Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Exécuté par K (14-04-2017 15:26:15) Exécuté depuis C:\Users\K\Desktop Windows 10 Home Version 1607 (X64) (2016-09-27 10:24:36) Mode d'amorçage: Normal ========================================================== ==================== Comptes: ============================= admin (S-1-5-21-3706351813-3781728992-3191424560-1005 - Limited - Enabled) Administrateur (S-1-5-21-3706351813-3781728992-3191424560-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3706351813-3781728992-3191424560-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3706351813-3781728992-3191424560-1002 - Limited - Enabled) Invité (S-1-5-21-3706351813-3781728992-3191424560-501 - Limited - Disabled) K (S-1-5-21-3706351813-3781728992-3191424560-1000 - Administrator - Enabled) => C:\Users\K ==================== Centre de sécurité ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4} ==================== Programmes installés ====================== (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.) Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Ansel (Version: 376.09 - NVIDIA Corporation) Hidden Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.12.0 - Ant Software) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.9.0000 - Asmedia Technology) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software) Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.) Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.00 - Canon Inc.) Canon MG5600 series On-screen Manual (HKLM-x32\...\Canon MG5600 series On-screen Manual) (Version: 7.7.1 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.2.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World) DriversCloud.com (64 bits) (HKLM\...\{AEEC522D-38DD-46FD-9367-3E32F51B3A42}) (Version: 10.0.1.0 - Cybelsoft) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden Inkscape 0.91 (HKLM-x32\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel(R) Network Connections 21.1.30.0 (HKLM\...\PROSetDX) (Version: 21.1.30.0 - Intel) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.10.0.1016 - Intel Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mises à jour NVIDIA 23.2.20.0 (Version: 23.2.20.0 - NVIDIA Corporation) Hidden Mozilla Firefox 52.0.2 (x86 fr) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 fr)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla) NVIDIA GeForce Experience 3.2.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.2.49 - NVIDIA Corporation) NVIDIA Logiciel système PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Pilote 3D Vision 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation) NVIDIA Pilote audio HD : 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA Pilote du contrôleur 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA Pilote graphique 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation) NvNodejs (Version: 3.2.2.49 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.0.2.1 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.2 - NVIDIA Corporation) Hidden OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation) Panneau de configuration NVIDIA 376.53 (Version: 376.53 - NVIDIA Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.5 - Qualcomm Atheros) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.) RICOH R5U8xx Media Driver ver.3.62.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH) SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team) SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.2.2.49 - NVIDIA Corporation) Hidden SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.10 - ASUS) ==================== Personnalisé CLSID (Avec liste blanche): ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) CustomCLSID: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ==================== Tâches planifiées (Avec liste blanche) ============= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {05D9A8F0-943C-4053-9E7C-395FF018D456} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-18] (NVIDIA Corporation) Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {096ED694-3F85-47EB-A179-705DA75E2409} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-18] (NVIDIA Corporation) Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {0FFBEE64-C135-49B9-8633-4EC16665CC11} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-18] (NVIDIA Corporation) Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {18889ABA-2B01-4A46-B5D3-3138B2248EF6} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe Task: {24EC7022-7680-41B5-93D1-98FB77CA1738} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {2975116F-1664-4570-8C97-9016080D90B0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-18] (NVIDIA Corporation) Task: {2AD47823-ABBD-4632-A4B8-3AB8B3861B3E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION Task: {2B1FDA25-8BF0-4B8D-9A14-F1CAFF0000FA} - \ASUSControlDeck -> Pas de fichier <==== ATTENTION Task: {2B92F1E4-FB00-476F-8EA9-B5522FC37D0F} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe Task: {2BA9FFBD-FCB8-475D-B2E5-FD526C8F71BF} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe Task: {312F70C8-2AE6-4589-869B-72E83BA7F9D4} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {46F65983-4BAC-44F7-B707-8D95F2AA049A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION Task: {4C843774-B48C-46B9-A510-AD2BF0E5850A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION Task: {5234B634-6C2E-402C-A673-5A801045E379} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION Task: {598EC52E-8F1F-463F-B17A-B9FB02DB44C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated) Task: {5A7A7AF1-4742-4394-8F0E-5CC0D0E2BD63} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-18] (NVIDIA Corporation) Task: {63A2D7E0-4FEA-42C9-BC1E-F191E52F60C7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION Task: {655B3DA9-D905-4D31-A197-4F422629299E} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe Task: {68039142-098D-4C41-A014-7B4AB79111EA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {795E94D6-89C7-427A-824A-6968BA079A47} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-18] (NVIDIA Corporation) Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {89845EA5-CD7C-4B96-A63C-3EE93D1A776D} - System32\Tasks\{EE1A00EC-97ED-43AE-9ED5-16805852F761} => pcalua.exe -a C:\Users\K\Downloads\compta_expert_575.exe -d C:\Users\K\Downloads Task: {8ECA6F84-A186-452F-8F1B-7547901832F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION Task: {9FA4EAA2-CDAD-4950-B94C-28A86C166C9C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {A9F6968B-348C-4FEC-AD62-D6A68D6E0B2E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software) Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {ACB5C89F-BE32-4462-B1D4-68DBF7EA94C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated) Task: {B6E4190A-D572-410F-AA36-8862ED15DFC9} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {C62C5899-5063-4820-967A-4BDFA6920996} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {C96A34F0-ED52-460A-AA5E-20AEDC361E3A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION Task: {D124C19B-A0CD-4113-A933-A461E1F71E61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd) Task: {D3F4DC87-A8D2-49AD-B09E-9087A2A8FC9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.) Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {E3D65A71-810F-4C45-8ABA-F6910C6B5D5B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION Task: {E72C72C3-F556-46F1-BF6F-1BDC78AE22AC} - System32\Tasks\SafeZone scheduled Autoupdate 1486590157 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software) Task: {E9264D06-A706-41BC-A646-65839340EBE6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {F0E0D1BC-CF66-4BAB-80B3-A2843D748C37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-13] (Google Inc.) Task: {F394ACD7-BAF0-4586-9CC3-3D4D9D39A88D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-18] (NVIDIA Corporation) Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {FAFF1FAB-4647-4F6A-9CCE-69AAECF826DE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-04] (AVAST Software) Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Raccourcis ============================= (Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.) Shortcut: C:\Users\K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Namexif\Help.lnk -> hxxp://www.digicamsoft.com ==================== Modules chargés (Avec liste blanche) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-04-12 18:06 - 2017-03-28 08:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-27 12:18 - 2015-09-21 17:50 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe 2016-11-29 14:26 - 2017-01-06 03:10 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-11-29 14:26 - 2017-01-06 03:10 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-11-29 14:19 - 2016-12-29 14:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-04-12 18:06 - 2017-03-28 08:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-27 12:26 - 2016-09-27 12:26 - 00959168 _____ () C:\Users\K\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-12-26 23:38 - 2016-12-26 23:38 - 00592384 _____ () C:\Users\K\AppData\Local\MEGAsync\ShellExtX64.dll 2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2016-09-27 13:14 - 2016-09-27 13:14 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 21:50 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 21:50 - 2017-03-04 08:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll 2017-04-12 18:06 - 2017-03-28 07:13 - 03940864 _____ () C:\Windows\ShellExperiences\PenWorkspace.dll 2017-03-15 21:51 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 21:51 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 21:51 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-04-12 18:06 - 2017-03-28 07:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-04-12 18:06 - 2017-03-28 07:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-04-12 18:06 - 2017-03-28 07:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-04-14 12:52 - 2017-04-14 12:52 - 00029184 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll 2016-09-27 12:18 - 2015-09-21 17:50 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll 2016-11-29 14:26 - 2017-01-06 03:10 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-01-18 20:08 - 2017-01-06 03:10 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2017-01-18 20:08 - 2017-01-06 03:10 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-04-06 10:45 - 2017-03-29 04:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll 2017-04-06 10:45 - 2017-03-29 04:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll 2017-04-04 20:58 - 2017-04-04 20:58 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-02-08 23:41 - 2017-02-08 23:41 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-04-04 20:58 - 2017-04-04 20:58 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-04-04 20:58 - 2017-04-04 20:58 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-04-04 20:58 - 2017-04-04 20:58 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-11-29 14:26 - 2017-01-06 02:09 - 00527416 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-11-29 14:26 - 2017-01-06 02:09 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-11-29 14:26 - 2017-01-06 02:09 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-11-29 14:26 - 2017-01-06 02:09 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-11-29 14:26 - 2017-01-06 02:09 - 00449080 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-11-29 14:26 - 2017-01-06 02:09 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-11-29 14:26 - 2017-01-06 02:09 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2017-01-18 20:08 - 2017-01-06 02:09 - 00954816 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node 2017-03-27 12:30 - 2017-03-27 12:30 - 01114136 _____ () C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\zf6aovmu.default-1489934795417\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll 2016-12-26 23:38 - 2016-12-26 23:38 - 00564736 _____ () C:\Users\K\AppData\Local\MEGAsync\ShellExtX32.dll ==================== Alternate Data Streams (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.) AlternateDataStreams: C:\WINDOWS\NvTelemetryContainerRecovery.bat:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\e1dmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IPROSetMonitor.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mqcmiplugin.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NicInstD.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6436510.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437595.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437609.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6436510.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437595.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437609.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PROUnstl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [32] AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mqmigplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\e1d65x64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorA.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [32] ==================== Mode sans échec (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.) ==================== Association (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.) ==================== Internet Explorer sites de confiance/sensibles =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.) IE trusted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\100sexlinks.com -> 100sexlinks.com Il y a 4788 plus de sites. ==================== Hosts contenu: =============================== (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.) 2009-07-14 04:34 - 2016-10-17 22:53 - 00000002 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Autres zones ============================ (Actuellement, il n'y a pas de correction automatique pour cette section.) HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Le Pare-feu est activé. ==================== MSCONFIG/TASK MANAGER éléments désactivés == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Assistant de configuration NETGEAR WNA1100.lnk => C:\Windows\pss\Assistant de configuration NETGEAR WNA1100.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe MSCONFIG\startupreg: ASUS Camera ScreenSaver => C:\Windows\AsScrProlog.exe MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\athbttray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\btvstack.exe" MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s MSCONFIG\startupreg: RunDLLEntry => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk" HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "UpdReg" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKLM\...\StartupApproved\Run32: => "FreedomeAutoStart" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "Bitdefender Agent de l'application Wallet" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "Bitdefender Wallet Agent" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "Bitdefender Wallet" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "Bitdefender Agent Wallet" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "Advanced SystemCare 9" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "CyberGhost" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "Advanced SystemCare Ultimate" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-3706351813-3781728992-3191424560-1000\...\StartupApproved\Run: => "Skype" ==================== RèglesPare-feu (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [UDP Query User{81C8720F-C7D7-4C95-9AD5-96E5B9483645}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{7C0562CB-4615-4200-919F-C4E6B275AF91}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{02175ED7-4E40-4658-B591-81D24845AB3B}] => (Allow) LPort=48114 FirewallRules: [{C6F56368-50F2-4375-992C-F84539A1752C}] => (Allow) LPort=48113 FirewallRules: [TCP Query User{FD4CFE32-468F-4224-B3EB-8E2533787D0A}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe FirewallRules: [UDP Query User{94850220-EE80-4727-82DA-D8796D040016}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe FirewallRules: [TCP Query User{078D48A2-D7BB-4619-8558-5CFD95566B61}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe FirewallRules: [UDP Query User{34DB4287-9430-48F1-82D9-5CBBD0AB95D2}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe FirewallRules: [{F2622BAF-A89B-4A2F-A0A2-0F7AC78B5736}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{32E2EE4B-507D-47D7-9617-0577EEE12693}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{20C7B5C6-9FD3-48AB-9EE0-260E3C7C29E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{AB7758AE-5B52-4B68-B6DD-0A57194902E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{739317AA-B9E3-4BBC-A404-C355BDD821A0}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe FirewallRules: [{A6FEE99B-51A6-4C79-A997-E83F2199CEBB}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe FirewallRules: [{E62C4596-9994-4EC8-9D58-C9EEA7DF4468}] => (Allow) LPort=3935 FirewallRules: [TCP Query User{BBDBBA78-A7DA-44A9-B77A-5E73ACBAE003}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{06AF8FC5-9516-4280-9883-671285997479}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{CBC5902D-00B1-4E4E-B9A0-50BAE138EB41}] => (Allow) C:\Users\K\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E26028ED-FA73-4BC3-BA3B-A9C3068983BC}] => (Allow) C:\Users\K\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A672EA11-36E6-4A5F-9ECE-1427C5B8D0EE}] => (Allow) C:\Users\K\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{622EB8AD-80AF-45C9-9ABE-6E8DEBBB5DAA}] => (Allow) C:\Users\K\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{511063BC-5E5A-4C1F-B621-2F99E3A3B1DD}] => (Allow) C:\Users\K\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7DFFCE70-0E2F-431D-9AF3-06C6DF530192}] => (Allow) C:\Users\K\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9C681489-62CA-44D6-B9F0-D17D79DFADB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{C9CB608D-CE93-4887-93A8-F8064B8B20E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{8EC73581-C662-41B7-96DD-EEDA337B1BDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9FB96B75-4CF9-4B2B-BF60-16626B8321BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{57FB48AF-EB0D-4C77-9DE1-728B99F71C5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{6F92B2B1-4DFA-46A7-B61F-F14A17A4937B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe FirewallRules: [{9884C9C3-C404-429F-BE89-7D50D0D4298B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe FirewallRules: [{91E24F64-EA3C-4DA4-945C-504A2A3E706B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Points de restauration ========================= 27-03-2017 11:52:52 Windows Update 31-03-2017 12:05:26 Windows Update 03-04-2017 12:57:40 Windows Update 07-04-2017 13:23:14 Windows Update 10-04-2017 19:26:09 Windows Update 14-04-2017 15:06:06 avant prise en charge ==================== Éléments en erreur du Gestionnaire de périphériques ============= Name: Qualcomm Atheros AR946x Wireless Network Adapter Description: Carte réseau sans fil Qualcomm Atheros AR946x Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth Device (Personal Area Network) Description: Périphérique Bluetooth (réseau personnel) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erreurs du Journal des événements: ========================= Erreurs Application: ================== Error: (04/14/2017 03:06:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . Error: (04/14/2017 03:06:06 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine ConvertStringSidToSid(S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak). hr = 0x80070539, Structure d’ID de sécurité non valide. . Opération : Événement OnIdentify Données du rédacteur en cours de collecte Contexte : Contexte d’exécution: Shadow Copy Optimization Writer ID de classe du rédacteur: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nom du rédacteur: Shadow Copy Optimization Writer ID d’instance du rédacteur: {31305323-6b53-480b-8a2c-6a7a3aa45b84} Error: (04/14/2017 02:19:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: IIS APPPOOL) Description: Windows ne peut pas vous ouvrir une session car votre profil ne peut pas être chargé. Vérifiez que vous êtes connecté au réseau et que le réseau fonctionne correctement. DÉTAIL - Accès refusé. Error: (04/14/2017 02:19:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: IIS APPPOOL) Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez. Error: (04/14/2017 02:19:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: IIS APPPOOL) Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion. Error: (04/14/2017 02:19:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: IIS APPPOOL) Description: Windows ne peut pas vous ouvrir une session car votre profil ne peut pas être chargé. Vérifiez que vous êtes connecté au réseau et que le réseau fonctionne correctement. DÉTAIL - Accès refusé. Error: (04/14/2017 02:19:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: IIS APPPOOL) Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez. Error: (04/14/2017 02:19:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: IIS APPPOOL) Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion. Error: (04/14/2017 02:19:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: IIS APPPOOL) Description: Windows ne peut pas vous ouvrir une session car votre profil ne peut pas être chargé. Vérifiez que vous êtes connecté au réseau et que le réseau fonctionne correctement. DÉTAIL - Accès refusé. Error: (04/14/2017 02:19:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: IIS APPPOOL) Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez. Erreurs système: ============= Error: (04/14/2017 02:19:03 PM) (Source: WAS) (EventID: 5002) (User: ) Description: Le pool d'applications 'DefaultAppPool' est automatiquement désactivé en raison de plusieurs échecs dans les processus servant ce pool d'application. Error: (04/14/2017 12:52:24 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} et l’APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/14/2017 12:52:24 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} et l’APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/14/2017 12:52:24 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} et l’APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/14/2017 12:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Le service NetTcpActivator dépend du service NetTcpPortSharing qui n’a pas pu démarrer en raison de l’erreur : Le service ne peut pas être démarré parce qu’il est désactivé ou qu’aucun périphérique activé ne lui est associé. Error: (04/14/2017 12:52:17 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: Cet ordinateur est configuré en tant que membre d’un groupe de travail, et non en tant que membre d’un domaine. Il n’est pas nécessaire d’exécuter le service Accès réseau dans cette configuration. Error: (04/14/2017 12:52:16 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Exécution pour l’application serveur COM avec le CLSID {22279AF5-03AE-4CAF-989D-2530918B2F1C} et l’APPID {0773CCD6-59A2-4D26-B235-19247767E645} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/14/2017 12:52:16 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Exécution pour l’application serveur COM avec le CLSID {22279AF5-03AE-4CAF-989D-2530918B2F1C} et l’APPID {0773CCD6-59A2-4D26-B235-19247767E645} au SID AUTORITE NT\SERVICE LOCAL de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/14/2017 12:52:16 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: L’arrêt système précédant à 23:58:19 le ‎13/‎04/‎2017 n’était pas prévu. Error: (04/14/2017 12:52:05 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: AUTORITE NT) Description: 32212256845615412042789488 CodeIntegrity: =================================== Date: 2017-03-19 15:11:11.321 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-03-19 15:10:25.071 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-03-19 15:10:24.796 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2016-12-14 16:59:11.304 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-14 16:56:57.365 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-14 16:56:55.646 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-13 12:44:44.339 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-13 12:44:43.451 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-13 12:44:43.336 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-01 12:23:14.785 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Infos Mémoire =========================== Processeur: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz Pourcentage de mémoire utilisée: 38% Mémoire physique - RAM - totale: 8129.66 MB Mémoire physique - RAM - disponible: 5026.46 MB Mémoire virtuelle totale: 16321.66 MB Mémoire virtuelle disponible: 12755.18 MB ==================== Lecteurs ================================ Drive c: (OS) (Fixed) (Total:238.03 GB) (Free:111.38 GB) NTFS ==>[lecteur avec composants d'amorçage (obtenu depuis BCD)] Drive d: (S4) (Fixed) (Total:3725.9 GB) (Free:31.01 GB) NTFS ==================== MBR & Table des partitions ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 87C525E7) Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ==================== Fin de Addition.txt ============================