur 1642. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127 ------------ Impossible d’initialiser l’index. Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ Impossible d’initialiser l’application. Contexte : Application Windows Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ Impossible d’initialiser l’objet rassembleur. Contexte : Application Windows, Catalogue SystemIndex Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ Impossible d’initialiser le plug-in dans . Contexte : Application Windows, Catalogue SystemIndex Détails : Élément introuvable. (HRESULT : 0x80070490) (0x80070490) ------------ Impossible d’initialiser le plug-in dans . Contexte : Application Windows, Catalogue SystemIndex Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ ----------( EOF)---------- - 2988 | 10:01:16