--------------- QuickDiag | g3n-h@ckm@n | V4_20.06.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 18/08/2018 11:15:23 Updated 20/06/2018 | 08:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [christian (Administrator)] - [CHRISTIAN-PC] (S-1-5-21-4157162215-3885314228-2110668100-1000) System: Microsoft Windows 7 Édition Familiale Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> () System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Édition Familiale Premium |C:\Windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: To Be Filled By O.E.M. - To Be Filled By O.E.M. - IdNumber: To Be Filled By O.E.M. - UUID: 03000200-0400-0500-0006-000700080009 Processor : X64 - 2699 Mhz - Intel(R) Celeron(R) CPU G1820 @ 2.70GHz BIOS Date: 07/02/14 22:12:32 Ver: 04.06.05 - - American Megatrends Inc. - S/N: To Be Filled By O.E.M. - P1.90 - ALASKA - 1072009 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&2D9FCD32&0&0001 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_18497662&REV_1001\4&17AD2EF7&0&0001 ---------- | Video AMD Radeon R7 200 Series - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_6610&SUBSYS_E266174B&REV_00\4&63638AD&0&0008 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 1073741824 Inegrated Video Chipset DeviceName: AMD Radeon R7 200 Series - DriverVersion: 8.14.1.6562 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | CPU CPU #1 value:18 % CPU #2 value:31 % Total Overall CPU Usage value:25 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec ASUS PCE-N15 11n Wireless LAN PCI-E Card : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{4DC993EC-3A93-496E-AE7F-855455FE688A} : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{81C20B3E-1BFC-42A4-A343-D55D5595769A} : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:25 bytes/sec, / RECEIVE Maximum:0 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_81681849&REV_0C\4&2AF7FC6&0&00E3 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000 RAS Async Adapter - Réseau étendu (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC ASUS PCE-N15 11n Wireless LAN PCI-E Card - Ethernet 802.3 - ASUSTeK Computer Inc. - Status: - PnPID : PCI\VEN_10EC&DEV_8178&SUBSYS_84B61043&REV_01\4&29EE7F7D&0&00E5 Carte Microsoft ISATAP #2 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001 Kaspersky Security Data Escort Adapter - Ethernet 802.3 - Kaspersky Security Data Escort Provider - Status: - PnPID : ROOT\NET\0000 Carte Microsoft ISATAP #3 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002 ---------- | Memory RAM = Total (MB) : 4131 | Free (MB) : 1086 Pagefile = Total (MB) : 8261 | Free (MB) : 4779 Virtual = Total (MB) : 4194 | Free (MB) : 3992 Physical Memory 0 : Capacity: 2147483648 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: 0420 - PartNumber: F3-10666CL9-2GBNS - S/N: 00000000 Physical Memory 1 : Capacity: 2147483648 - ChannelB-DIMM0 - Posit.: 2 - Manufacturer: 0420 - PartNumber: F3-10666CL9-2GBNS - S/N: 00000000 ---------- | SID Users Administrateur : [S-1-5-21-4157162215-3885314228-2110668100-500] christian : [S-1-5-21-4157162215-3885314228-2110668100-1000] HomeGroupUser$ : [S-1-5-21-4157162215-3885314228-2110668100-1002] Invité : [S-1-5-21-4157162215-3885314228-2110668100-501] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Utilisateurs : [S-1-5-32-545] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-4157162215-3885314228-2110668100-1001] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Système] | Total : 200.05 Go | Free : 75.73 Go -> NTFS [SATA] D:\ -> [Fixed] | [Données] | Total : 731.12 Go | Free : 497.11 Go -> NTFS [SATA] F:\ -> [Fixed] | [Réservé au système] | Total : 0.34 Go | Free : 0.29 Go -> NTFS [SATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [F:, C:, D:] : Read:704,128 bytes/sec, Written:16,375 bytes/sec Max Read:704,128 bytes/sec, Max Write:16,375 bytes/sec Overall - Read Maximum:704,128 bytes/sec, Write Maximum:16,375 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKST1000DM003-1ER162______________________CC45____\5&1AE4F998&0&0.0.0 ---------- | Windows updates - Activation - License Last detection : 2018-08-18 09:12:57 Downloaded last ones : 2018-08-17 08:41:29 Installed last ones : 2018-08-17 08:42:14 Next search : 2018-08-19 04:46:41 Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.9600.19101 (© Microsoft Corporation. Tous droits réservés.) GC : 68.0.3440.106 (Copyright 2017 Google Inc.) ---------- | FlashPlayer ---------- | Security AS : Windows Defender Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 448 | [Owner : Système | Parent : 4(System) | 0.99 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.24214) = C:\Windows\System32\smss.exe [15/08/2018 10:17:57] CPU Usage:0 % --> Command Line : 652 | [Owner : Système | Parent : 628() | 4.06 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:19:49] CPU Usage:0 % --> Command Line : 752 | [Owner : Système | Parent : 628() | 4 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 01:52:37] CPU Usage:0 % --> Command Line : 780 | [Owner : Système | Parent : 744() | 14.56 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:19:49] CPU Usage:0 % --> Command Line : 820 | [Owner : Système | Parent : 752(wininit.exe) | 7.65 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [23/11/2017 11:13:29] CPU Usage:0 % --> Command Line : 836 | [Owner : Système | Parent : 752(wininit.exe) | 11.88 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.24214) = C:\Windows\System32\lsass.exe [15/08/2018 10:17:53] CPU Usage:0 % --> Command Line : 848 | [Owner : Système | Parent : 752(wininit.exe) | 4.05 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [21/11/2010 05:23:53] CPU Usage:0 % --> Command Line : 924 | [Owner : Système | Parent : 744() | 5.63 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.24000) = C:\Windows\System32\winlogon.exe [05/01/2018 18:54:59] CPU Usage:0 % --> Command Line : 1020 | [Owner : Système | Parent : 820(services.exe) | 8.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 696 | [Owner : SERVICE RÉSEAU | Parent : 820(services.exe) | 7.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 856 | [Owner : Système | Parent : 820(services.exe) | 4.19 Mo] - (.AMD - AMD External Events Service Module.) - (23.20.793.0) = C:\Windows\System32\atiesrxx.exe [16/11/2017 02:45:04] CPU Usage:0 % --> Command Line : 1096 | [Owner : SERVICE LOCAL | Parent : 820(services.exe) | 20.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 1128 | [Owner : Système | Parent : 820(services.exe) | 184.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 1160 | [Owner : SERVICE LOCAL | Parent : 820(services.exe) | 19.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 1188 | [Owner : Système | Parent : 820(services.exe) | 117.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 1248 | [Owner : SERVICE LOCAL | Parent : 1096(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [23/11/2017 11:51:45] CPU Usage:0 % --> Command Line : 1284 | [Owner : Système | Parent : 820(services.exe) | 5.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 1364 | [Owner : SERVICE RÉSEAU | Parent : 820(services.exe) | 14.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 1456 | [Owner : Système | Parent : 856(atiesrxx.exe) | 6.42 Mo] - (.AMD - AMD External Events Client Module.) - (23.20.793.0) = C:\Windows\System32\atieclxx.exe [16/11/2017 02:45:00] CPU Usage:0 % --> Command Line : 1616 | [Owner : Système | Parent : 820(services.exe) | 9.27 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.24000) = C:\Windows\System32\spoolsv.exe [05/01/2018 18:54:55] CPU Usage:0 % --> Command Line : 1672 | [Owner : SERVICE LOCAL | Parent : 820(services.exe) | 12.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 1840 | [Owner : Système | Parent : 820(services.exe) | 5.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 1860 | [Owner : Système | Parent : 820(services.exe) | 4.23 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [22/11/2017 15:35:09] CPU Usage:0 % --> Command Line : 1952 | [Owner : christian | Parent : 820(services.exe) | 12.82 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [19/03/2013 12:05:28] CPU Usage:0 % --> Command Line : 2000 | [Owner : christian | Parent : 1128(svchost.exe) | 33.08 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 01:37:38] CPU Usage:4 % --> Command Line : 2008 | [Owner : Système | Parent : 820(services.exe) | 133.62 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (19.0.0.1088) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\avp.exe [28/02/2018 23:37:30] CPU Usage:0 % --> Command Line : 2032 | [Owner : Système | Parent : 820(services.exe) | 10.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 1816 | [Owner : christian | Parent : 1780() | 36.42 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe [23/11/2017 11:49:45] CPU Usage:0 % --> Command Line : 2084 | [Owner : SERVICE LOCAL | Parent : 820(services.exe) | 6.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 2112 | [Owner : Système | Parent : 820(services.exe) | 5.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 2348 | [Owner : Système | Parent : 820(services.exe) | 209.01 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.667) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [10/05/2018 12:28:24] CPU Usage:0 % --> Command Line : 2704 | [Owner : Système | Parent : 1188(svchost.exe) | 5.08 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [21/11/2010 05:24:27] CPU Usage:0 % --> Command Line : 2744 | [Owner : Système | Parent : 2704(taskeng.exe) | 1.01 Mo] - (.Google Inc. - Programme d'installation de Google.) - (1.3.33.17) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16/08/2018 09:19:23] CPU Usage:0 % --> Command Line : 2768 | [Owner : SERVICE RÉSEAU | Parent : 820(services.exe) | 4.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 2996 | [Owner : SERVICE RÉSEAU | Parent : 1020(svchost.exe) | 16.34 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [21/11/2010 05:24:15] CPU Usage:0 % --> Command Line : 2208 | [Owner : christian | Parent : 2712() | 9.23 Mo] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) - (10.1.1.1681) = C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [15/11/2017 20:43:18] CPU Usage:0 % --> Command Line : 760 | [Owner : christian | Parent : 1816(explorer.exe) | 7.97 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1056) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13/12/2017 13:58:47] CPU Usage:0 % --> Command Line : 2080 | [Owner : christian | Parent : 1816(explorer.exe) | 10.49 Mo] - (.Hewlett-Packard Development Company, LP - ScanToPCActivationApp.) - (32.3.198.49673) = C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [21/07/2014 17:25:12] CPU Usage:0 % --> Command Line : 2340 | [Owner : christian | Parent : 1816(explorer.exe) | 8.76 Mo] - (.© 2015 Microsoft Corporation - Microsoft Bing Service.) - (1.0.6.0) = C:\Users\christian\AppData\Local\Microsoft\BingSvc\BingSvc.exe [13/06/2018 18:15:38] CPU Usage:0 % --> Command Line : 1916 | [Owner : christian | Parent : 1816(explorer.exe) | 64.04 Mo] - (.Skype Technologies S.A. - Skype.) - (8.28.0.41) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [16/06/2018 18:41:20] CPU Usage:0 % --> Command Line : 3232 | [Owner : Système | Parent : 2744(GoogleUpdate.exe) | 0.9 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.17) = C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe [16/08/2018 09:19:22] CPU Usage:0 % --> Command Line : 3320 | [Owner : Système | Parent : 2744(GoogleUpdate.exe) | 0.53 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.17) = C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe [16/08/2018 09:19:22] CPU Usage:0 % --> Command Line : 3452 | [Owner : christian | Parent : 2348(MBAMService.exe) | 24 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1496) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [10/05/2018 12:28:22] CPU Usage:0 % --> Command Line : 3640 | [Owner : christian | Parent : 1916(Skype.exe) | 9.62 Mo] - (.Skype Technologies S.A. - Skype.) - (8.28.0.41) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [16/06/2018 18:41:20] CPU Usage:0 % --> Command Line : 3704 | [Owner : SERVICE LOCAL | Parent : 820(services.exe) | 13.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 3740 | [Owner : Système | Parent : 820(services.exe) | 34.22 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.23930) = C:\Windows\System32\SearchIndexer.exe [23/11/2017 11:51:51] CPU Usage:0 % --> Command Line : 3860 | [Owner : christian | Parent : 1916(Skype.exe) | 52.88 Mo] - (.Skype Technologies S.A. - Skype.) - (8.28.0.41) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [16/06/2018 18:41:20] CPU Usage:0 % --> Command Line : 3988 | [Owner : christian | Parent : 3972() | 3.41 Mo] - (.Piriform Ltd - CCleaner.) - (5.25.0.5902) = C:\Program Files\CCleaner\CCleaner64.exe [06/12/2016 16:09:52] CPU Usage:0 % --> Command Line : 3552 | [Owner : christian | Parent : 3880() | 6.92 Mo] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [30/05/2013 15:50:10] CPU Usage:0 % --> Command Line : 3960 | [Owner : christian | Parent : 1020(svchost.exe) | 5.96 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe [14/07/2009 01:47:12] CPU Usage:0 % --> Command Line : 4116 | [Owner : SERVICE RÉSEAU | Parent : 820(services.exe) | 9.23 Mo] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe [21/11/2010 05:25:05] CPU Usage:0 % --> Command Line : 4160 | [Owner : christian | Parent : 1916(Skype.exe) | 154.65 Mo] - (.Skype Technologies S.A. - Skype.) - (8.28.0.41) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [16/06/2018 18:41:20] CPU Usage:0 % --> Command Line : 4772 | [Owner : SERVICE LOCAL | Parent : 820(services.exe) | 13.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 3548 | [Owner : christian | Parent : 2008(avp.exe) | 5.06 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (19.0.0.1088) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\avpui.exe [23/07/2018 12:25:16] CPU Usage:0 % --> Command Line : 896 | [Owner : Système | Parent : 820(services.exe) | 6.4 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (18.0.0.405) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [24/01/2017 19:57:40] CPU Usage:0 % --> Command Line : 5068 | [Owner : Système | Parent : 1020(svchost.exe) | 6.9 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [21/11/2010 05:24:15] CPU Usage:0 % --> Command Line : 1940 | [Owner : SERVICE RÉSEAU | Parent : 820(services.exe) | 11.21 Mo] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [21/11/2010 05:23:56] CPU Usage:0 % --> Command Line : 2672 | [Owner : Système | Parent : 820(services.exe) | 33.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 6112 | [Owner : christian | Parent : 896(ksde.exe) | 2.33 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (18.0.0.405) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe [22/11/2017 18:13:02] CPU Usage:0 % --> Command Line : 6456 | [Owner : Système | Parent : 820(services.exe) | 4.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % --> Command Line : 5352 | [Owner : Système | Parent : 820(services.exe) | 10.25 Mo] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe [21/11/2010 05:24:03] CPU Usage:0 % --> Command Line : 6876 | [Owner : Système | Parent : 3740(SearchIndexer.exe) | 7.78 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.23930) = C:\Windows\System32\SearchProtocolHost.exe [23/11/2017 11:51:47] CPU Usage:0 % --> Command Line : 5264 | [Owner : christian | Parent : 5348() | 2.21 Mo] - (.Google - Software Reporter Tool.) - (32.167.200.0) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\SwReporter\32.167.200\software_reporter_tool.exe [11/08/2018 10:23:02] CPU Usage:0 % --> Command Line : 3980 | [Owner : christian | Parent : 5264(software_reporter_tool.exe) | 1.63 Mo] - (.Google - Software Reporter Tool.) - (32.167.200.0) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\SwReporter\32.167.200\software_reporter_tool.exe [11/08/2018 10:23:02] CPU Usage:0 % --> Command Line : 6944 | [Owner : christian | Parent : 5264(software_reporter_tool.exe) | 5.29 Mo] - (.Google - Software Reporter Tool.) - (32.167.200.0) = C:\Users\christian\AppData\Local\Google\Chrome\User Data\SwReporter\32.167.200\software_reporter_tool.exe [11/08/2018 10:23:02] CPU Usage:0 % --> Command Line : 5740 | [Owner : christian | Parent : 5348() | 36.5 Mo] - (.SosVirus - QuickDiag.) - (20.6.18.1) = C:\Users\christian\Downloads\QuickDiag.exe [18/08/2018 11:09:18] CPU Usage:0 % --> Command Line : 5676 | [Owner : Système | Parent : 820(services.exe) | 1.19 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.17673.1003) = C:\Windows\System32\CompatTelRunner.exe [12/07/2018 12:10:06] CPU Usage:0 % --> Command Line : 7124 | [Owner : Système | Parent : 652(csrss.exe) | 3.05 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.24214) = C:\Windows\System32\conhost.exe [15/08/2018 10:17:58] CPU Usage:0 % --> Command Line : 7072 | [Owner : Système | Parent : 5676(CompatTelRunner.exe) | 11.41 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.17673.1003) = C:\Windows\System32\CompatTelRunner.exe [12/07/2018 12:10:06] CPU Usage:0 % --> Command Line : 2440 | [Owner : SERVICE RÉSEAU | Parent : 1020(svchost.exe) | 7.46 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [21/11/2010 05:24:27] CPU Usage:0 % --> Command Line : 1276 | [Owner : christian | Parent : 1816(explorer.exe) | 104.67 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:8 % --> Command Line : 984 | [Owner : christian | Parent : 1276(chrome.exe) | 8.72 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : 2976 | [Owner : christian | Parent : 1276(chrome.exe) | 9.24 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : 4904 | [Owner : christian | Parent : 1276(chrome.exe) | 88.39 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : 6076 | [Owner : christian | Parent : 1276(chrome.exe) | 116.06 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : 5532 | [Owner : christian | Parent : 1276(chrome.exe) | 108.68 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : 5236 | [Owner : christian | Parent : 1276(chrome.exe) | 49.32 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : 2900 | [Owner : christian | Parent : 1276(chrome.exe) | 37.04 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> /!\ : hijacked C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "Wallpaper"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [22/11/2017 13:48:39] "LogPixels"=134 "SCRNSAVE.EXE"=C:\Windows\system32\Bubbles.scr [21/11/2010 05:24:51] "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "ExplorerStartupTraceRecorded"=1 "link"=0x1E000000 "Browse For Folder Width"=462 "Browse For Folder Height"=398 "IconUnderline"=3 "EnableAutoTray"=1 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=1 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 ""=0 "AlwaysShowMenus"=1 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=0 "TaskbarSmallIcons"=1 "TaskbarGlomLevel"=0 "Start_PowerButtonAction"=2 "ShellViewReentered"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=86 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 2560 | [Owner : christian | Parent : 1276(chrome.exe) | 61.42 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=76 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=43 "AutoAdminLogon"=0 "DefaultUserName"=christian [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultDomainName"= "DefaultUserName"= "Userinit"=userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\system32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\system32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] 5244 | [Owner : christian | Parent : 1276(chrome.exe) | 34.06 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [15/08/2018 10:18:03] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [15/08/2018 10:18:03] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "SIGN.MEDIA=BAEAD autorun.exe"=1 "SIGN.MEDIA=6B052D80 Setup.exe"=1 "SIGN.MEDIA=B3811A ASRSetup.exe"=1 "C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33 "C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1 "SIGN.MEDIA=B54B0 Drivers\AppCharger\ASRock\AsrAppChargerSetup(v1.0.6).exe"=1 "SIGN.MEDIA=AFEBC0 Utilities\GoogleToolbar\Google\(v1.0.1)\ASRock_TB_Installer.exe"=1 "SIGN.MEDIA=67952370 Utilities\A-Tuning\ASRock\ATuningSetup(v2.0.54).exe"=1 "SIGN.MEDIA=1A081EB Utilities\XFastUsb\ASRock\(v3.02.38)\Setup.exe"=1 "SIGN.MEDIA=217F678 Utilities\AdobeReader\Adobe\(v9.0)\AdbeRdr90_en_US.exe"=1 "SIGN.MEDIA=44F70A0 AsrSetup.exe"=1 "SIGN.MEDIA=44F70A0 WTLSetup.exe"=1 "SIGN.MEDIA=B8925529 setup.exe"=1 "SIGN.MEDIA=B8925529 ASRSetup.exe"=1 "SIGN.MEDIA=1305A SETUP.EXE"=1 "C:\Program Files (x86)\Midas\CueClub\Setup.exe"=1 "C:\Program Files (x86)\WinRAR\uninstall.exe"=1 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{6e8807cf-cf88-11e7-857d-806e6f6e6963}] : E:\AUTORUN.EXE (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS 1928 | [Owner : christian | Parent : 1276(chrome.exe) | 22.76 Mo] - (.Google Inc. - Google Chrome.) - (68.0.3440.106) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [16/08/2018 09:22:17] CPU Usage:0 % --> Command Line : 1000 | [Owner : Système | Parent : 2704(taskeng.exe) | 8.22 Mo] - (.Piriform Ltd - CCleaner emergency updater.) - (17.8.77.0) = C:\Windows.old\Program Files\CCleaner\CCUpdate.exe [20/07/2018 19:21:34] CPU Usage:0 % --> Command Line : 5644 | [Owner : christian | Parent : 1816(explorer.exe) | 35.48 Mo] - (.SosVirus - QuickDiag.) - (20.6.18.1) = C:\Users\christian\Downloads\QuickDiag.exe [18/08/2018 11:09:18] CPU Usage:0 % --> Command Line : ---------- | Locked Applications ---------- | Explorer.exe Hook (Microsoft Files Whitelisted) "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920218544262440 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0x990B83B98363D301 [HKLM\Software\WOW6432Node\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Svchost.exe Hook (Microsoft Files Whitelisted) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:816::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:816::200e?: temps=34 ms R?ponse de 2a00:1450:4007:816::200e?: temps=34 ms D?lai d'attente de la demande d?pass?. R?ponse de 2a00:1450:4007:816::200e?: temps=35 ms Statistiques Ping pour 2a00:1450:4007:816::200e: Paquets?: envoy?s = 4, re?us = 3, perdus = 1 (perte 25%), Dur?e approximative des boucles en millisecondes : Minimum = 34ms, Maximum = 35ms, Moyenne = 34ms [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU ASRock A-Tuning - ( [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\...\Run]) - User: christian-PC\christian HP Officejet Pro 8610 (NET) - ("C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN5CJF30D1:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\...\Run]) - User: christian-PC\christian BingSvc - (C:\Users\christian\AppData\Local\Microsoft\BingSvc\BingSvc.exe [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\...\Run]) - User: christian-PC\christian Skype for Desktop - (C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\...\Run]) - User: christian-PC\christian CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\...\Run]) - User: christian-PC\christian RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ASRock A-Tuning"= "HP Officejet Pro 8610 (NET)"="C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN5CJF30D1:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1 "BingSvc"=C:\Users\christian\AppData\Local\Microsoft\BingSvc\BingSvc.exe [13/06/2018 18:15:38] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Internet Explorer\Main] 8:41:20] "Disable Script Debugger"=yes "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR "Anchor Underline"=yes [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Display Inline Images"=yes "AsrOMG_Day1"=0x00000000 "AsrOMG_Day2"=0x00000000 m32\blank.htm "AsrOMG_Day3"=0x00000000 "=no "AsrOMG_Day4"=0x00000000 "Show_FullURL"=no "AsrOMG_Day5"=0x00000000 "Show_StatusBar"=yes "AsrOMG_Day6"=0x00000000 "Show_ToolBar"=yes "Show_URLinStatusBar"=yes [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "Enable Browser Extensions"=yes "EnableExtensions"=1 "Play_Background_Sounds"=yes "PathCompletionChar"=64 "Play_Animations"=yes "Start Page"=http://%20google.fr/ CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "DisableScriptDebuggerIE"=yes "Default_Page_URL"=http://localoem.msn.com/?pc=SBJB [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DisableFirstRunCustomize"=3 ice.dll [14/07/2009 01:37:58] "DdeSendTimeout"=0 "Default_Secondary_Page_URL"=http://www.ldlc.com "DesktopHeapLogging"=1 "OperationalData"=5 "GDIProcessHandleQuota"=10000 "CompatibilityFlags"=0 "ShutdownWarningDialogTimeout"=4294967295 "FullScreen"=no "USERNestedWindowLimit"=50 "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0D000000320000006707000008040000 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x2C248C158863D301 "TransmissionRetryTimeout"=90 "SearchBandRestoreBarCount"=0 "AppInit_DLLs"= "LoadAppInit_DLLs"=0 "SearchBandMigrationVersion"=1 "Start Page_TIMESTAMP"=0xB3DB7FAB2E35D401 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "StatusBarOther"=1 "Use FormSuggest"=no "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "PlaySounds"=0 "Expand Alt Text"=no :\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [30/05/2013 15:50:10] "UseSWRender"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] "Enable AutoImageResize"=yes "IconServiceLib"=IconCodecService.dll [14/07/2009 01:37:58] "EnableAlternativeCodec"=yes "DdeSendTimeout"=0 "Show image placeholders"=0 "DesktopHeapLogging"=1 "GotoIntranetSiteForSingleWordEntry"=0 "GDIProcessHandleQuota"=10000 "UseThemes"=1 "ShutdownWarningDialogTimeout"=4294967295 "Friendly http errors"=yes "USERNestedWindowLimit"=50 "Error Dlg Displayed On Every Error"=no "USERPostMessageLimit"=10000 "NotifyDownloadComplete"=yes "USERProcessHandleQuota"=10000 "NscSingleExpand"=0 ""=mnmsrvc "SmoothScroll"=1 "DeviceNotSelectedTimeout"=15 "Isolation"=PMIL "Spooler"=yes "DOMStorage"=1 "TransmissionRetryTimeout"=90 "MixedContentBlockImages"=0 "AppInit_DLLs"= "LoadAppInit_DLLs"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] E5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 ---------- | System.ini : "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges ---------- | Tasks List "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0x8A3A42DF8763D301 "DisableCachingOfSSLPages"=0 CCleaner Update "WarnonZoneCrossing"=0 CreateChoiceProcessTask "CertificateRevocation"=1 GoogleUpdateTaskMachineUA HPCustParticipation HP Officejet Pro 8610 StartCN "MigrateProxy"=1 ization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} {22B74545-4B8C-4CB0-98CE-60B1A8A4D89C} "ProxyEnable"=0 BD-BAF7-D99BA733E96D} {C263A594-2ECA-4260-B889-F950FD893914} "DisableIDNPrompt"=0 17-04752FFD4830} {E22A37AA-8216-428F-8750-45C9D81D94C5} "EnablePunycode"=1 ings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server "ShowPunycode"=0 [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "ProxyHttp1.1"=1 Timeout"=200 "CurrentUser"=USERNAME "EnforceP3PValidity"=0 "BootDriverFlags"=0 "WarnOnPostRedirect"=1 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "WarnonBadCertRecving"=1 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) [HKLM\Software\Microsoft\Internet Explorer\Main] "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) ecurity Risk Page"=about:SecurityRisk [HKLM\System\CurrentControlSet\Control\lsa] "Extensions Off Page"=about:NoAdd-ons "auditbaseobjects"=0 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "auditbasedirectories"=0 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "crashonauditfail"=0 "Anchor_Visitation_Horizon"=0x01000000 "fullprivilegeauditing"=0x00 "Cache_Percent_of_Disk"=0x0A000000 "Bounds"=0x0030000000200000 "Placeholder_Width"=0x1A000000 "LimitBlankPasswordUse"=1 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Notification Packages"=scecli "Use_Async_DNS"=yes "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\System32\blank.htm "LsaPid"=836 p://go.microsoft.com/fwlink/?LinkId=54896 "SecureBoot"=1 On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "everyoneincludesanonymous"=0 "forceguest"=0 gram Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium "Print_Background"=0 =1 "AlwaysShowMenus"=0 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "StatusBarWeb"=1 "SecurityProviders"=credssp.dll [15/08/2018 10:17:52] [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] [HKLM\System\CurrentControlSet\Control\Session Manager] "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "HeapDeCommitFreeBlockThreshold"=0 avcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "HeapSegmentCommit"=0 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "ExcludeFromKnownDlls"= mpat.htm bjectDirectories"=\Windows \RPC Control [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= rosoft\Windows\CurrentVersion\URL\Prefixes] osaic"=http:// "www"=http:// rrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "home"=http:// "ftp"=ftp:// imeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "AllowRemoteRPC"=0 "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 =1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files eleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 rosoft\Internet Explorer\Main] "AutoHide"=yes "PerSessionTempDir"=0 "Security Risk Page"=about:SecurityRisk "TSUserEnabled"=0 "Extensions Off Page"=about:NoAdd-ons "InstanceID"=c2b942de-c065-4fa4-bf67-c24e058 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "fCredentialLessLogonSupported"=1 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "fCredentialLessLogonSupportedTSS"=1 "Anchor_Visitation_Horizon"=0x01000000 "fCredentialLessLogonSupportedKMRDP"=1 "Cache_Percent_of_Disk"=0x0A000000 ---------- | .LNK with Arguments "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium "Print_Background"=0 "AlwaysShowMenus"=0 "StatusBarWeb"=1 "Check_Associations"=yes [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | Proxy ---------- | reparsepoint c:\windows.old\users\christian\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://r.orange.fr/r/Oodc_IEshortcut_oi_v2?ref=O_OI_defaultPage_IE_odc_shortcut) - Hidden: False - Status: OK c:\windows.old\users\christian\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer (2).lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://r.orange.fr/r/Oodc_IEshortcut_oi_v2?ref=O_OI_defaultPage_IE_odc_shortcut) - Hidden: False - Status: OK c:\windows.old\users\christian\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://r.orange.fr/r/Oodc_IEshortcut_oi_v2?ref=O_OI_defaultPage_IE_odc_shortcut) - Hidden: False - Status: OK c:\windows.old\users\christian\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://r.orange.fr/r/Oodc_IEshortcut_oi_v2?ref=O_OI_defaultPage_IE_odc_shortcut) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> /!\ : hijacked C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "Wallpaper"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [22/11/2017 13:48:39] "LogPixels"=134 "SCRNSAVE.EXE"=C:\Windows\system32\Bubbles.scr [21/11/2010 05:24:51] "WaitToKillAppTimeout"=200 "HungAppTimeout"=200 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "ExplorerStartupTraceRecorded"=1 "link"=0x1E000000 "Browse For Folder Width"=462 "Browse For Folder Height"=398 "IconUnderline"=3 "EnableAutoTray"=1 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=1 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 ""=0 "AlwaysShowMenus"=1 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=0 "TaskbarSmallIcons"=1 "TaskbarGlomLevel"=0 "Start_PowerButtonAction"=2 "ShellViewReentered"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=86 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=76 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=43 "AutoAdminLogon"=0 "DefaultUserName"=christian [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultDomainName"= "DefaultUserName"= "Userinit"=userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\system32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\system32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [15/08/2018 10:18:03] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [15/08/2018 10:18:03] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "SIGN.MEDIA=BAEAD autorun.exe"=1 "SIGN.MEDIA=6B052D80 Setup.exe"=1 "SIGN.MEDIA=B3811A ASRSetup.exe"=1 "C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33 "C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1 "SIGN.MEDIA=B54B0 Drivers\AppCharger\ASRock\AsrAppChargerSetup(v1.0.6).exe"=1 "SIGN.MEDIA=AFEBC0 Utilities\GoogleToolbar\Google\(v1.0.1)\ASRock_TB_Installer.exe"=1 "SIGN.MEDIA=67952370 Utilities\A-Tuning\ASRock\ATuningSetup(v2.0.54).exe"=1 "SIGN.MEDIA=1A081EB Utilities\XFastUsb\ASRock\(v3.02.38)\Setup.exe"=1 "SIGN.MEDIA=217F678 Utilities\AdobeReader\Adobe\(v9.0)\AdbeRdr90_en_US.exe"=1 "SIGN.MEDIA=44F70A0 AsrSetup.exe"=1 "SIGN.MEDIA=44F70A0 WTLSetup.exe"=1 "SIGN.MEDIA=B8925529 setup.exe"=1 "SIGN.MEDIA=B8925529 ASRSetup.exe"=1 "SIGN.MEDIA=1305A SETUP.EXE"=1 "C:\Program Files (x86)\Midas\CueClub\Setup.exe"=1 "C:\Program Files (x86)\WinRAR\uninstall.exe"=1 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{6e8807cf-cf88-11e7-857d-806e6f6e6963}] : E:\AUTORUN.EXE (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920218544262440 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0x990B83B98363D301 [HKLM\Software\WOW6432Node\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:816::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:816::200e?: temps=44 ms R?ponse de 2a00:1450:4007:816::200e?: temps=38 ms R?ponse de 2a00:1450:4007:816::200e?: temps=34 ms R?ponse de 2a00:1450:4007:816::200e?: temps=35 ms Statistiques Ping pour 2a00:1450:4007:816::200e: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 34ms, Maximum = 44ms, Moyenne = 37ms ---------- | @ [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://%20google.fr/ "DisableScriptDebuggerIE"=yes "Default_Page_URL"=http://localoem.msn.com/?pc=SBJB "DisableFirstRunCustomize"=3 "Default_Secondary_Page_URL"=http://www.ldlc.com "OperationalData"=5 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0D000000320000006707000008040000 "ImageStoreRandomFolder"=pohfnqq "DoNotTrack"=0 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x2C248C158863D301 "SearchBandRestoreBarCount"=0 "SearchBandMigrationVersion"=1 "Start Page_TIMESTAMP"=0xB3DB7FAB2E35D401 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "StatusBarOther"=1 "Use FormSuggest"=no "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "Move System Caret"=no "PlaySounds"=0 "Expand Alt Text"=no "UseSWRender"=0 "Enable AutoImageResize"=yes "EnableAlternativeCodec"=yes "Show image placeholders"=0 "GotoIntranetSiteForSingleWordEntry"=0 "UseThemes"=1 "Friendly http errors"=yes "Error Dlg Displayed On Every Error"=no "NotifyDownloadComplete"=yes "NscSingleExpand"=0 "SmoothScroll"=1 "Isolation"=PMIL "DOMStorage"=1 "MixedContentBlockImages"=0 "DefSpellLang"=fr-FR [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0x8A3A42DF8763D301 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "DisableIDNPrompt"=0 "EnablePunycode"=1 "ShowPunycode"=0 "ProxyHttp1.1"=1 "EnforceP3PValidity"=0 "WarnOnPostRedirect"=1 "WarnonBadCertRecving"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium "Print_Background"=0 "AlwaysShowMenus"=0 "StatusBarWeb"=1 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium "Print_Background"=0 "AlwaysShowMenus"=0 "StatusBarWeb"=1 "Check_Associations"=yes [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [15/05/2018 15:51:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [15/05/2018 15:51:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [15/05/2018 15:51:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100001001C00000001000000800600006D01000006000000C10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000067C200C5BF631F4587974D720C9A2ED90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "{4853DF44-7D6B-48E9-9258-D800EEE54AF6}"=0x44DF53486B7DE9489258D800EEE54AF6 "ITBar7Layout64"=0x13000000000000000000000004000000100003000000000001000000000000005E01000006000000C10000000000000007000000C10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044DF53486B7DE9489258D800EEE54AF667C200C5BF631F4587974D720C9A2ED900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=28 "{C500C267-63BF-451F-8797-4D720C9A2ED9}"=0x67C200C5BF631F4587974D720C9A2ED9 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={afdbddaa-5d3f-42ee-b79c-185a7020515b} "KnownProvidersUpgradeTime"=0xA5008D188863D301 "DownloadRetries"=3 "ShowSearchSuggestionsInAddressGlobal"=0 "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 "Version"=4 "UpgradeTime"=0x491608A39A67D301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "{C500C267-63BF-451F-8797-4D720C9A2ED9}"= [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={6A1806CD-94D4-4689-BA73-E35EA1EA9990} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "{C500C267-63BF-451F-8797-4D720C9A2ED9}"= [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] ---------- | SearchScopes [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B3D2A77-EDDB-4008-AE0E-A631B323F0CD}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB; : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{7B3D2A77-EDDB-4008-AE0E-A631B323F0CD}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB; : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [12/09/2017 13:13:20] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [21/01/2014 21:11:44] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\IEExt\ie_plugin.dll [23/07/2018 12:25:18] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] -> (Adobe PDF Link Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [27/02/2009 13:07:26] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [12/09/2017 13:13:20] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [21/01/2014 21:11:44] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\IEExt\ie_plugin.dll [23/07/2018 12:25:18] ---------- | Chrome C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\amkpcclbbgegoafihnpgomddadjhcadd = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__ - permissions:[nativeMessagingmanagementcookieswebRequest\u003Call_urls>webRequestBlockingstorage] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg = : __MSG_description__ - short_name: __MSG_short_name__ - permissions:[tabs\u003Call_urls>webRequestwebRequestBlockingwebNavigationstorageunlimitedStoragecontextMenus] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotifications] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotificationsidlealarms] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd] [HKLM\Software\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\MozillaPlugins\@freeconferencecall.com/launcher] - () : C:\Users\christian\AppData\Local\FCCPlugins\npfcclauncher.dll [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\2tfl3cu2.default\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20180807170231"); user_pref("browser.startup.homepage_override.mstone", "61.0.2"); user_pref("extensions.blocklist.lastModified", "Mon, 06 Aug 2018 10:11:34 GMT"); user_pref("extensions.blocklist.pingCountTotal", 7); user_pref("extensions.blocklist.pingCountVersion", 2); user_pref("extensions.databaseSchema", 26); user_pref("extensions.getAddons.cache.lastUpdate", 1533973440); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180807170231"); user_pref("extensions.lastAppVersion", "61.0.2"); user_pref("extensions.lastPlatformVersion", "61.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"webcompat@mozilla.org\":\"de0f13e3-4d82-4264-b5bb-cbfe636bb1d7\",\"light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com\":\"a0d3613c-c0d5-48b7-9072-096c316e02f0\",\"screenshots@mozilla.org\":\"fe4444eb-dd41-4751-a120-868ba81a5cb2\",\"@porn-blocker\":\"650c8bbe-4d3f-4ca7-b9ba-2e7fc6eaf8ef\",\"uBlock0@raymondhill.net\":\"cdb239ed-37b3-43ea-824e-6a4f84a87bf2\"}"); [Profile0] - Name=default -> Profiles/2tfl3cu2.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B77804EA-E6ED-4D91-A266-C8F75627AEE5}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B77804EA-E6ED-4D91-A266-C8F75627AEE5}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B77804EA-E6ED-4D91-A266-C8F75627AEE5}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "regsvc"=RemoteRegistry "DcomLaunch"=Power PlugPlay DcomLaunch "secsvcs"=WinDefend "bthsvcs"=bthserv "GPSvcGroup"=GPSvc "iissvcs"=w3svc was [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power PlugPlay DcomLaunch "iissvcs"=w3svc was ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\7-Zip] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Adobe] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\AMD] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\AppDataLow] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Apple Computer, Inc.] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Apple Inc.] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ASRock] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ATI] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\AVS4YOU] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Canon] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Chromium] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\CISRA] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Clients] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ej-technologies] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\FCC] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Google] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Hewlett-Packard] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\HP] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\I.R.I.S.] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\IM Providers] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Iris] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\JavaSoft] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\KasperskyLab] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\KasperskyLabSetup] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Malwarebytes] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Mozilla] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\MozillaPlugins] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Netscape] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ODBC] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Piriform] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Policies] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ProtectedStorage] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Realtek] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\RW-Everything] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\skype] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\skypeapp-41ab8b6eaed0] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\sysinternals] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Watchtower] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\WinRAR] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\WinRAR SFX] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Wow6432Node] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\AppDataLow\Software\Monitored] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\AppDataLow\Software\settings] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\AMD] [HKLM\Software\AMDDVR] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\AVS4YOU] [HKLM\Software\BrowserChoice] [HKLM\Software\CBSTEST] [HKLM\Software\cFos] [HKLM\Software\Clients] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\HP] [HKLM\Software\IM Providers] [HKLM\Software\INextUUID] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\KasperskyLab] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Malwarebytes] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\Sonic] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\Waves Audio] [HKLM\Software\Wow6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AMD] [HKLM\Software\WOW6432Node\ArcSoft] [HKLM\Software\WOW6432Node\ASRock] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\AVS4YOU] [HKLM\Software\WOW6432Node\Bulldog] [HKLM\Software\WOW6432Node\Canon] [HKLM\Software\WOW6432Node\CISRA] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\HP] [HKLM\Software\WOW6432Node\I.R.I.S.] [HKLM\Software\WOW6432Node\InstallShield] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\KasperskyLab] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Midas] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\PowerPivot] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\WATCHTOWER] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives D: F: ---------- | C: [14/07/2009 05:18:56] - |SHD| - [2949] - C:\$Recycle.Bin [06/08/2015 13:27:56] - |D| - [134242] - C:\$SysReset [15/09/2015 11:58:53] - |HD| - [189966] - C:\$Windows.~WS [25/07/2018 11:44:09] - |D| - [1493905] - C:\AdwCleaner [22/11/2017 20:23:01] - |D| - [1465275589] - C:\AMD [09/12/2017 12:38:57] - |SHD| - [519457] - C:\Config.Msi [14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/11/2015 16:37:12] - |ASH| - (.-.) - [3172777984] - (0.0.0.0) - C:\hiberfil.sys [25/12/2017 12:06:21] - |D| - [1789224] - C:\inetpub [22/11/2017 15:12:39] - |D| - [2263454] - C:\Intel [15/11/2015 19:16:16] - |RHD| - [913372170] - C:\MSOCache [02/01/2016 15:05:27] - |D| - [0] - C:\net-snmp-compil-win ---------- | Detection of offsets [MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/11/2015 16:37:12] - |ASH| - (.-.) - [4230373376] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 05:20:08] - |D| - [0] - C:\PerfLogs ---------- | Notify ---------- | Execution FileExts [14/07/2009 05:20:08] - |RD| - [3298857807] - C:\Program Files ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [15/05/2018 15:51:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [15/05/2018 15:51:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [15/05/2018 15:51:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "ShowDiscussionButton"=Yes [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100001001C00000001000000800600006D01000006000000C10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000067C200C5BF631F4587974D720C9A2ED90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "{4853DF44-7D6B-48E9-9258-D800EEE54AF6}"=0x44DF53486B7DE9489258D800EEE54AF6 "ITBar7Layout64"=0x13000000000000000000000004000000100003000000000001000000000000005E01000006000000C10000000000000007000000C10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044DF53486B7DE9489258D800EEE54AF667C200C5BF631F4587974D720C9A2ED900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=28 "{C500C267-63BF-451F-8797-4D720C9A2ED9}"=0x67C200C5BF631F4587974D720C9A2ED9 [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={afdbddaa-5d3f-42ee-b79c-185a7020515b} "KnownProvidersUpgradeTime"=0xA5008D188863D301 "DownloadRetries"=3 "ShowSearchSuggestionsInAddressGlobal"=0 "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 "Version"=4 "UpgradeTime"=0x491608A39A67D301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "{C500C267-63BF-451F-8797-4D720C9A2ED9}"= [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={6A1806CD-94D4-4689-BA73-E35EA1EA9990} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "{C500C267-63BF-451F-8797-4D720C9A2ED9}"= [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] ---------- | SearchScopes [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7B3D2A77-EDDB-4008-AE0E-A631B323F0CD}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB; : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{7B3D2A77-EDDB-4008-AE0E-A631B323F0CD}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB; : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [12/09/2017 13:13:20] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [21/01/2014 21:11:44] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\IEExt\ie_plugin.dll [23/07/2018 12:25:18] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] -> (Adobe PDF Link Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [27/02/2009 13:07:26] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [12/09/2017 13:13:20] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [21/01/2014 21:11:44] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/05/2018 15:57:24] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\IEExt\ie_plugin.dll [23/07/2018 12:25:18] ---------- | Chrome C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\amkpcclbbgegoafihnpgomddadjhcadd = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__ - permissions:[nativeMessagingmanagementcookieswebRequest\u003Call_urls>webRequestBlockingstorage] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg = : __MSG_description__ - short_name: __MSG_short_name__ - permissions:[tabs\u003Call_urls>webRequestwebRequestBlockingwebNavigationstorageunlimitedStoragecontextMenus] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotifications] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotificationsidlealarms] - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd] [HKLM\Software\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 19.0.0 (1)\FFExt\light_plugin_firefox\addon.xpi [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\MozillaPlugins\@freeconferencecall.com/launcher] - () : C:\Users\christian\AppData\Local\FCCPlugins\npfcclauncher.dll [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll C:\Users\christian\AppData\Roaming\Mozilla\Firefox\Profiles\2tfl3cu2.default\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20180807170231"); user_pref("browser.startup.homepage_override.mstone", "61.0.2"); user_pref("extensions.blocklist.lastModified", "Mon, 06 Aug 2018 10:11:34 GMT"); user_pref("extensions.blocklist.pingCountTotal", 7); user_pref("extensions.blocklist.pingCountVersion", 2); user_pref("extensions.databaseSchema", 26); user_pref("extensions.getAddons.cache.lastUpdate", 1533973440); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180807170231"); user_pref("extensions.lastAppVersion", "61.0.2"); user_pref("extensions.lastPlatformVersion", "61.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webextensions.uuids", "{\"webcompat@mozilla.org\":\"de0f13e3-4d82-4264-b5bb-cbfe636bb1d7\",\"light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com\":\"a0d3613c-c0d5-48b7-9072-096c316e02f0\",\"screenshots@mozilla.org\":\"fe4444eb-dd41-4751-a120-868ba81a5cb2\",\"@porn-blocker\":\"650c8bbe-4d3f-4ca7-b9ba-2e7fc6eaf8ef\",\"uBlock0@raymondhill.net\":\"cdb239ed-37b3-43ea-824e-6a4f84a87bf2\"}"); [14/07/2009 05:20:08] - |RD| - [4416349385] - C:\Program Files (x86) [Profile0] - Name=default -> Profiles/2tfl3cu2.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B77804EA-E6ED-4D91-A266-C8F75627AEE5}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{B77804EA-E6ED-4D91-A266-C8F75627AEE5}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B77804EA-E6ED-4D91-A266-C8F75627AEE5}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [14/07/2009 05:20:08] - |HD| - [1586530921] - C:\ProgramData [18/08/2018 11:10:14] - |D| - [68686] - C:\QuickDiag [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [MD5.688C26CC527A575A256EBDC2B181B68E] - [18/08/2018 11:10:38] - |A| - (.-.) - [177559] - (0.0.0.0) - C:\QuickDiag.txt [12/11/2015 16:46:49] - |SHD| - [522393532] - C:\Recovery [30/12/2014 08:00:31] - |SHD| - [0] - C:\System Volume Information [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "regsvc"=RemoteRegistry "DcomLaunch"=Power PlugPlay DcomLaunch "secsvcs"=WinDefend "bthsvcs"=bthserv "GPSvcGroup"=GPSvc "iissvcs"=w3svc was [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power PlugPlay DcomLaunch "iissvcs"=w3svc was ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\7-Zip] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Adobe] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\AMD] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\AppDataLow] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Apple Computer, Inc.] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Apple Inc.] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ASRock] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ATI] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\AVS4YOU] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Canon] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Chromium] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\CISRA] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Clients] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ej-technologies] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\FCC] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Google] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Hewlett-Packard] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\HP] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\I.R.I.S.] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\IM Providers] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Iris] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\JavaSoft] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\KasperskyLab] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\KasperskyLabSetup] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Malwarebytes] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Mozilla] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\MozillaPlugins] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Netscape] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ODBC] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Piriform] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Policies] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\ProtectedStorage] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Realtek] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\RW-Everything] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\skype] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\skypeapp-41ab8b6eaed0] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\sysinternals] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Watchtower] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\WinRAR] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\WinRAR SFX] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Wow6432Node] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\AppDataLow\Software\Monitored] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\AppDataLow\Software\settings] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\AMD] [HKLM\Software\AMDDVR] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\AVS4YOU] [HKLM\Software\BrowserChoice] [HKLM\Software\CBSTEST] [HKLM\Software\cFos] [HKLM\Software\Clients] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\HP] [HKLM\Software\IM Providers] [HKLM\Software\INextUUID] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\KasperskyLab] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Malwarebytes] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\Sonic] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\Waves Audio] [HKLM\Software\Wow6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AMD] [HKLM\Software\WOW6432Node\ArcSoft] [HKLM\Software\WOW6432Node\ASRock] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] C:\Users [HKLM\Software\WOW6432Node\AVS4YOU] [23/03/2015 10:19:27] - |D| - [6082800] - C:\Watchtower [HKLM\Software\WOW6432Node\Bulldog] [HKLM\Software\WOW6432Node\Canon] [HKLM\Software\WOW6432Node\CISRA] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\HP] [HKLM\Software\WOW6432Node\I.R.I.S.] [HKLM\Software\WOW6432Node\InstallShield] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\KasperskyLab] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Midas] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\PowerPivot] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\WATCHTOWER] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives D: F: ---------- | C: [14/07/2009 05:18:56] - |SHD| - [2949] - C:\$Recycle.Bin [06/08/2015 13:27:56] - |D| - [134242] - C:\$SysReset [15/09/2015 11:58:53] - |HD| - [189966] - C:\$Windows.~WS [25/07/2018 11:44:09] - |D| - [1493905] - C:\AdwCleaner [22/11/2017 20:23:01] - |D| - [1465275589] - C:\AMD [09/12/2017 12:38:57] - |SHD| - [519457] - C:\Config.Msi [14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/11/2015 16:37:12] - |ASH| - (.-.) - [3172777984] - (0.0.0.0) - C:\hiberfil.sys [25/12/2017 12:06:21] - |D| - [1789224] - C:\inetpub [22/11/2017 15:12:39] - |D| - [2263454] - C:\Intel [15/11/2015 19:16:16] - |RHD| - [913372170] - C:\MSOCache [02/01/2016 15:05:27] - |D| - [0] - C:\net-snmp-compil-win [MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/11/2015 16:37:12] - |ASH| - (.-.) - [4230373376] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 05:20:08] - |D| - [0] - C:\PerfLogs [14/07/2009 05:20:08] - |RD| - [3298857807] - C:\Program Files [14/07/2009 05:20:08] - |D| - [34100763709] - C:\Windows [14/07/2009 05:20:08] - |RD| - [4416349385] - C:\Program Files (x86) [14/07/2009 05:20:08] - |HD| - [1586530921] - C:\ProgramData [18/08/2018 11:10:14] - |D| - [68686] - C:\QuickDiag [MD5.B97DB9AA5CBC4C3374AB218F72898488] - [18/08/2018 11:10:38] - |A| - (.-.) - [191574] - (0.0.0.0) - C:\QuickDiag.txt [12/11/2015 16:46:49] - |SHD| - [522393532] - C:\Recovery [30/12/2014 08:00:31] - |SHD| - [0] - C:\System Volume Information [14/07/2009 05:20:08] - |RD| - [7618870051] - C:\Users [23/03/2015 10:19:27] - |D| - [6082800] - C:\Watchtower [14/07/2009 05:20:08] - |D| - [34100762305] - C:\Windows [22/11/2017 13:06:19] - |D| - [371140310490] - C:\Windows.old ---------- | C:\Windows [14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins [14/07/2009 05:20:08] - |D| - [14918213] - C:\Windows\AppCompat [14/07/2009 05:20:08] - |D| - [10979246] - C:\Windows\AppPatch [22/11/2017 15:35:09] - |D| - [582] - C:\Windows\ASRock [14/07/2009 05:20:08] - |RSD| - [1499860196] - C:\Windows\assembly [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [21/11/2010 05:24:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 05:20:09] - |D| - [29189358] - C:\Windows\Boot [MD5.69A551DB3DB9A08F9D25D0F2196DBD8B] - [14/07/2009 07:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 05:20:09] - |D| - [3233280] - C:\Windows\Branding [14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors [14/07/2009 06:45:54] - |D| - [2295] - C:\Windows\debug [14/07/2009 07:32:38] - |D| - [3044378] - C:\Windows\diagnostics [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files [12/04/2011 11:27:58] - |D| - [118084593] - C:\Windows\ehome [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\en-US [MD5.E185BDA84E5F03F4E1D8DCA30E209277] - [19/06/2014 13:12:01] - |A| - (.-.) - [1912] - (0.0.0.0) - C:\Windows\epplauncher.mif [MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [23/11/2017 11:49:45] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3229696] - (6.1.7601.23537) - C:\Windows\explorer.exe [14/07/2009 05:20:09] - |RSD| - [472478785] - C:\Windows\Fonts [12/04/2011 11:16:36] - |D| - [142336] - C:\Windows\fr-FR [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 05:20:09] - |D| - [21741460] - C:\Windows\Globalization [14/07/2009 05:20:09] - |D| - [40554785] - C:\Windows\Help [MD5.A66E522F3CBFB8709EA37844922A002E] - [23/11/2017 11:51:59] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7601.23834) - C:\Windows\HelpPane.exe [MD5.12589371C087A76B6E8E152939E59E98] - [09/05/2018 11:20:19] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7601.24134) - C:\Windows\hh.exe [MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [12/04/2011 11:28:50] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml [14/07/2009 05:20:09] - |D| - [143547244] - C:\Windows\IME [14/07/2009 05:20:10] - |D| - [176811588] - C:\Windows\inf [19/06/2014 13:10:58] - |SHD| - [10930407876] - C:\Windows\Installer [14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\LiveKernelReports [14/07/2009 05:20:10] - |D| - [128558971] - C:\Windows\Logs [14/07/2009 05:20:10] - |RSD| - [13327133] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 05:20:10] - |D| - [972981584] - C:\Windows\Microsoft.NET [19/06/2014 13:56:31] - |D| - [4206] - C:\Windows\Migration [23/11/2017 11:16:14] - |D| - [0] - C:\Windows\Minidump [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [23/11/2017 11:13:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe [19/06/2014 14:08:08] - |D| - [106090] - C:\Windows\OEMFolder [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages [MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/12/2017 14:29:48] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\OpPrintServer.INI [19/06/2014 14:08:25] - |D| - [1649287] - C:\Windows\Panther [MD5.F007C4273BA24B52A56387E899311DB7] - [09/12/2017 14:20:53] - |A| - (.Eastman Kodak Company Copyright 1995 - PCDLIB32.) - [212480] - (3.0.0.0) - C:\Windows\pcdlib32.dll [27/12/2017 15:03:59] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 07:32:38] - |D| - [62139310] - C:\Windows\Performance [MD5.8B3926FF0318486AA10C1F008760FC88] - [17/08/2018 10:29:09] - |A| - (.-.) - [316] - (0.0.0.0) - C:\Windows\PFRO.log [14/07/2009 05:20:10] - |D| - [1124149] - C:\Windows\PLA [14/07/2009 05:20:10] - |D| - [2972247] - C:\Windows\PolicyDefinitions [19/06/2014 13:09:02] - |D| - [52979965] - C:\Windows\Prefetch [MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\registration [14/07/2009 05:20:10] - |D| - [8643240] - C:\Windows\rescache [14/07/2009 05:20:10] - |D| - [1674534] - C:\Windows\Resources [MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [22/11/2017 15:22:00] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\Windows\RtlExUpd.dll [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache [14/07/2009 05:20:10] - |D| - [58021] - C:\Windows\schemas [14/07/2009 05:20:10] - |D| - [1058814] - C:\Windows\security [14/07/2009 06:45:47] - |D| - [78281508] - C:\Windows\ServiceProfiles [14/07/2009 05:20:10] - |D| - [90510691] - C:\Windows\servicing [14/07/2009 06:45:50] - |D| - [42] - C:\Windows\Setup [MD5.9982DE5B241F4776F71698EB4D4FC7E9] - [17/08/2018 10:29:28] - |A| - (.-.) - [168] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/08/2018 10:29:28] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [27/12/2017 15:00:21] - |D| - [66140] - C:\Windows\SHELLNEW [22/11/2017 13:06:19] - |D| - [371140310490] - C:\Windows.old ---------- | C:\Windows [14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins [14/07/2009 05:20:08] - |D| - [14918213] - C:\Windows\AppCompat [14/07/2009 05:20:08] - |D| - [10979246] - C:\Windows\AppPatch [22/11/2017 15:35:09] - |D| - [582] - C:\Windows\ASRock [22/11/2017 13:22:13] - |D| - [2239007169] - C:\Windows\SoftwareDistribution [14/07/2009 05:20:10] - |D| - [70579144] - C:\Windows\Speech [MD5.127AA81343A7C6F665C22CB1293B0A90] - [20/06/2014 09:19:25] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\Windows\splwow64.exe [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 05:20:08] - |RSD| - [1499860196] - C:\Windows\assembly [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [21/11/2010 05:24:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 05:20:09] - |D| - [29189358] - C:\Windows\Boot em32 [MD5.69A551DB3DB9A08F9D25D0F2196DBD8B] - [14/07/2009 07:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 05:20:09] - |D| - [3233280] - C:\Windows\Branding [14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors [14/07/2009 06:45:54] - |D| - [2295] - C:\Windows\debug [14/07/2009 07:32:38] - |D| - [3044378] - C:\Windows\diagnostics [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files [14/07/2009 05:20:14] - |D| - [1299889473] - C:\Windows\SysWOW64 [12/04/2011 11:27:58] - |D| - [118084593] - C:\Windows\ehome [14/07/2009 05:20:14] - |D| - [32488] - C:\Windows\Tasks [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\en-US [14/07/2009 05:20:14] - |D| - [12281505] - C:\Windows\Temp [MD5.E185BDA84E5F03F4E1D8DCA30E209277] - [19/06/2014 13:12:01] - |A| - (.-.) - [1912] - (0.0.0.0) - C:\Windows\epplauncher.mif [14/07/2009 05:20:14] - |D| - [14913555] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 07:32:38] - |D| - [5106454] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [21/11/2010 05:25:10] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [23/11/2017 11:49:45] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3229696] - (6.1.7601.23537) - C:\Windows\explorer.exe [14/07/2009 05:20:09] - |RSD| - [472478785] - C:\Windows\Fonts [12/04/2011 11:16:36] - |D| - [142336] - C:\Windows\fr-FR [MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 05:20:09] - |D| - [21741460] - C:\Windows\Globalization [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [14/07/2009 05:20:09] - |D| - [40554785] - C:\Windows\Help [14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss [14/07/2009 05:20:14] - |D| - [40681427] - C:\Windows\Web [MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - [14/07/2009 04:34:57] - |A| - (.-.) - [478] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.A66E522F3CBFB8709EA37844922A002E] - [23/11/2017 11:51:59] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7601.23834) - C:\Windows\HelpPane.exe [MD5.12589371C087A76B6E8E152939E59E98] - [09/05/2018 11:20:19] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7601.24134) - C:\Windows\hh.exe [MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [12/04/2011 11:28:50] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml [14/07/2009 05:20:09] - |D| - [143547244] - C:\Windows\IME [14/07/2009 05:20:10] - |D| - [176811588] - C:\Windows\inf [19/06/2014 13:10:58] - |SHD| - [10930407876] - C:\Windows\Installer [14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\LiveKernelReports [14/07/2009 05:20:10] - |D| - [128558971] - C:\Windows\Logs [14/07/2009 05:20:10] - |RSD| - [13327133] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [MD5.E007D6FFC2E7B624320BE178BA37519C] - [22/11/2017 13:21:36] - |A| - (.-.) - [1570660] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 05:20:10] - |D| - [972981584] - C:\Windows\Microsoft.NET [19/06/2014 13:56:31] - |D| - [4206] - C:\Windows\Migration [23/11/2017 11:16:14] - |D| - [0] - C:\Windows\Minidump [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [23/11/2017 11:13:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe [19/06/2014 14:08:08] - |D| - [106090] - C:\Windows\OEMFolder [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages [MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/12/2017 14:29:48] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\OpPrintServer.INI [19/06/2014 14:08:25] - |D| - [1649287] - C:\Windows\Panther [MD5.F007C4273BA24B52A56387E899311DB7] - [09/12/2017 14:20:53] - |A| - (.Eastman Kodak Company Copyright 1995 - PCDLIB32.) - [212480] - (3.0.0.0) - C:\Windows\pcdlib32.dll [27/12/2017 15:03:59] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 07:32:38] - |D| - [62139310] - C:\Windows\Performance [MD5.8B3926FF0318486AA10C1F008760FC88] - [17/08/2018 10:29:09] - |A| - (.-.) - [316] - (0.0.0.0) - C:\Windows\PFRO.log [14/07/2009 05:20:10] - |D| - [1124149] - C:\Windows\PLA [14/07/2009 05:20:10] - |D| - [2972247] - C:\Windows\PolicyDefinitions [19/06/2014 13:09:02] - |D| - [52979965] - C:\Windows\Prefetch [MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\registration [14/07/2009 05:20:10] - |D| - [8643240] - C:\Windows\rescache [14/07/2009 05:20:10] - |D| - [1674534] - C:\Windows\Resources [MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [22/11/2017 15:22:00] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\Windows\RtlExUpd.dll [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache [14/07/2009 05:20:10] - |D| - [58021] - C:\Windows\schemas [14/07/2009 05:20:10] - |D| - [1058814] - C:\Windows\security [14/07/2009 06:45:47] - |D| - [78281508] - C:\Windows\ServiceProfiles [14/07/2009 05:20:10] - |D| - [90510691] - C:\Windows\servicing [14/07/2009 06:45:50] - |D| - [42] - C:\Windows\Setup [MD5.9982DE5B241F4776F71698EB4D4FC7E9] - [17/08/2018 10:29:28] - |A| - (.-.) - [168] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/08/2018 10:29:28] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [27/12/2017 15:00:21] - |D| - [66140] - C:\Windows\SHELLNEW [22/11/2017 13:22:13] - |D| - [2239007169] - C:\Windows\SoftwareDistribution [14/07/2009 05:20:10] - |D| - [70579144] - C:\Windows\Speech [MD5.127AA81343A7C6F665C22CB1293B0A90] - [20/06/2014 09:19:25] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\Windows\splwow64.exe [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 05:20:10] - |D| - [5034945137] - C:\Windows\System32 [14/07/2009 05:20:14] - |D| - [1299889473] - C:\Windows\SysWOW64 [14/07/2009 05:20:14] - |D| - [15] - C:\Windows\TAPI [14/07/2009 05:20:14] - |D| - [32488] - C:\Windows\Tasks [14/07/2009 05:20:14] - |D| - [12281505] - C:\Windows\Temp [14/07/2009 05:20:14] - |D| - [14913555] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 07:32:38] - |D| - [5106454] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [21/11/2010 05:25:10] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss [14/07/2009 05:20:14] - |D| - [40681427] - C:\Windows\Web [MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - [14/07/2009 04:34:57] - |A| - (.-.) - [478] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.E007D6FFC2E7B624320BE178BA37519C] - [22/11/2017 13:21:36] - |A| - (.-.) - [1570660] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 05:20:14] - |D| - [10490426559] - C:\Windows\winsxs [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe ---------- | C:\Windows\System32\GroupPolicy [22/11/2017 18:01:36] - |D| - [0] - C:\Windows\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [09/01/2004 19:32:40] - C:\Windows\Installer\14cfed.msi : (PhotoStitch - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/03/2004 20:36:14] - C:\Windows\Installer\14cff4.msi : (ZoomBrowser - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/07/2009 05:20:14] - |D| - [10490426559] - C:\Windows\winsxs [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe ---------- | C:\Windows\System32\GroupPolicy [06/05/2004 16:59:46] - C:\Windows\Installer\14d007.msi : (Canon Camera Support Core Library - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/11/2017 18:01:36] - |D| - [0] - C:\Windows\System32\GroupPolicy\User ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [08/04/2004 18:14:54] - C:\Windows\Installer\14d00c.msi : (Camera Window - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/01/2004 19:58:42] - C:\Windows\Installer\14d017.msi : (Internet Library for ZoomBrowser EX - Canon Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/01/2004 23:44:58] - C:\Windows\Installer\14d01b.msi : (Canon PhotoRecord - Canon Information Systems Research Australia) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/01/2004 19:32:40] - C:\Windows\Installer\14cfed.msi : (PhotoStitch - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/03/2004 20:36:14] - C:\Windows\Installer\14cff4.msi : (ZoomBrowser - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/04/2004 17:45:24] - C:\Windows\Installer\14d026.msi : (RAW Image Task 1.1 - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/04/2004 19:37:02] - C:\Windows\Installer\14d031.msi : (RemoteCapture Task 1.0.3 - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/12/2003 19:27:14] - C:\Windows\Installer\14d03c.msi : (MovieEdit Task - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/05/2004 16:59:46] - C:\Windows\Installer\14d007.msi : (Canon Camera Support Core Library - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/08/2018 09:19:18] - C:\Windows\Installer\2a2706.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/06/2008 12:09:11] - C:\Windows\Installer\3949a.msi : (Adobe AIR Installer - Adobe Systems Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/04/2004 18:14:54] - C:\Windows\Installer\14d00c.msi : (Camera Window - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/01/2004 19:58:42] - C:\Windows\Installer\14d017.msi : (Internet Library for ZoomBrowser EX - Canon Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/02/2009 06:10:53] - C:\Windows\Installer\3b148d.msi : (ADOBER~1.0|Adobe Reader 9 - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/01/2004 23:44:58] - C:\Windows\Installer\14d01b.msi : (Canon PhotoRecord - Canon Information Systems Research Australia) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/04/2004 17:45:24] - C:\Windows\Installer\14d026.msi : (RAW Image Task 1.1 - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/04/2004 19:37:02] - C:\Windows\Installer\14d031.msi : (RemoteCapture Task 1.0.3 - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/12/2003 19:27:14] - C:\Windows\Installer\14d03c.msi : (MovieEdit Task - Canon) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/08/2018 09:19:18] - C:\Windows\Installer\2a2706.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/06/2008 12:09:11] - C:\Windows\Installer\3949a.msi : (Adobe AIR Installer - Adobe Systems Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/02/2009 06:10:53] - C:\Windows\Installer\3b148d.msi : (ADOBER~1.0|Adobe Reader 9 - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/07/2018 12:17:29] - C:\Windows\Installer\3ddd4d.msi : (Kaspersky Anti-Virus - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/07/2018 12:17:29] - C:\Windows\Installer\3ddd4d.msi : (Kaspersky Anti-Virus - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2014 02:45:38] - C:\Windows\Installer\53f5bc.msi : (HP Officejet Pro 8610 Basic Device Software - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2014 02:45:38] - C:\Windows\Installer\53f5bc.msi : (HP Officejet Pro 8610 Basic Device Software - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2014 02:55:00] - C:\Windows\Installer\53f5c4.msi : (Product Improvement Study for HP Officejet Pro 8610 - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2014 02:55:00] - C:\Windows\Installer\53f5c4.msi : (Product Improvement Study for HP Officejet Pro 8610 - Hewlett-Packard Co.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/06/2013 21:29:12] - C:\Windows\Installer\53f5cc.msi : (HP Update - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/06/2013 21:29:12] - C:\Windows\Installer\53f5cc.msi : (HP Update - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/03/2013 01:56:02] - C:\Windows\Installer\53f5d4.msi : (I.R.I.S. OCR - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/03/2013 01:56:02] - C:\Windows\Installer\53f5d4.msi : (I.R.I.S. OCR - HP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/08/2013 22:54:50] - C:\Windows\Installer\53f5dc.msi : (HP Officejet Pro 8610 Get product specific help to easily troubleshoot and fix problems. - Hewlett Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/08/2013 22:54:50] - C:\Windows\Installer\53f5dc.msi : (HP Officejet Pro 8610 Get product specific help to easily troubleshoot and fix problems. - Hewlett Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/11/2017 15:02:23] - C:\Windows\Installer\53f5f3.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/11/2017 18:04:45] - C:\Windows\Installer\7d9c9.msi : (Kaspersky Secure Connection - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/11/2017 03:50:08] - C:\Windows\Installer\82ba6f.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/11/2017 03:50:08] - C:\Windows\Installer\82ba6f.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/11/2017 03:58:42] - C:\Windows\Installer\82ba77.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/11/2017 03:58:42] - C:\Windows\Installer\82ba77.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2017 12:43:16] - C:\Windows\Installer\82ba7e.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/11/2017 03:46:42] - C:\Windows\Installer\82ba86.msi : (AMD Problem Report Wizard (64 bit) - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/11/2017 21:08:45] - C:\Windows\Installer\ab877.msi : (Asmedia USB Host Controller Driver - Asmedia Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2017 12:43:16] - C:\Windows\Installer\82ba7e.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/11/2017 03:46:42] - C:\Windows\Installer\82ba86.msi : (AMD Problem Report Wizard (64 bit) - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/11/2017 21:08:45] - C:\Windows\Installer\ab877.msi : (Asmedia USB Host Controller Driver - Asmedia Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/07/2018 08:49:56] - C:\Windows\Installer\d9b35.msi : (Kaspersky Anti-Virus - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/07/2018 08:49:56] - C:\Windows\Installer\d9b35.msi : (Kaspersky Anti-Virus - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [14/07/2009 06:57:09] - [73] - C:\Windows\System32\desktop.ini [23/11/2017 11:52:28] - [16303] - C:\Windows\System32\ieuinit.inf [14/07/2009 07:13:15] - [1848032] - C:\Windows\System32\PerfStringBackup.INI [10/06/2009 23:01:25] - [60124] - C:\Windows\System32\tcpmon.ini [23/11/2017 11:52:28] - [16303] - C:\Windows\Syswow64\ieuinit.inf [14/07/2009 06:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf [19/06/2014 13:11:54] - [1822164] - C:\Windows\Syswow64\PerfStringBackup.INI ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.1DBB351171C292120DEA3748ECA85576] - |A| - [12/07/2018 12:12:11] - (.-.) - [124.99 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:08] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64 [MD5.00000000000000000000000000000000] - |D| - [17/08/2018 10:41:40] - [0 Ko] - C:\Windows\Temp\2BF88454-97FF-4EA8-9CB4-4109D2D00366-Sigs ---------- | %System%\*.in* [MD5.3FF966DAD7AAB228E2834EEB18F90662] - |A| - [15/08/2018 10:43:50] - (.-.) - [5.88 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00000.log [14/07/2009 06:57:09] - [73] - C:\Windows\System32\desktop.ini [23/11/2017 11:52:28] - [16303] - C:\Windows\System32\ieuinit.inf [14/07/2009 07:13:15] - [1848032] - C:\Windows\System32\PerfStringBackup.INI [10/06/2009 23:01:25] - [60124] - C:\Windows\System32\tcpmon.ini [23/11/2017 11:52:28] - [16303] - C:\Windows\Syswow64\ieuinit.inf [14/07/2009 06:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf [19/06/2014 13:11:54] - [1822164] - C:\Windows\Syswow64\PerfStringBackup.INI ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.EB0B3D2F6612887589EA3E6AF25D9B87] - |A| - [15/08/2018 10:44:08] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00001.log [MD5.00000000000000000000000000000000] - |D| - [16/08/2018 09:13:14] - [0.04 Ko] - C:\Windows\Temp\Crashpad [MD5.1DBB351171C292120DEA3748ECA85576] - |A| - [12/07/2018 12:12:11] - (.-.) - [124.99 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb [MD5.88EBED6FBD796FCBFF736318E579DF5F] - |A| - [15/08/2018 10:42:13] - (.-.) - [1.26 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_NDP46-KB4344146-x64_decompression_log.txt [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:08] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64 [MD5.00000000000000000000000000000000] - |D| - [17/08/2018 10:41:40] - [0 Ko] - C:\Windows\Temp\2BF88454-97FF-4EA8-9CB4-4109D2D00366-Sigs [MD5.3FF966DAD7AAB228E2834EEB18F90662] - |A| - [15/08/2018 10:43:50] - (.-.) - [5.88 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00000.log [MD5.EB0B3D2F6612887589EA3E6AF25D9B87] - |A| - [15/08/2018 10:44:08] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00001.log [MD5.00000000000000000000000000000000] - |D| - [16/08/2018 09:13:14] - [0.04 Ko] - C:\Windows\Temp\Crashpad [MD5.88EBED6FBD796FCBFF736318E579DF5F] - |A| - [15/08/2018 10:42:13] - (.-.) - [1.26 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_NDP46-KB4344146-x64_decompression_log.txt [MD5.81600BAAC7E9D8201B84E7114177FC4E] - |A| - [15/08/2018 10:43:33] - (.-.) - [17.66 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20180815_084333_513.txt [MD5.81600BAAC7E9D8201B84E7114177FC4E] - |A| - [15/08/2018 10:43:33] - (.-.) - [17.66 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20180815_084333_513.txt [MD5.0BC737D6A77BB0A63790B39B05EFD44C] - |A| - [15/08/2018 10:43:40] - (.-.) - [2.64 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20180815_084340_721.txt [MD5.0BC737D6A77BB0A63790B39B05EFD44C] - |A| - [15/08/2018 10:43:40] - (.-.) - [2.64 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20180815_084340_721.txt [MD5.00000000000000000000000000000000] - |D| - [17/08/2018 10:29:31] - [7.37 Ko] - C:\Windows\Temp\HP [MD5.00000000000000000000000000000000] - |D| - [17/08/2018 10:29:31] - [7.37 Ko] - C:\Windows\Temp\HP [MD5.429EBEA82455623251A392018E8DAEF7] - |A| - [15/08/2018 10:42:37] - (.-.) - [9778.76 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4344146_20180815_104228629-Microsoft .NET Framework 4.7.1-MSP0.txt [MD5.429EBEA82455623251A392018E8DAEF7] - |A| - [15/08/2018 10:42:37] - (.-.) - [9778.76 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4344146_20180815_104228629-Microsoft .NET Framework 4.7.1-MSP0.txt [MD5.BDD66AFD4F57AA544CF5948C602527E3] - |A| - [15/08/2018 10:42:23] - (.-.) - [99.35 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4344146_20180815_104228629.html [MD5.BDD66AFD4F57AA544CF5948C602527E3] - |A| - [15/08/2018 10:42:23] - (.-.) - [99.35 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4344146_20180815_104228629.html [MD5.66FC0FE09B6FEAB051CDFC75DE2967DD] - |A| - [15/08/2018 19:25:43] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log [MD5.66FC0FE09B6FEAB051CDFC75DE2967DD] - |A| - [15/08/2018 19:25:43] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log [MD5.69EAE713A038A0010B6C73307E58D4EC] - |A| - [17/08/2018 10:41:41] - (.-.) - [6.43 Ko] - (0.0.0.0) - C:\Windows\Temp\MpSigStub.log [MD5.13CD2799AF29E35E7536BE89B4482574] - |A| - [15/08/2018 10:43:59] - (.-.) - [10.22 Ko] - (0.0.0.0) - C:\Windows\Temp\RGIB1A4.tmp [MD5.13CD2799AF29E35E7536BE89B4482574] - |A| - [15/08/2018 10:43:59] - (.-.) - [10.22 Ko] - (0.0.0.0) - C:\Windows\Temp\RGIB1A4.tmp [MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [15/08/2018 10:43:59] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\Windows\Temp\RGIB1A4.tmp-tmp [MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [15/08/2018 10:43:59] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\Windows\Temp\RGIB1A4.tmp-tmp [MD5.11ADBD59F721901306CA1A4CBEA882B8] - |A| - [16/08/2018 08:51:07] - (.-.) - [0.4 Ko] - (0.0.0.0) - C:\Windows\Temp\ScheduledHeartbeat.log [MD5.4ACE9A6FAAC7D610A1FF9ED5B1050B4A] - |A| - [15/08/2018 10:47:06] - (.-.) - [1.71 Ko] - (0.0.0.0) - C:\Windows\Temp\TFR89BF.tmp [MD5.59071590099D21DD439896592338BF95] - |AT| - [15/08/2018 11:13:06] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP5458C41E4A46EF3B [MD5.59071590099D21DD439896592338BF95] - |AT| - [15/08/2018 11:13:06] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP5458C41E4A46EF3B [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [18/08/2018 11:17:59] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMPD0F840CE45568671 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [18/08/2018 11:17:59] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMPD0F840CE45568671 [MD5.59071590099D21DD439896592338BF95] - |AT| - [15/08/2018 13:48:01] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMPE504326F624F5552 [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [0 Ko] - C:\Windows\System32\040C [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [0 Ko] - C:\Windows\System32\040C C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 06:45:49] - (.-.) - [21.38 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 06:45:49] - (.-.) - [21.38 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 06:45:49] - (.-.) - [21.38 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [MD5.636C4D3C14289A5CE0FD29FDD51EE864] - |A| - [13/12/2017 13:58:32] - (.-.) - [115.81 Ko] - (0.0.0.0) - C:\Windows\System32\AcpiServiceVnA64.dll [MD5.636C4D3C14289A5CE0FD29FDD51EE864] - |A| - [13/12/2017 13:58:32] - (.-.) - [115.81 Ko] - (0.0.0.0) - C:\Windows\System32\AcpiServiceVnA64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [4987.5 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.2865FAF366DE0D8023CA0B0BC8ADF30C] - |A| - [15/09/2017 17:37:48] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\Windows\System32\amd-vulkan64.json [MD5.E5B584FAD4AACF99CDD7D66D40CA88CF] - |A| - [16/11/2017 02:44:04] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [117.85 Ko] - (23.20.793.0) - C:\Windows\System32\amdave64.dll [MD5.A4996222069F0FD091FED18FE922DC6F] - |A| - [16/05/2017 17:33:06] - (.-.) - [155.34 Ko] - (0.0.0.0) - C:\Windows\System32\amde31a.dat [MD5.02EA52A2C60D69873FB576B99A7F9A55] - |A| - [03/10/2017 19:13:30] - (.-.) - [162.66 Ko] - (0.0.0.0) - C:\Windows\System32\amde34a.dat [MD5.B144E3ABC7AABDD295CFFD938365E9C1] - |A| - [03/10/2017 19:13:42] - (.-.) - [162.66 Ko] - (0.0.0.0) - C:\Windows\System32\amde34b.dat [MD5.E8BD320A9263F8BA231C3C76F26944D5] - |A| - [03/10/2017 19:18:12] - (.-.) - [161.16 Ko] - (0.0.0.0) - C:\Windows\System32\amde40a.dat [MD5.EB0DA5701BC8E2BF4D4834AC9026FAF6] - |A| - [16/11/2017 02:43:48] - (.-.) - [426.38 Ko] - (0.0.0.0) - C:\Windows\System32\amdgfxinfo64.dll [MD5.3A59A5118383D3B62380151890CC77F6] - |A| - [16/11/2017 02:44:14] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [171.18 Ko] - (23.20.793.0) - C:\Windows\System32\amdhcp64.dll [MD5.61C42C5CD2B101661053C0CAF05696D4] - |A| - [07/11/2017 10:55:08] - (.-.) - [964 Ko] - (0.0.0.0) - C:\Windows\System32\amdicdxx.dat [MD5.E80CD58AC07AD5BE76B54DC35F44E2A6] - |A| - [27/08/2017 22:38:40] - (.-.) - [33.69 Ko] - (0.0.0.0) - C:\Windows\System32\AMDKernelEvents.man [MD5.8C69EE1A49644A5E29989F6A431A66D2] - |A| - [16/11/2017 02:44:32] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [845.88 Ko] - (1.0.12.0) - C:\Windows\System32\amdlvr64.dll [MD5.8C69EE1A49644A5E29989F6A431A66D2] - |A| - [16/11/2017 02:44:32] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [845.88 Ko] - (1.0.12.0) - C:\Windows\System32\amdlvr64.dll [MD5.41856E83C638535F1447AE8902FF0598] - |A| - [16/11/2017 02:44:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [11800.88 Ko] - (23.20.793.0) - C:\Windows\System32\amdmantle64.dll [MD5.41856E83C638535F1447AE8902FF0598] - |A| - [16/11/2017 02:44:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [11800.88 Ko] - (23.20.793.0) - C:\Windows\System32\amdmantle64.dll [MD5.8C1AECEEA890ACEA5B1061839656CB2C] - |A| - [16/11/2017 02:42:58] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [530.88 Ko] - (1.6.0.0) - C:\Windows\System32\amdmcl64.dll [MD5.668E28CFC5D705692AA4A47E94CFAB62] - |A| - [16/11/2017 02:43:02] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [135.88 Ko] - (23.20.793.0) - C:\Windows\System32\amdmmcl6.dll [MD5.0AB8723D1E22C7D6ED8C1BC1DE6319A8] - |A| - [16/11/2017 02:44:02] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [30667.88 Ko] - (23.20.793.0) - C:\Windows\System32\amdocl12cl64.dll [MD5.0AB8723D1E22C7D6ED8C1BC1DE6319A8] - |A| - [16/11/2017 02:44:02] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [30667.88 Ko] - (23.20.793.0) - C:\Windows\System32\amdocl12cl64.dll [MD5.4FE1DC749ACEA43B6C68287186FB37F6] - |A| - [16/11/2017 02:44:22] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [60524.38 Ko] - (23.20.793.0) - C:\Windows\System32\amdocl64.dll [MD5.4FE1DC749ACEA43B6C68287186FB37F6] - |A| - [16/11/2017 02:44:22] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [60524.38 Ko] - (23.20.793.0) - C:\Windows\System32\amdocl64.dll [MD5.160D9DE09A159C0162677DAC70EACF5D] - |A| - [16/11/2017 02:44:20] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [108.83 Ko] - (23.20.793.0) - C:\Windows\System32\amdpcom64.dll [MD5.160D9DE09A159C0162677DAC70EACF5D] - |A| - [16/11/2017 02:44:20] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [108.83 Ko] - (23.20.793.0) - C:\Windows\System32\amdpcom64.dll [MD5.EFAE7AC9357A6139377BA4F9EA075467] - |A| - [16/11/2017 02:43:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [153.38 Ko] - (15.16.6.0) - C:\Windows\System32\amduve64.dll [MD5.EFAE7AC9357A6139377BA4F9EA075467] - |A| - [16/11/2017 02:43:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [153.38 Ko] - (15.16.6.0) - C:\Windows\System32\amduve64.dll [MD5.D2FE1C4F1161A1FAF8634F73C7D24CDA] - |A| - [16/11/2017 02:43:20] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [13210.88 Ko] - (1.0.54.0) - C:\Windows\System32\amdvlk64.dll [MD5.D2FE1C4F1161A1FAF8634F73C7D24CDA] - |A| - [16/11/2017 02:43:20] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [13210.88 Ko] - (1.0.54.0) - C:\Windows\System32\amdvlk64.dll [MD5.979D05A84466F88893C8BAF88CEE96FA] - |A| - [16/11/2017 02:43:30] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [2848.88 Ko] - (1.4.6.0) - C:\Windows\System32\amfrt64.dll [MD5.00000000000000000000000000000000] - |D| - [23/11/2017 12:08:50] - [2598.96 Ko] - C:\Windows\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [201.5 Ko] - C:\Windows\System32\ar-SA [MD5.6429AB887BBDF397DEA6DD9CA47984FF] - |A| - [11/01/2017 05:59:44] - (.-.) - [27.37 Ko] - (0.0.0.0) - C:\Windows\System32\asmtxhcicoinstaller.dll [MD5.CD6182A1D053B26BAC8ACAF8BFCC4211] - |A| - [16/11/2017 02:44:24] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [1420.88 Ko] - (23.20.793.0) - C:\Windows\System32\atiadlxx.dll [MD5.29CC962196FF1817996AB9EF55A17A93] - |A| - [16/11/2017 00:58:28] - (.-.) - [816.59 Ko] - (0.0.0.0) - C:\Windows\System32\atiapfxx.blb [MD5.29CC962196FF1817996AB9EF55A17A93] - |A| - [16/11/2017 00:58:28] - (.-.) - [816.59 Ko] - (0.0.0.0) - C:\Windows\System32\atiapfxx.blb [MD5.8FDC6DC29CBBC9345857F152977652EB] - |A| - [16/11/2017 02:44:32] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [70.38 Ko] - (23.20.793.0) - C:\Windows\System32\aticalcl64.dll [MD5.8FDC6DC29CBBC9345857F152977652EB] - |A| - [16/11/2017 02:44:32] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [70.38 Ko] - (23.20.793.0) - C:\Windows\System32\aticalcl64.dll [MD5.F974914CE9B7C979D2294C830AFC321C] - |A| - [16/11/2017 02:44:42] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15359.88 Ko] - (23.20.793.0) - C:\Windows\System32\aticaldd64.dll [MD5.F974914CE9B7C979D2294C830AFC321C] - |A| - [16/11/2017 02:44:42] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15359.88 Ko] - (23.20.793.0) - C:\Windows\System32\aticaldd64.dll [MD5.006EBDF34755A3C0ADB0B291B87F790B] - |A| - [16/11/2017 02:44:50] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [76.88 Ko] - (23.20.793.0) - C:\Windows\System32\aticalrt64.dll [MD5.006EBDF34755A3C0ADB0B291B87F790B] - |A| - [16/11/2017 02:44:50] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [76.88 Ko] - (23.20.793.0) - C:\Windows\System32\aticalrt64.dll [MD5.3D64B6A2C6773067822D4F539A887177] - |A| - [16/11/2017 02:46:04] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1886.64 Ko] - (23.20.793.0) - C:\Windows\System32\aticfx64.dll [MD5.3D64B6A2C6773067822D4F539A887177] - |A| - [16/11/2017 02:46:04] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1886.64 Ko] - (23.20.793.0) - C:\Windows\System32\aticfx64.dll [MD5.113498F6D0220C12852ED397544BB824] - |A| - [16/11/2017 02:44:54] - (.2002-2012 - Graphics DEM.) - [447.88 Ko] - (4.5.6528.32181) - C:\Windows\System32\atidemgy.dll [MD5.E4CF1643E41BC728A0C10E73E8C5D4AB] - |A| - [16/11/2017 02:46:18] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [15574.41 Ko] - (23.20.793.0) - C:\Windows\System32\atidxx64.dll [MD5.E4CF1643E41BC728A0C10E73E8C5D4AB] - |A| - [16/11/2017 02:46:18] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [15574.41 Ko] - (23.20.793.0) - C:\Windows\System32\atidxx64.dll [MD5.55807F21088F89863ADE771A0C0D598D] - |A| - [16/11/2017 02:44:58] - (.-.) - [395.88 Ko] - (0.0.0.0) - C:\Windows\System32\atieah64.exe [MD5.A70FF99CCE25980D14244DFABBE249AB] - |A| - [16/11/2017 02:45:00] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [683.38 Ko] - (23.20.793.0) - C:\Windows\System32\atieclxx.exe [MD5.7868AFCD4E81693BE6CAC67C05E17019] - |A| - [16/11/2017 02:45:04] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [461.38 Ko] - (23.20.793.0) - C:\Windows\System32\atiesrxx.exe [MD5.7868AFCD4E81693BE6CAC67C05E17019] - |A| - [16/11/2017 02:45:04] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [461.38 Ko] - (23.20.793.0) - C:\Windows\System32\atiesrxx.exe [MD5.434F93CE5599DE2A25142CA3351D25D8] - |A| - [16/11/2017 02:45:06] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [141.38 Ko] - (23.20.793.0) - C:\Windows\System32\atig6pxx.dll [MD5.D538C782F5FD3663F2388310AB42B689] - |A| - [16/11/2017 02:45:06] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [217.88 Ko] - (23.20.793.0) - C:\Windows\System32\atig6txx.dll [MD5.4D28D7DBD4E097F943292519399B4EC1] - |A| - [16/11/2017 02:45:10] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [121.88 Ko] - (23.20.793.0) - C:\Windows\System32\atiglpxx.dll [MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [06/11/2014 12:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\Windows\System32\atiicdxx.dat [MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [06/11/2014 12:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\Windows\System32\atiicdxx.dat [MD5.160D9DE09A159C0162677DAC70EACF5D] - |A| - [16/11/2017 02:44:20] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [108.83 Ko] - (23.20.793.0) - C:\Windows\System32\atimpc64.dll [MD5.24DC503E48A024CC02F76845A290AE2B] - |A| - [16/11/2017 02:45:14] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [112.88 Ko] - (23.20.793.0) - C:\Windows\System32\atimuixx.dll [MD5.382F568A55DDC6501F11A20579F85513] - |A| - [16/11/2017 02:42:38] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [34395.38 Ko] - (23.20.793.0) - C:\Windows\System32\atio6axx.dll [MD5.382F568A55DDC6501F11A20579F85513] - |A| - [16/11/2017 02:42:38] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [34395.38 Ko] - (23.20.793.0) - C:\Windows\System32\atio6axx.dll [MD5.46BCC7EC4F2C2FDAB8776BB2D6FF2AB9] - |A| - [16/11/2017 02:45:20] - (.Copyright (C) 2008 - ATIODCLI Application.) - [65.88 Ko] - (23.20.793.0) - C:\Windows\System32\ATIODCLI.exe [MD5.46BCC7EC4F2C2FDAB8776BB2D6FF2AB9] - |A| - [16/11/2017 02:45:20] - (.Copyright (C) 2008 - ATIODCLI Application.) - [65.88 Ko] - (23.20.793.0) - C:\Windows\System32\ATIODCLI.exe [MD5.FABA7A1F16CD35E606394BD82B8D4757] - |A| - [16/11/2017 02:45:22] - (.Copyright (C) 2008 - ATIODE Application.) - [340.88 Ko] - (23.20.793.0) - C:\Windows\System32\ATIODE.exe [MD5.FABA7A1F16CD35E606394BD82B8D4757] - |A| - [16/11/2017 02:45:22] - (.Copyright (C) 2008 - ATIODE Application.) - [340.88 Ko] - (23.20.793.0) - C:\Windows\System32\ATIODE.exe [MD5.480813E669190B62094353C0BA8E7F5B] - |A| - [16/11/2017 02:43:50] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [144.88 Ko] - (23.20.793.0) - C:\Windows\System32\atisamu64.dll [MD5.97099567E4CDBD21572A87502318BE11] - |A| - [16/11/2017 02:45:16] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [463.88 Ko] - (23.20.793.0) - C:\Windows\System32\atitmm64.dll [MD5.6D3388BE099781F036355485DC220574] - |A| - [16/11/2017 02:45:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [169.16 Ko] - (23.20.793.0) - C:\Windows\System32\atiu9p64.dll [MD5.DAE1FA94AD60AF79403D6DA4083EE435] - |A| - [16/11/2017 02:45:52] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [11308.07 Ko] - (23.20.793.0) - C:\Windows\System32\atiumd64.dll [MD5.DAE1FA94AD60AF79403D6DA4083EE435] - |A| - [16/11/2017 02:45:52] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [11308.07 Ko] - (23.20.793.0) - C:\Windows\System32\atiumd64.dll [MD5.70C2B12E56B350EAD1E674A3C920A27E] - |A| - [16/11/2017 02:04:20] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\Windows\System32\atiumd6a.cap [MD5.70C2B12E56B350EAD1E674A3C920A27E] - |A| - [16/11/2017 02:04:20] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\Windows\System32\atiumd6a.cap [MD5.0218EC26022DCAFD3EB9BB0960DA537D] - |A| - [16/11/2017 02:44:22] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [11689.8 Ko] - (23.20.793.0) - C:\Windows\System32\atiumd6a.dll [MD5.2A03040D8B81EDB36E262D254ADC2565] - |A| - [16/11/2017 02:46:02] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [191.3 Ko] - (23.20.793.0) - C:\Windows\System32\atiuxp64.dll [MD5.913A194E8FC2E5D0DEC552D68679D7B6] - |A| - [12/04/2017 19:20:16] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\Windows\System32\ativce02.dat [MD5.88AFA2336152B4C4FDC19A1A56ACBE54] - |A| - [03/10/2017 19:14:48] - (.-.) - [157 Ko] - (0.0.0.0) - C:\Windows\System32\ativce03.dat [MD5.36776A9E27F69695331EED4149C2EBC4] - |A| - [08/02/2017 01:41:42] - (.-.) - [228.8 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik.dat [MD5.757F192F2E89625496597D0AD2CE0D5E] - |A| - [08/02/2017 01:41:48] - (.-.) - [228.55 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik_nd.dat [MD5.757F192F2E89625496597D0AD2CE0D5E] - |A| - [08/02/2017 01:41:48] - (.-.) - [228.55 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik_nd.dat [MD5.66AA125ADB854192AADEA95CDCE2E2AD] - |A| - [27/09/2017 20:57:08] - (.-.) - [265.22 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cz_nd.dat [MD5.66AA125ADB854192AADEA95CDCE2E2AD] - |A| - [27/09/2017 20:57:08] - (.-.) - [265.22 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cz_nd.dat [MD5.4655222FCD29759C5F108F5302BA3EB0] - |A| - [27/10/2017 21:26:32] - (.-.) - [364.13 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_el_nd.dat [MD5.4655222FCD29759C5F108F5302BA3EB0] - |A| - [27/10/2017 21:26:32] - (.-.) - [364.13 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_el_nd.dat [MD5.E02F85FADA540AF74BDFE95407E79A2C] - |A| - [27/09/2017 22:23:40] - (.-.) - [260.64 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ.dat [MD5.E02F85FADA540AF74BDFE95407E79A2C] - |A| - [27/09/2017 22:23:40] - (.-.) - [260.64 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ.dat [MD5.C2A709AFDDECB9F99FDA4946FC634119] - |A| - [27/09/2017 22:23:54] - (.-.) - [260.39 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ_nd.dat [MD5.C2A709AFDDECB9F99FDA4946FC634119] - |A| - [27/09/2017 22:23:54] - (.-.) - [260.39 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ_nd.dat [MD5.14D9BBBAF6C98BA8418EDC674D167CEA] - |A| - [27/10/2017 22:01:40] - (.-.) - [362.31 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_gl_nd.dat [MD5.14D9BBBAF6C98BA8418EDC674D167CEA] - |A| - [27/10/2017 22:01:40] - (.-.) - [362.31 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_gl_nd.dat [MD5.6172FC102F56F168FDD3DC0D26EB8B4F] - |A| - [05/10/2017 20:54:14] - (.-.) - [330.97 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_rv.dat [MD5.6172FC102F56F168FDD3DC0D26EB8B4F] - |A| - [05/10/2017 20:54:14] - (.-.) - [330.97 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_rv.dat [MD5.BEE355566E23C55B47D6728B5EB79B79] - |A| - [27/09/2017 21:00:40] - (.-.) - [270.47 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_stn_nd.dat [MD5.9465B6BB3FB4E0F42A163B41EB4F66F5] - |A| - [08/02/2017 01:33:22] - (.-.) - [317.69 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi.dat [MD5.9465B6BB3FB4E0F42A163B41EB4F66F5] - |A| - [08/02/2017 01:33:22] - (.-.) - [317.69 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi.dat [MD5.F18E51472AAC4404A761F0E55C679221] - |A| - [08/02/2017 01:33:06] - (.-.) - [317.44 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi_nd.dat [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [16/11/2017 02:02:56] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [16/11/2017 02:02:56] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsvl.dat [MD5.269B9E793A48244E81FB4CC4C163A666] - |A| - [13/12/2017 13:58:33] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\Windows\System32\audioLibVc.dll [MD5.269B9E793A48244E81FB4CC4C163A666] - |A| - [13/12/2017 13:58:33] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\Windows\System32\audioLibVc.dll [MD5.7722B598B7FB7D7627A2C9A2646BED3C] - |A| - [13/12/2017 13:58:33] - (.(c) Audyssey Labs. - Audyssey Efx Apo.) - [2923.55 Ko] - (1.0.0.30) - C:\Windows\System32\AudysseyEfx.dll [MD5.7722B598B7FB7D7627A2C9A2646BED3C] - |A| - [13/12/2017 13:58:33] - (.(c) Audyssey Labs. - Audyssey Efx Apo.) - [2923.55 Ko] - (1.0.0.30) - C:\Windows\System32\AudysseyEfx.dll [MD5.00000000000000000000000000000000] - |D| - [25/12/2017 12:06:21] - [70.98 Ko] - C:\Windows\System32\BestPractices [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [173 Ko] - C:\Windows\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [2593.84 Ko] - C:\Windows\System32\Boot [MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [14/07/2009 03:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll [MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [14/07/2009 02:07:04] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.86307775BED487005BE5D1290942FDD5] - |A| - [13/12/2017 13:58:34] - (.(c) Conexant Systems, Inc. - CAFAPI.) - [109.85 Ko] - (1.0.0.4) - C:\Windows\System32\Caf64api.dll [MD5.C5DF35C92B5E30F5E39E64110B71EC9E] - |A| - [13/12/2017 13:58:34] - (.©Conexant Systems, Inc. - Conexant Audio Processing Objects, (x64).) - [428.41 Ko] - (2.34.0.0) - C:\Windows\System32\CAF64APO2.dll [MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [14/07/2009 01:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll [MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [14/07/2009 01:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [61002.61 Ko] - C:\Windows\System32\catroot [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [33580.14 Ko] - C:\Windows\System32\catroot2 [MD5.C5A9A774D2C056A3ABC4F23F50028756] - |A| - [16/11/2017 02:45:10] - (.-.) - [334.88 Ko] - (0.0.0.0) - C:\Windows\System32\clinfo.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [8609.07 Ko] - C:\Windows\System32\CodeIntegrity [MD5.95B43A8910D6E306ED93290BE0B638F8] - |A| - [16/11/2017 02:43:38] - (.AMD. - CoInstaller DLL.) - [1203.38 Ko] - (1.0.5.9) - C:\Windows\System32\coinst_17.40.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [357 Ko] - C:\Windows\System32\com [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [357 Ko] - C:\Windows\System32\com [MD5.00000000000000000000000000000000] - |SD| - [23/11/2017 12:08:50] - [4945.69 Ko] - C:\Windows\System32\CompatTel [MD5.26733CF9ABC6D107AF6CD704E62F8F5A] - |A| - [13/12/2017 13:58:34] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [343439.26 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [432 Ko] - C:\Windows\System32\cs-CZ [MD5.717CD34B06124DC73FFBF5BD40AB4260] - |A| - [13/12/2017 13:58:34] - (.©Conexant Systems Inc. - Conexant APO.) - [1577.79 Ko] - (1.68.0.0) - C:\Windows\System32\CX64APO.dll [MD5.717CD34B06124DC73FFBF5BD40AB4260] - |A| - [13/12/2017 13:58:34] - (.©Conexant Systems Inc. - Conexant APO.) - [1577.79 Ko] - (1.68.0.0) - C:\Windows\System32\CX64APO.dll [MD5.63E3AA23557EB54D4A36FF08A8B68821] - |A| - [13/12/2017 13:58:34] - (.©Conexant Systems Inc. - Conexant MFX APO Proxy.) - [1493.3 Ko] - (1.2.0.0) - C:\Windows\System32\CX64Proxy.dll [MD5.2B4C3D9F114EE40FEAD6A86395F2FC89] - |A| - [13/12/2017 13:58:34] - (.-.) - [5.47 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.lncs [MD5.2619F745E44D4DF9D271657F7EE99F1B] - |A| - [13/12/2017 13:58:35] - (.-.) - [0.72 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.prop [MD5.2619F745E44D4DF9D271657F7EE99F1B] - |A| - [13/12/2017 13:58:35] - (.-.) - [0.72 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.prop [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [427.5 Ko] - C:\Windows\System32\da-DK [MD5.00000000000000000000000000000000] - |D| - [24/11/2017 17:50:08] - [12338.97 Ko] - C:\Windows\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [24/11/2017 17:50:08] - [12338.97 Ko] - C:\Windows\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [24/11/2017 17:50:08] - [7544.44 Ko] - C:\Windows\System32\DAX3 [MD5.00000000000000000000000000000000] - |D| - [24/11/2017 17:50:08] - [7544.44 Ko] - C:\Windows\System32\DAX3 [MD5.BBF43241CB98AECBACEFFE27E2926E6C] - |A| - [13/12/2017 13:58:37] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX APO Property Page.) - [1481.34 Ko] - (1.0.0.5) - C:\Windows\System32\DAX3APOProp.dll [MD5.AEBB3134C197EA403F6930EB53374B78] - |A| - [13/12/2017 13:58:38] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1331.15 Ko] - (1.0.0.5) - C:\Windows\System32\DAX3APOv251.dll [MD5.AEBB3134C197EA403F6930EB53374B78] - |A| - [13/12/2017 13:58:38] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1331.15 Ko] - (1.0.0.5) - C:\Windows\System32\DAX3APOv251.dll [MD5.635ED75CAFF51969F5C2E5F1ACD1083C] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.32 Ko] - (7.6.5.1) - C:\Windows\System32\DDPA64.dll [MD5.635ED75CAFF51969F5C2E5F1ACD1083C] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.32 Ko] - (7.6.5.1) - C:\Windows\System32\DDPA64.dll [MD5.8BD016DEB1E4B12DB0A609D4ABE4FC55] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [303.14 Ko] - (7.6.7.2) - C:\Windows\System32\DDPA64F3.dll [MD5.8BD016DEB1E4B12DB0A609D4ABE4FC55] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [303.14 Ko] - (7.6.7.2) - C:\Windows\System32\DDPA64F3.dll [MD5.F21F3FD20E5BC4C92D9B475158BAE4BC] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.73 Ko] - (7.6.5.1) - C:\Windows\System32\DDPD64A.dll [MD5.49398B8055DD97351A8E827CF01145EC] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1913.67 Ko] - (7.6.7.2) - C:\Windows\System32\DDPD64AF3.dll [MD5.DA58804DE8546A6416549FA655C295BF] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.77 Ko] - (7.6.5.1) - C:\Windows\System32\DDPO64A.dll [MD5.DA58804DE8546A6416549FA655C295BF] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.77 Ko] - (7.6.5.1) - C:\Windows\System32\DDPO64A.dll [MD5.87D44715D5B7E3DE3C46E9437C4E5C35] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [353.56 Ko] - (7.6.7.2) - C:\Windows\System32\DDPO64AF3.dll [MD5.87D44715D5B7E3DE3C46E9437C4E5C35] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [353.56 Ko] - (7.6.7.2) - C:\Windows\System32\DDPO64AF3.dll [MD5.062408FB813E616C6C388B5DFBB6E111] - |A| - [13/12/2017 13:58:38] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6929.87 Ko] - (7.6.5.1) - C:\Windows\System32\DDPP64A.dll [MD5.BF57C63A7FE92F63D78E469C23568AAE] - |A| - [13/12/2017 13:58:39] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6117.8 Ko] - (7.6.7.2) - C:\Windows\System32\DDPP64AF3.dll [MD5.BF57C63A7FE92F63D78E469C23568AAE] - |A| - [13/12/2017 13:58:39] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6117.8 Ko] - (7.6.7.2) - C:\Windows\System32\DDPP64AF3.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [457.5 Ko] - C:\Windows\System32\de-DE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [457.5 Ko] - C:\Windows\System32\de-DE [MD5.1750229A56EA3FFB3E0ADF8216EB3018] - |A| - [02/09/2017 01:13:52] - (.Advanced Micro Devices. - Delay Audio Processing Object.) - [101 Ko] - (1.0.0.1) - C:\Windows\System32\DelayAPO.dll [MD5.1750229A56EA3FFB3E0ADF8216EB3018] - |A| - [02/09/2017 01:13:52] - (.Advanced Micro Devices. - Delay Audio Processing Object.) - [101 Ko] - (1.0.0.1) - C:\Windows\System32\DelayAPO.dll [MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 06:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini [MD5.1B2A49DA49B8F0657E74D3A5055BF9E9] - |A| - [16/11/2017 02:45:24] - (.-.) - [459.88 Ko] - (0.0.0.0) - C:\Windows\System32\dgtrayicon.exe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [5335 Ko] - C:\Windows\System32\Dism [MD5.8BF4EFB571687AB98692EE7EEDDB575D] - |A| - [13/12/2017 13:58:39] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1107.02 Ko] - (0.7.5.31) - C:\Windows\System32\DolbyDAX2APOProp.dll [MD5.0C4CEB9B1A3198A668D2FC0F74ED1A50] - |A| - [13/12/2017 13:58:39] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2387.39 Ko] - (0.7.5.31) - C:\Windows\System32\DolbyDAX2APOv201.dll [MD5.0C4CEB9B1A3198A668D2FC0F74ED1A50] - |A| - [13/12/2017 13:58:39] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2387.39 Ko] - (0.7.5.31) - C:\Windows\System32\DolbyDAX2APOv201.dll [MD5.6491DEC5C892178985748B9C5A794E08] - |A| - [13/12/2017 13:58:39] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5221.68 Ko] - (0.7.5.31) - C:\Windows\System32\DolbyDAX2APOv211.dll [MD5.6491DEC5C892178985748B9C5A794E08] - |A| - [13/12/2017 13:58:39] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5221.68 Ko] - (0.7.5.31) - C:\Windows\System32\DolbyDAX2APOv211.dll [MD5.3F007D6345CE6CF8481B0FD63EB4CBBD] - |A| - [13/12/2017 13:58:39] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [767.2 Ko] - (1.0.0.5) - C:\Windows\System32\DolbyDAX2APOvlldp.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [116824.89 Ko] - C:\Windows\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [1793702.25 Ko] - C:\Windows\System32\DriverStore [MD5.D925AB3AEE676AACF45D66FCB5D51007] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [726.52 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBassEnhancementDLL64.dll [MD5.F2664D44C4E91732F8EC4D354234A4F0] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.56 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBoostDLL64.dll [MD5.F2664D44C4E91732F8EC4D354234A4F0] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.56 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBoostDLL64.dll [MD5.0C32EA4BF6E2D89F12658513C0364EAB] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [430.92 Ko] - (1.0.0.1) - C:\Windows\System32\DTSGainCompensatorDLL64.dll [MD5.98710A21F58F71431DB3BB9778454FAA] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS GFX APO.) - [247.95 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPO64.dll [MD5.24039D70D6F4E142EBFB737FFB9E2EAE] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS GFX APO.) - [246.95 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPONS64.dll [MD5.E88C92B7DC227820F140E789002758D4] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS LFX APO.) - [247.91 Ko] - (1.0.0.3) - C:\Windows\System32\DTSLFXAPO64.dll [MD5.AC6A0D6CA3969BA86C3AD53340587725] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Limiter COM DLL.) - [434.96 Ko] - (1.0.0.1) - C:\Windows\System32\DTSLimiterDLL64.dll [MD5.EFFF7DDB82A8E23F864FE8B88B63F0AE] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [492.48 Ko] - (1.0.0.1) - C:\Windows\System32\DTSNeoPCDLL64.dll [MD5.D3AF4F1ED27B71233E21265A1DFB45F7] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2HeadphoneDLL64.dll [MD5.D3AF4F1ED27B71233E21265A1DFB45F7] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2HeadphoneDLL64.dll [MD5.894E02E6C6F9D228EFA23B3DA1807D04] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1738.88 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2SpeakerDLL64.dll [MD5.CC00DFC73F48DDDCD43E7908E59D14A5] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Symmetry COM DLL.) - [710.38 Ko] - (1.0.0.1) - C:\Windows\System32\DTSSymmetryDLL64.dll [MD5.F965EAB9C61576E99EC01456188F34D7] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS GFX APO.) - [488.82 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PGFX64.dll [MD5.1902C3F4DC823D12257D42D6F1A8C20A] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS LFX APO.) - [502.46 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PLFX64.dll [MD5.1902C3F4DC823D12257D42D6F1A8C20A] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS LFX APO.) - [502.46 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PLFX64.dll [MD5.0748A88646F7272F846C34DC9AA21538] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS LFX APO.) - [418.19 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PREC64.dll [MD5.0748A88646F7272F846C34DC9AA21538] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS LFX APO.) - [418.19 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PREC64.dll [MD5.13A4089269FF4116CF325E91753EFCDA] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.71 Ko] - (1.0.0.1) - C:\Windows\System32\DTSVoiceClarityDLL64.dll [MD5.13A4089269FF4116CF325E91753EFCDA] - |A| - [13/12/2017 13:58:39] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.71 Ko] - (1.0.0.1) - C:\Windows\System32\DTSVoiceClarityDLL64.dll [MD5.ECEA829B5369345E2822D78390DC03B6] - |A| - [28/05/2013 18:04:22] - (.-.) - [2.74 Ko] - (0.0.0.0) - C:\Windows\System32\e1g6032e.din [MD5.ECEA829B5369345E2822D78390DC03B6] - |A| - [28/05/2013 18:04:22] - (.-.) - [2.74 Ko] - (0.0.0.0) - C:\Windows\System32\e1g6032e.din [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [457 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [2877.09 Ko] - C:\Windows\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [448 Ko] - C:\Windows\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [160.5 Ko] - C:\Windows\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [430 Ko] - C:\Windows\System32\fi-FI [MD5.9558A3AF13C37D52358C1C9EB36DCD38] - |A| - [16/06/2015 17:31:06] - (.- Microsoft® Forms DLL.) - [1652.16 Ko] - (15.0.4737.1000) - C:\Windows\System32\FM20.DLL [MD5.E44C360B261B0C35F175370F20D5DDCD] - |A| - [23/01/2014 09:05:26] - (.- Microsoft® Forms International DLL.) - [31.14 Ko] - (15.0.4420.1017) - C:\Windows\System32\FM20ENU.DLL [MD5.6F9F227CDEA2DDA13F09E8D94F997F88] - |A| - [24/01/2014 10:33:46] - (.- Microsoft® Forms International DLL.) - [35.14 Ko] - (15.0.4442.1000) - C:\Windows\System32\FM20FRA.DLL [MD5.B4A33FBE5F6BE80FE2657B84F70E09BE] - |A| - [14/07/2009 06:45:34] - (.-.) - [426.27 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [1840 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [1840 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [41474.02 Ko] - C:\Windows\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.13BA71979B87ABAADE0ED2B768FC6CB6] - |A| - [16/11/2017 02:45:28] - (.-.) - [438.88 Ko] - (0.0.0.0) - C:\Windows\System32\GameManager64.dll [MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 22:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |HD| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |HD| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicy rs [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.5826CEF758E9AE575E67184C68418E27] - |A| - [13/12/2017 13:58:39] - (.(c) 2016 Harman. - Harman APO Interface.) - [150.74 Ko] - (1.2.0.0) - C:\Windows\System32\HarmanAudioInterface.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [191.5 Ko] - C:\Windows\System32\he-IL [MD5.52E5F9546EA518DB629D4C3BE5D79608] - |A| - [13/12/2017 13:58:44] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [369.52 Ko] - (0.7.5.65) - C:\Windows\System32\HiFiDAX2API.dll [MD5.56EC847AE22FD6FDB97C31C6B942450F] - |A| - [13/12/2017 13:58:44] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [416.57 Ko] - (1.0.0.5) - C:\Windows\System32\HiFiDAX2APIPCLL.dll [MD5.56EC847AE22FD6FDB97C31C6B942450F] - |A| - [13/12/2017 13:58:44] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [416.57 Ko] - (1.0.0.5) - C:\Windows\System32\HiFiDAX2APIPCLL.dll [MD5.C4CBECCEEC38F1B50314F852B4647DE7] - |A| - [13/12/2017 13:58:44] - (.© Harman. - Audio by Harman APO.) - [351.9 Ko] - (1.4.0.0) - C:\Windows\System32\HMClariFi.dll [MD5.4A7F527D021C619CE7C60F1F379D8639] - |A| - [13/12/2017 13:58:44] - (.© Harman. - Audio by Harman APO.) - [186.45 Ko] - (1.4.0.0) - C:\Windows\System32\HMEQ.dll [MD5.32C6AF0398C1351023EBBF860A535C02] - |A| - [13/12/2017 13:58:44] - (.© Harman. - Audio by Harman APO.) - [186.45 Ko] - (1.4.0.0) - C:\Windows\System32\HMEQ_Voice.dll [MD5.32C6AF0398C1351023EBBF860A535C02] - |A| - [13/12/2017 13:58:44] - (.© Harman. - Audio by Harman APO.) - [186.45 Ko] - (1.4.0.0) - C:\Windows\System32\HMEQ_Voice.dll [MD5.9885A9380FE810EE21AC5D85DE2091D3] - |A| - [13/12/2017 13:58:44] - (.© Harman. - Audio by Harman APO.) - [199.06 Ko] - (1.4.0.0) - C:\Windows\System32\HMHVS.dll [MD5.8B23A413662272232E7AEF93419EDCCD] - |A| - [13/12/2017 13:58:44] - (.© Harman. - Audio by Harman APO.) - [175.38 Ko] - (1.4.0.0) - C:\Windows\System32\HMLimiter.dll [MD5.444094E790A4EAD6FCFD00A852612574] - |A| - [13/12/2017 13:58:44] - (.?Harman. - Audio by Harman APO UI.) - [406.74 Ko] - (1.4.0.0) - C:\Windows\System32\HMUI.dll [MD5.B374609588BFA138822487B97856C569] - |A| - [13/12/2017 13:58:44] - (.Copyright (c) 2016, ICEpower a/s - ICEpower ICEsound audio effects.) - [574.25 Ko] - (1.0.0.26) - C:\Windows\System32\ICEsoundAPO64.dll [MD5.B374609588BFA138822487B97856C569] - |A| - [13/12/2017 13:58:44] - (.Copyright (c) 2016, ICEpower a/s - ICEpower ICEsound audio effects.) - [574.25 Ko] - (1.0.0.26) - C:\Windows\System32\ICEsoundAPO64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36875.94 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [4948.63 Ko] - C:\Windows\System32\inetsrv [MD5.AAA0C03BF54FC8A4E895B576861A9848] - |A| - [21/11/2010 05:07:41] - (.-.) - [29.12 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log [MD5.AAA0C03BF54FC8A4E895B576861A9848] - |A| - [21/11/2010 05:07:41] - (.-.) - [29.12 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log [MD5.AD1DC136028705EDADA55A5AA6C3BEC4] - |A| - [13/12/2017 13:58:44] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\Windows\System32\KAAPORT64.dll [MD5.CDFD93EE63CBA8A00AF9993E9B757FD8] - |A| - [06/10/2017 20:21:08] - (.-.) - [118.05 Ko] - (0.0.0.0) - C:\Windows\System32\kapp_ci.sbin [MD5.DA921F39CCD51EA50E74C53426A3D674] - |A| - [03/09/2016 00:30:14] - (.-.) - [112.02 Ko] - (0.0.0.0) - C:\Windows\System32\kapp_si.sbin [MD5.DA921F39CCD51EA50E74C53426A3D674] - |A| - [03/09/2016 00:30:14] - (.-.) - [112.02 Ko] - (0.0.0.0) - C:\Windows\System32\kapp_si.sbin [MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [22/11/2017 18:12:23] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\Windows\System32\klfphc.dll [MD5.B90EAA9010DF720134DE13CBD57D7112] - |A| - [22/11/2017 18:11:58] - (.© 2018 AO Kaspersky Lab. - System Interceptors PDK usermode service interceptor.) - [148.79 Ko] - (20.0.44.0) - C:\Windows\System32\klhkum.dll [MD5.B90EAA9010DF720134DE13CBD57D7112] - |A| - [22/11/2017 18:11:58] - (.© 2018 AO Kaspersky Lab. - System Interceptors PDK usermode service interceptor.) - [148.79 Ko] - (20.0.44.0) - C:\Windows\System32\klhkum.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [360 Ko] - C:\Windows\System32\ko-KR [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex [MD5.E89C001FB4D9E08CC7072CE774CDB999] - |A| - [21/11/2010 04:52:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\System32\LocalGroupAdminAdd.log [MD5.563C3703A9B57CC9B370A76D6173D09C] - |A| - [21/11/2010 04:52:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\Local_LLU.log [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [2459.22 Ko] - C:\Windows\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [165 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [166 Ko] - C:\Windows\System32\lv-LV [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 22:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [1981.88 Ko] - C:\Windows\System32\manifeststore [MD5.BB18BDB23B825DAA378BAE44A0B613B4] - |A| - [16/11/2017 02:45:28] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [166.88 Ko] - (23.20.793.0) - C:\Windows\System32\mantle64.dll [MD5.35843AC2A66279FF825356E2C292C870] - |A| - [16/11/2017 02:45:32] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [146.38 Ko] - (23.20.793.0) - C:\Windows\System32\mantleaxl64.dll [MD5.6C206E0D2FEB6F04B7F4C06EEB0D092E] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.81 Ko] - (2.2.9.0) - C:\Windows\System32\MaxxAudioAPO20.dll [MD5.AD93E34D96B5660DC55B457BDC615991] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.28 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxAudioAPO30.dll [MD5.0E79AC19BAFA465DA3DA82379342458F] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1138.82 Ko] - (4.5.8.0) - C:\Windows\System32\MaxxAudioAPO4064.dll [MD5.0E79AC19BAFA465DA3DA82379342458F] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1138.82 Ko] - (4.5.8.0) - C:\Windows\System32\MaxxAudioAPO4064.dll [MD5.A5E2EE53BBA473B18C8AF62F9B33228B] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1185.21 Ko] - (5.6.5.0) - C:\Windows\System32\MaxxAudioAPO5064.dll [MD5.A5E2EE53BBA473B18C8AF62F9B33228B] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1185.21 Ko] - (5.6.5.0) - C:\Windows\System32\MaxxAudioAPO5064.dll [MD5.6D17C3F617DB95D7FB88CF5EDA188646] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1389.57 Ko] - (6.1.17.0) - C:\Windows\System32\MaxxAudioAPO6064.dll [MD5.6D17C3F617DB95D7FB88CF5EDA188646] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1389.57 Ko] - (6.1.17.0) - C:\Windows\System32\MaxxAudioAPO6064.dll [MD5.6E5F03BBE7E2C3AA43C6066BEBA303FF] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2237.6 Ko] - (7.0.24.0) - C:\Windows\System32\MaxxAudioAPO7064.dll [MD5.6E5F03BBE7E2C3AA43C6066BEBA303FF] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2237.6 Ko] - (7.0.24.0) - C:\Windows\System32\MaxxAudioAPO7064.dll [MD5.B4AC053C49ECE9B53335F95CAC57E08B] - |A| - [13/12/2017 13:58:45] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.78 Ko] - (4.10.8.0) - C:\Windows\System32\MaxxAudioAPOShell64.dll [MD5.B4AC053C49ECE9B53335F95CAC57E08B] - |A| - [13/12/2017 13:58:45] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.78 Ko] - (4.10.8.0) - C:\Windows\System32\MaxxAudioAPOShell64.dll [MD5.E02D8DA675F4FC53193765927C07378B] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [16990.84 Ko] - (4.1.29.0) - C:\Windows\System32\MaxxAudioCapture64.dll [MD5.E02D8DA675F4FC53193765927C07378B] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [16990.84 Ko] - (4.1.29.0) - C:\Windows\System32\MaxxAudioCapture64.dll [MD5.E34BE35E13906E4E23872CD26AF7B2AF] - |A| - [13/12/2017 13:58:45] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\Windows\System32\MaxxAudioEQ64.dll [MD5.E34BE35E13906E4E23872CD26AF7B2AF] - |A| - [13/12/2017 13:58:45] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\Windows\System32\MaxxAudioEQ64.dll [MD5.1156905CC2C6EA17CAF91AD96C631989] - |A| - [13/12/2017 13:58:45] - (.Copyright © 1996-2013 -.) - [13727.78 Ko] - (4.4.10.0) - C:\Windows\System32\MaxxAudioRealtek64.dll [MD5.1156905CC2C6EA17CAF91AD96C631989] - |A| - [13/12/2017 13:58:45] - (.Copyright © 1996-2013 -.) - [13727.78 Ko] - (4.4.10.0) - C:\Windows\System32\MaxxAudioRealtek64.dll [MD5.98A88A5352635552BD8246D121922795] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [22897.8 Ko] - (7.1.60.0) - C:\Windows\System32\MaxxAudioRender64.dll [MD5.98A88A5352635552BD8246D121922795] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [22897.8 Ko] - (7.1.60.0) - C:\Windows\System32\MaxxAudioRender64.dll [MD5.0158D18BFBF46C4205A0DE9D9167FF90] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [22995.65 Ko] - (7.1.60.0) - C:\Windows\System32\MaxxAudioRenderAVX64.dll [MD5.0158D18BFBF46C4205A0DE9D9167FF90] - |A| - [13/12/2017 13:58:45] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [22995.65 Ko] - (7.1.60.0) - C:\Windows\System32\MaxxAudioRenderAVX64.dll [MD5.F64A9160F03A43582CC91F4E03679345] - |A| - [13/12/2017 13:58:46] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1303.1 Ko] - (1.1.4.0) - C:\Windows\System32\MaxxSpeechAPO64.dll [MD5.F64A9160F03A43582CC91F4E03679345] - |A| - [13/12/2017 13:58:46] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1303.1 Ko] - (1.1.4.0) - C:\Windows\System32\MaxxSpeechAPO64.dll [MD5.62CB7679784B15C73088775B40E3F703] - |A| - [13/12/2017 13:58:46] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [976.41 Ko] - (2.6.2.0) - C:\Windows\System32\MaxxVoiceAPO2064.dll [MD5.1D3ED19169F466672E2AB4019A04CDC6] - |A| - [13/12/2017 13:58:46] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12815.02 Ko] - (3.1.14.0) - C:\Windows\System32\MaxxVoiceAPO3064.dll [MD5.1D3ED19169F466672E2AB4019A04CDC6] - |A| - [13/12/2017 13:58:46] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12815.02 Ko] - (3.1.14.0) - C:\Windows\System32\MaxxVoiceAPO3064.dll [MD5.ABF786F5FD3A0D0955B4A15D6FCF3C9C] - |A| - [13/12/2017 13:58:46] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12683.93 Ko] - (4.0.19.0) - C:\Windows\System32\MaxxVoiceAPO4064.dll [MD5.ABF786F5FD3A0D0955B4A15D6FCF3C9C] - |A| - [13/12/2017 13:58:46] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12683.93 Ko] - (4.0.19.0) - C:\Windows\System32\MaxxVoiceAPO4064.dll [MD5.1F08D75D15BBBD53A4400C30E132A0CB] - |A| - [13/12/2017 13:58:46] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.79 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxVolumeSDAPO.dll [MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 06:45:42] - [1108.41 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 06:45:42] - [1108.41 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [3790.43 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [37856.93 Ko] - C:\Windows\System32\migwiz [MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [14/07/2009 06:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk [MD5.2DDDEE0C8940B38CB990554F8DD9F2CE] - |A| - [13/12/2017 13:58:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5462.51 Ko] - (6.3.9600.17246) - C:\Windows\System32\NAHIMICAPOlfx.dll [MD5.0E982B9701B0C60EF6E185C2DBAC84F3] - |A| - [13/12/2017 13:58:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.33 Ko] - (1.0.0.14866) - C:\Windows\System32\NahimicAPONSControl.dll [MD5.ED7057490C57F7EB663EC22564639228] - |A| - [13/12/2017 13:58:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5783.57 Ko] - (6.3.9600.17246) - C:\Windows\System32\NAHIMICV2apo.dll [MD5.ED7057490C57F7EB663EC22564639228] - |A| - [13/12/2017 13:58:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5783.57 Ko] - (6.3.9600.17246) - C:\Windows\System32\NAHIMICV2apo.dll [MD5.8F63D76AF48A681D6ACA436A313DE187] - |A| - [13/12/2017 13:58:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [6097.85 Ko] - (6.3.9600.17246) - C:\Windows\System32\NAHIMICV3apo.dll [MD5.8F63D76AF48A681D6ACA436A313DE187] - |A| - [13/12/2017 13:58:46] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [6097.85 Ko] - (6.3.9600.17246) - C:\Windows\System32\NAHIMICV3apo.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [422.5 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [384 Ko] - C:\Windows\System32\NDF [MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [14/07/2009 00:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [14/07/2009 00:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [68 Ko] - C:\Windows\System32\NetworkList [MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [21/11/2010 04:52:07] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log [MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [21/11/2010 04:52:07] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log [MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor [MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 22:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [13200.66 Ko] - C:\Windows\System32\oobe [MD5.9477498109AEBCA4A363BD456518751E] - |A| - [14/07/2009 04:36:59] - (.-.) - [139.16 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.9477498109AEBCA4A363BD456518751E] - |A| - [14/07/2009 04:36:59] - (.-.) - [139.16 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.24689BB752C890FC14F81666CBB4FFB8] - |A| - [12/04/2011 11:16:45] - (.-.) - [172.04 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.24689BB752C890FC14F81666CBB4FFB8] - |A| - [12/04/2011 11:16:45] - (.-.) - [172.04 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico [MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 04:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [12/04/2011 11:16:45] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [12/04/2011 11:16:45] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.7B93822E6E3223F2B3DEDA7F86A5E87A] - |A| - [14/07/2009 04:36:59] - (.-.) - [696.85 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.EFEB16745EBF959B92F86C01946A28DD] - |A| - [12/04/2011 11:16:45] - (.-.) - [797.62 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.EFEB16745EBF959B92F86C01946A28DD] - |A| - [12/04/2011 11:16:45] - (.-.) - [797.62 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.E5AA20330E2EC89EE97399D8C5BFC675] - |A| - [14/07/2009 07:13:15] - (.-.) - [1804.72 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [439 Ko] - C:\Windows\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [436 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [438.5 Ko] - C:\Windows\System32\pt-PT [MD5.CAEFD951EC111D63F5FA9DB85347B00D] - |A| - [13/12/2017 13:58:47] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [131.05 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEA64A.dll [MD5.0956E952854B70BF9E3215FB555BA67C] - |A| - [13/12/2017 13:58:47] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.23 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EED64A.dll [MD5.0956E952854B70BF9E3215FB555BA67C] - |A| - [13/12/2017 13:58:47] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.23 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EED64A.dll [MD5.B26F138415103FDB4DE3E74430812E94] - |A| - [13/12/2017 13:58:47] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [82.63 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEG64A.dll [MD5.7029297D5211F3FC58C41B896758D43E] - |A| - [13/12/2017 13:58:47] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [148.23 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEL64A.dll [MD5.22AE35C1982E93FE00BE49C87B7E6C91] - |A| - [13/12/2017 13:58:47] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEP64A.dll [MD5.22AE35C1982E93FE00BE49C87B7E6C91] - |A| - [13/12/2017 13:58:47] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEP64A.dll [MD5.86BEEB3CC5BE0831BE2887A094CE2EFD] - |A| - [16/11/2017 02:45:36] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [534.38 Ko] - (1.1.0.27) - C:\Windows\System32\Rapidfire64.dll [MD5.48AC7A3F60FBB09693C14C1216522163] - |A| - [16/11/2017 02:45:40] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [35.38 Ko] - (1.1.0.19) - C:\Windows\System32\RapidFireServer64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [23.75 Ko] - C:\Windows\System32\ras [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [23.75 Ko] - C:\Windows\System32\ras [MD5.3498F4B440FC63AB55EEEEF90E5C25D4] - |A| - [13/12/2017 13:58:49] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll [MD5.3498F4B440FC63AB55EEEEF90E5C25D4] - |A| - [13/12/2017 13:58:49] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll [MD5.D59D2466B5640AD73B03B15A771040C5] - |A| - [13/12/2017 13:58:49] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll [MD5.D59D2466B5640AD73B03B15A771040C5] - |A| - [13/12/2017 13:58:49] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll [MD5.34B8A5B099CFEE287F859ED58D73A77E] - |A| - [13/12/2017 13:58:51] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll [MD5.BBD25408971283FF3DAFCBFF5E7AC69E] - |A| - [13/12/2017 13:58:51] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.27 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll [MD5.BBD25408971283FF3DAFCBFF5E7AC69E] - |A| - [13/12/2017 13:58:51] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.27 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll [MD5.6761F8FDE0D4E40C0414F9EC12E6E734] - |A| - [13/12/2017 13:58:51] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll [MD5.6761F8FDE0D4E40C0414F9EC12E6E734] - |A| - [13/12/2017 13:58:51] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll [MD5.527F2EF29CA7F7EA273250BFB1FC7475] - |A| - [13/12/2017 13:58:51] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.23 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll [MD5.56B23318DE09559AE0A7EA51F068AC3B] - |A| - [02/09/2016 17:24:22] - (.-.) - [150.77 Ko] - (0.0.0.0) - C:\Windows\System32\samu_krnl_ci.sbin [MD5.A769B352B827590EA4CCAC16E6269E33] - |A| - [12/12/2013 15:53:54] - (.-.) - [135.58 Ko] - (0.0.0.0) - C:\Windows\System32\samu_krnl_isv_ci.sbin [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [21/11/2010 05:24:25] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.1D283A23C13039CA65805360CF3119CF] - |A| - [13/12/2017 13:58:54] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.25 Ko] - (3.0.0.16) - C:\Windows\System32\SFAPO64.dll [MD5.B2073558889E8C6C99ECEE95B4C40236] - |A| - [13/12/2017 13:58:54] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.78 Ko] - (3.0.0.16) - C:\Windows\System32\SFCOM64.dll [MD5.CC76B688BEFAA345A2B704201F42207C] - |A| - [13/12/2017 13:58:54] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.48 Ko] - (3.0.0.16) - C:\Windows\System32\SFNHK64.dll [MD5.D230DC7D780494EE968450BD51318786] - |A| - [13/12/2017 13:58:54] - (.Copyright (C) 2016 DTS, Inc. - DTS Universal APO DLL.) - [961.83 Ko] - (3.5.14.0) - C:\Windows\System32\sl3apo64.dll [MD5.D230DC7D780494EE968450BD51318786] - |A| - [13/12/2017 13:58:54] - (.Copyright (C) 2016 DTS, Inc. - DTS Universal APO DLL.) - [961.83 Ko] - (3.5.14.0) - C:\Windows\System32\sl3apo64.dll [MD5.0D48472A9BA217622670D118EF5F9ADB] - |A| - [13/12/2017 13:58:54] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Controller DLL.) - [3330.89 Ko] - (3.5.14.0) - C:\Windows\System32\slcnt64.dll [MD5.0D48472A9BA217622670D118EF5F9ADB] - |A| - [13/12/2017 13:58:54] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Controller DLL.) - [3330.89 Ko] - (3.5.14.0) - C:\Windows\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [42.67 Ko] - C:\Windows\System32\slmgr [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [42.67 Ko] - C:\Windows\System32\slmgr [MD5.73C5B0085B0DAD66F13F8F315F674AAD] - |A| - [13/12/2017 13:58:54] - (.TODO: (c) . - TODO: .) - [252.8 Ko] - (1.0.0.1) - C:\Windows\System32\slprp64.dll [MD5.33AD112CBFAE25A48F66754CD697CD6A] - |A| - [13/12/2017 13:58:54] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Technology DLL.) - [3049.47 Ko] - (3.5.14.0) - C:\Windows\System32\sltech64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [22338.02 Ko] - C:\Windows\System32\SMI [MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 23:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man [MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 23:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [17378 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [58966.31 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [1962.69 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [30.19 Ko] - C:\Windows\System32\sppui [MD5.97828766F0C3366BAC53255914C9F475] - |A| - [22/11/2017 20:57:49] - (.-.) - [64 Ko] - (0.0.0.0) - C:\Windows\System32\spu_storage.bin [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [170 Ko] - C:\Windows\System32\sr-Latn-CS [MD5.F063BF58ABFE8BDD566F568C0ED42D8B] - |A| - [13/12/2017 13:58:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.2 Ko] - (4.0.0.59) - C:\Windows\System32\SRAPO64.dll [MD5.B9D5675A1B5F0098FE1C5C3751F863BE] - |A| - [13/12/2017 13:58:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.15 Ko] - (4.0.0.59) - C:\Windows\System32\SRCOM.dll [MD5.ABAB8F14DF3BF0AA14978A91E5DED672] - |A| - [13/12/2017 13:58:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.47 Ko] - (4.0.0.59) - C:\Windows\System32\SRCOM64.dll [MD5.0ADD9332A7E05124A1CEE8EAB25F0DCB] - |A| - [13/12/2017 13:58:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.5 Ko] - (4.0.0.59) - C:\Windows\System32\SRRPTR64.dll [MD5.0D94C1BE16C92CC5E55111FBCAEA4CE9] - |A| - [13/12/2017 13:58:54] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\Windows\System32\SRSHP64.dll [MD5.41BB0624340B07E9DF507D6507107127] - |A| - [13/12/2017 13:58:54] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\Windows\System32\SRSTSH64.dll [MD5.5D839D25268FD52928AD5000A7E30D66] - |A| - [13/12/2017 13:58:54] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.9 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll [MD5.606737E65B40CB7241E4DECA2E77A972] - |A| - [13/12/2017 13:58:54] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.3 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [426.5 Ko] - C:\Windows\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [297.36 Ko] - C:\Windows\System32\sysprep [MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [21/11/2010 05:24:36] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd [MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 23:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.B3ECD5D0D6AFBB68FB51DFADC9641657] - |A| - [13/12/2017 13:58:55] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Audio Source Filtering APO.) - [939.58 Ko] - (2.1.0.0) - C:\Windows\System32\tosasfapo64.dll [MD5.ABCB40F5FC01A4031BA6AAD92532F214] - |A| - [13/12/2017 13:58:55] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Earphone Audio Enhancement APO.) - [436.7 Ko] - (2.1.0.0) - C:\Windows\System32\toseaeapo64.dll [MD5.33883F7CFBA9F71F4AC87AE169B9CBC4] - |A| - [13/12/2017 13:58:55] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement APO.) - [1306.29 Ko] - (2.1.1.0) - C:\Windows\System32\tossaeapo64.dll [MD5.463BC99F36051E6D045E5C001D1FAE2C] - |A| - [13/12/2017 13:58:55] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement Maximizer.) - [587.05 Ko] - (1.1.1.1) - C:\Windows\System32\tossaemaxapo64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [424 Ko] - C:\Windows\System32\tr-TR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [166.5 Ko] - C:\Windows\System32\uk-UA [MD5.05F9840831C29F5BE93AD8BE810D5614] - |A| - [14/07/2009 06:45:37] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl [MD5.05F9840831C29F5BE93AD8BE810D5614] - |A| - [14/07/2009 06:45:37] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl [MD5.F736AA948D0C3CBCE212B7B2CB0EF115] - |A| - [14/07/2009 06:45:37] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl [MD5.4C8DC2B4756D00DC9C15C1CA896253FA] - |A| - [22/11/2017 15:35:26] - (.-.) - [599.26 Ko] - (0.0.0.0) - C:\Windows\System32\USBKeyCredentialProvider.dll [MD5.08BD2F7A762134BF86645BBA219A6B98] - |A| - [14/09/2017 01:19:50] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [905.8 Ko] - (1.0.61.0) - C:\Windows\System32\vulkan-1-1-0-61-0.dll [MD5.08BD2F7A762134BF86645BBA219A6B98] - |A| - [14/09/2017 01:19:50] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [905.8 Ko] - (1.0.61.0) - C:\Windows\System32\vulkan-1-1-0-61-0.dll [MD5.08BD2F7A762134BF86645BBA219A6B98] - |A| - [22/11/2017 20:27:06] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [905.8 Ko] - (1.0.61.0) - C:\Windows\System32\vulkan-1.dll [MD5.08BD2F7A762134BF86645BBA219A6B98] - |A| - [22/11/2017 20:27:06] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [905.8 Ko] - (1.0.61.0) - C:\Windows\System32\vulkan-1.dll [MD5.6DC78B9184771F60544B9D0CC42076B3] - |A| - [14/09/2017 01:19:38] - (.-.) - [577.3 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo-1-1-0-61-0.exe [MD5.6DC78B9184771F60544B9D0CC42076B3] - |A| - [22/11/2017 20:27:06] - (.-.) - [577.3 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo.exe [MD5.6DC78B9184771F60544B9D0CC42076B3] - |A| - [22/11/2017 20:27:06] - (.-.) - [577.3 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [20/06/2014 03:17:00] - [1754.83 Ko] - C:\Windows\System32\Wat [MD5.00000000000000000000000000000000] - |D| - [20/06/2014 03:17:00] - [1754.83 Ko] - C:\Windows\System32\Wat [MD5.419B4734E0A71DAA799CEF21EF7ACD5E] - |A| - [13/12/2017 13:58:55] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\Windows\System32\WavesGUILib64.dll [MD5.419B4734E0A71DAA799CEF21EF7ACD5E] - |A| - [13/12/2017 13:58:55] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\Windows\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [52867.89 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [47.61 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [87202.16 Ko] - C:\Windows\System32\wdi [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 23:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [16 Ko] - C:\Windows\System32\wfp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [16 Ko] - C:\Windows\System32\wfp [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [73.5 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [10219.55 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [99368 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [106.26 Ko] - C:\Windows\System32\winrm [MD5.53B64D943BE6F41811BF9069CFBD7458] - |A| - [15/09/2017 17:37:48] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amd-vulkan32.json [MD5.53B64D943BE6F41811BF9069CFBD7458] - |A| - [15/09/2017 17:37:48] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amd-vulkan32.json [MD5.BAC219C67674A4C8EEEBD0E2A994F6A1] - |A| - [16/11/2017 02:44:04] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [103.26 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdave32.dll [MD5.BAC219C67674A4C8EEEBD0E2A994F6A1] - |A| - [16/11/2017 02:44:04] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [103.26 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdave32.dll [MD5.9026B46A4911546465E48D6D9042BD1F] - |A| - [16/11/2017 02:43:46] - (.-.) - [343.88 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdgfxinfo32.dll [MD5.9026B46A4911546465E48D6D9042BD1F] - |A| - [16/11/2017 02:43:46] - (.-.) - [343.88 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdgfxinfo32.dll [MD5.15C69602B66F3509FB02B7B7570939B3] - |A| - [16/11/2017 02:44:12] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [150.04 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdhcp32.dll [MD5.15C69602B66F3509FB02B7B7570939B3] - |A| - [16/11/2017 02:44:12] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [150.04 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdhcp32.dll [MD5.19E78C577A78CDC30EB24EF8437DA9CA] - |A| - [16/11/2017 02:44:30] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [678.38 Ko] - (1.0.12.0) - C:\Windows\SysWOW64\amdlvr32.dll [MD5.7CCAC8C1A3B6F9981BCC146FDD7C4A42] - |A| - [16/11/2017 02:44:36] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [9547.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdmantle32.dll [MD5.7CCAC8C1A3B6F9981BCC146FDD7C4A42] - |A| - [16/11/2017 02:44:36] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [9547.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdmantle32.dll [MD5.3D7875CF0D94ACB71A154A4B21B61E4C] - |A| - [16/11/2017 02:42:56] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [364.88 Ko] - (1.6.0.0) - C:\Windows\SysWOW64\amdmcl32.dll [MD5.28B76CF8D027D8283DB9F555FAA832EF] - |A| - [16/11/2017 02:43:00] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [114.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdmmcl.dll [MD5.EDB4398E7EEC14491E89FF0A3F4BAA59] - |A| - [16/11/2017 02:43:26] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46888.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdocl.dll [MD5.64A34DB46523A8A99680E8D244C01579] - |A| - [16/11/2017 02:43:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [24453.88 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdocl12cl.dll [MD5.64A34DB46523A8A99680E8D244C01579] - |A| - [16/11/2017 02:43:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [24453.88 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdocl12cl.dll [MD5.A775CB380E3E5821FB36974279D5D0E1] - |A| - [16/11/2017 02:44:18] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [90.16 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdpcom32.dll [MD5.A775CB380E3E5821FB36974279D5D0E1] - |A| - [16/11/2017 02:44:18] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [90.16 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\amdpcom32.dll [MD5.957C02023C11D94909CC938E46CD5171] - |A| - [16/11/2017 02:43:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [131.88 Ko] - (15.16.6.0) - C:\Windows\SysWOW64\amduve32.dll [MD5.91F72BC029B3BFEF1BC25ABE60BF10E6] - |A| - [16/11/2017 02:43:14] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [10830.88 Ko] - (1.0.54.0) - C:\Windows\SysWOW64\amdvlk32.dll [MD5.91F72BC029B3BFEF1BC25ABE60BF10E6] - |A| - [16/11/2017 02:43:14] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [10830.88 Ko] - (1.0.54.0) - C:\Windows\SysWOW64\amdvlk32.dll [MD5.E232ACAB2103A363586F640A09F26729] - |A| - [16/11/2017 02:43:26] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [2475.38 Ko] - (1.4.6.0) - C:\Windows\SysWOW64\amfrt32.dll [MD5.E232ACAB2103A363586F640A09F26729] - |A| - [16/11/2017 02:43:26] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [2475.38 Ko] - (1.4.6.0) - C:\Windows\SysWOW64\amfrt32.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [201.5 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.BAAFF08433F0F813F9376394C9B8448D] - |A| - [16/11/2017 02:44:26] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [1027.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atiadlxx.dll [MD5.BAAFF08433F0F813F9376394C9B8448D] - |A| - [16/11/2017 02:44:26] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [1027.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atiadlxy.dll [MD5.29CC962196FF1817996AB9EF55A17A93] - |A| - [16/11/2017 00:58:28] - (.-.) - [816.59 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiapfxx.blb [MD5.7D9243335E3732075C90C5D1D1DF90E0] - |A| - [16/11/2017 02:44:30] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [63.88 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\aticalcl.dll [MD5.6C31DB4D1525B9CE5941D42F49B84E18] - |A| - [16/11/2017 02:44:36] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13983.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\aticaldd.dll [MD5.6C31DB4D1525B9CE5941D42F49B84E18] - |A| - [16/11/2017 02:44:36] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13983.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\aticaldd.dll [MD5.BEDD4760B60259638940D5D486B38C69] - |A| - [16/11/2017 02:44:48] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [66.88 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\aticalrt.dll [MD5.BEDD4760B60259638940D5D486B38C69] - |A| - [16/11/2017 02:44:48] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [66.88 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\aticalrt.dll [MD5.E3FB1841766AE86DAE095AF0BD2AC999] - |A| - [16/11/2017 02:46:02] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1504.96 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\aticfx32.dll [MD5.E3FB1841766AE86DAE095AF0BD2AC999] - |A| - [16/11/2017 02:46:02] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1504.96 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\aticfx32.dll [MD5.D95458EC69BAD9AFE7282BF00ED1CDB8] - |A| - [16/11/2017 02:46:12] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [12833.43 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atidxx32.dll [MD5.DC2D59A0FDA304F4785AABA065BB6C21] - |A| - [16/11/2017 02:44:56] - (.-.) - [317.88 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atieah32.exe [MD5.B9915C39B9A45FDD000C1D2C9B0755B3] - |A| - [16/11/2017 02:45:08] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [189.88 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atigktxx.dll [MD5.4D28D7DBD4E097F943292519399B4EC1] - |A| - [16/11/2017 02:45:10] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [121.88 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atiglpxx.dll [MD5.A775CB380E3E5821FB36974279D5D0E1] - |A| - [16/11/2017 02:44:18] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [90.16 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atimpc32.dll [MD5.D3809CFE659104F478D0114C3B7E61AD] - |A| - [16/11/2017 02:42:50] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [28251.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atioglxx.dll [MD5.F94FAF60D416123054C2F67055E143CB] - |A| - [16/11/2017 02:43:48] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [121.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atisamu32.dll [MD5.D3809CFE659104F478D0114C3B7E61AD] - |A| - [16/11/2017 02:42:50] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [28251.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atioglxx.dll [MD5.A382358E134BC65D48FB3FC165DF5954] - |A| - [16/11/2017 02:45:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [139.99 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atiu9pag.dll [MD5.F94FAF60D416123054C2F67055E143CB] - |A| - [16/11/2017 02:43:48] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [121.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atisamu32.dll [MD5.A382358E134BC65D48FB3FC165DF5954] - |A| - [16/11/2017 02:45:50] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [139.99 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atiu9pag.dll [MD5.13C967EE54F71C21D0FCA866CD9AA1A6] - |A| - [16/11/2017 02:45:58] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [9191.73 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atiumdag.dll [MD5.13C967EE54F71C21D0FCA866CD9AA1A6] - |A| - [16/11/2017 02:45:58] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [9191.73 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atiumdag.dll [MD5.E38FA61A02C510745DC573C1FE618A04] - |A| - [16/11/2017 01:58:48] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiumdva.cap [MD5.E38FA61A02C510745DC573C1FE618A04] - |A| - [16/11/2017 01:58:48] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiumdva.cap [MD5.604BA1D834EDAFD253510CA6F68046AA] - |A| - [16/11/2017 02:44:26] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [10638.69 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atiumdva.dll [MD5.4277EA53FB9C92832BD6CB16A72962AE] - |A| - [16/11/2017 02:46:02] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [157.56 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\atiuxpag.dll [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [16/11/2017 02:02:56] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [16/11/2017 02:02:56] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [25/12/2017 12:06:25] - [0 Ko] - C:\Windows\SysWOW64\BestPractices [MD5.00000000000000000000000000000000] - |D| - [25/12/2017 12:06:25] - [0 Ko] - C:\Windows\SysWOW64\BestPractices [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [173 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot2 [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [302.5 Ko] - C:\Windows\SysWOW64\com [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1563.87 Ko] - C:\Windows\SysWOW64\config [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [427.5 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.9A4FA0EDEF2BF5743EE4EE78883BD1D0] - |A| - [22/11/2017 15:13:15] - (.Copyright 2011 - CSVer.) - [52 Ko] - (9.4.0.1017) - C:\Windows\SysWOW64\CSVer.dll [MD5.9A4FA0EDEF2BF5743EE4EE78883BD1D0] - |A| - [22/11/2017 15:13:15] - (.Copyright 2011 - CSVer.) - [52 Ko] - (9.4.0.1017) - C:\Windows\SysWOW64\CSVer.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [422.5 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [422.5 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [452 Ko] - C:\Windows\SysWOW64\de-DE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [4156 Ko] - C:\Windows\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3504.47 Ko] - C:\Windows\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1.09 Ko] - C:\Windows\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [451.5 Ko] - C:\Windows\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2847.09 Ko] - C:\Windows\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [443 Ko] - C:\Windows\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [160.5 Ko] - C:\Windows\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [160.5 Ko] - C:\Windows\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [425 Ko] - C:\Windows\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [1680 Ko] - C:\Windows\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [1680 Ko] - C:\Windows\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [37754.48 Ko] - C:\Windows\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp [MD5.AE9486E6634DE724759C7569057BFFF6] - |A| - [16/11/2017 02:45:26] - (.-.) - [348.88 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\GameManager32.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [191.5 Ko] - C:\Windows\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [191.5 Ko] - C:\Windows\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [168 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [429 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [429 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [34097.44 Ko] - C:\Windows\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [34097.44 Ko] - C:\Windows\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3947.07 Ko] - C:\Windows\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [447 Ko] - C:\Windows\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [361 Ko] - C:\Windows\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [356.5 Ko] - C:\Windows\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [356.5 Ko] - C:\Windows\SysWOW64\ko-KR [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex [MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [165 Ko] - C:\Windows\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [166 Ko] - C:\Windows\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1968.26 Ko] - C:\Windows\SysWOW64\manifeststore [MD5.E31EFA01E86C7BE1AA2294F6D3ADFFDE] - |A| - [16/11/2017 02:45:24] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [138.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\mantle32.dll [MD5.FE4DFF738D38022680482060FB66D1E8] - |A| - [16/11/2017 02:45:30] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [123.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\mantleaxl32.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\LogFiles [MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 06:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mapisvc.inf [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [165 Ko] - C:\Windows\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [166 Ko] - C:\Windows\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1968.26 Ko] - C:\Windows\SysWOW64\manifeststore [MD5.E31EFA01E86C7BE1AA2294F6D3ADFFDE] - |A| - [16/11/2017 02:45:24] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [138.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\mantle32.dll [MD5.FE4DFF738D38022680482060FB66D1E8] - |A| - [16/11/2017 02:45:30] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [123.38 Ko] - (23.20.793.0) - C:\Windows\SysWOW64\mantleaxl32.dll [MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 06:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mapisvc.inf [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3455.43 Ko] - C:\Windows\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [32763.45 Ko] - C:\Windows\SysWOW64\migwiz [MD5.D8B496DF8A6B254F1B09F7CB01C35438] - |AH| - [01/08/2018 18:10:12] - (.-.) - [142.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mlfcache.dat [MD5.D8B496DF8A6B254F1B09F7CB01C35438] - |AH| - [01/08/2018 18:10:12] - (.-.) - [142.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mlfcache.dat [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [24.48 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [24.48 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [418 Ko] - C:\Windows\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [51 Ko] - C:\Windows\SysWOW64\NetworkList [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [438.5 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [438.5 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\noise.kor [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2566.05 Ko] - C:\Windows\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2566.05 Ko] - C:\Windows\SysWOW64\oobe [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 23:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico [MD5.0917B3BB2500FF851D5BE30683B020CC] - |A| - [19/06/2014 13:11:54] - (.-.) - [1779.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI [MD5.0917B3BB2500FF851D5BE30683B020CC] - |A| - [19/06/2014 13:11:54] - (.-.) - [1779.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [434 Ko] - C:\Windows\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [420.42 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [431 Ko] - C:\Windows\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [433 Ko] - C:\Windows\SysWOW64\pt-PT [MD5.40D6023FB16A60FD408B0CA5057B55E0] - |A| - [16/11/2017 02:45:34] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [450.38 Ko] - (1.1.0.27) - C:\Windows\SysWOW64\Rapidfire.dll [MD5.12014D782CE081CDD0099D7B459DC044] - |A| - [16/11/2017 02:45:38] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [32.38 Ko] - (1.1.0.19) - C:\Windows\SysWOW64\RapidFireServer.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [23.75 Ko] - C:\Windows\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0.64 Ko] - C:\Windows\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0.64 Ko] - C:\Windows\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\restore [MD5.B9D5675A1B5F0098FE1C5C3751F863BE] - |A| - [13/12/2017 13:58:54] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.15 Ko] - (4.0.0.59) - C:\Windows\SysWOW64\SRCOM.dll [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [421.5 Ko] - C:\Windows\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [0 Ko] - C:\Windows\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [0 Ko] - C:\Windows\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [157 Ko] - C:\Windows\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [157 Ko] - C:\Windows\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [419 Ko] - C:\Windows\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [166.5 Ko] - C:\Windows\SysWOW64\uk-UA [MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 04:35:41] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\SysWOW64\vfpodbc.dll [MD5.4687C05E2980F0FA45AD49BB5805CBDA] - |A| - [14/09/2017 01:20:30] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.3 Ko] - (1.0.61.0) - C:\Windows\SysWOW64\vulkan-1-1-0-61-0.dll [MD5.4687C05E2980F0FA45AD49BB5805CBDA] - |A| - [22/11/2017 20:27:06] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.3 Ko] - (1.0.61.0) - C:\Windows\SysWOW64\vulkan-1.dll [MD5.03DEC18E91E9EEFC96FEEFB61C40F8A1] - |A| - [14/09/2017 01:20:14] - (.-.) - [478.8 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo-1-1-0-61-0.exe [MD5.03DEC18E91E9EEFC96FEEFB61C40F8A1] - |A| - [22/11/2017 20:27:06] - (.-.) - [478.8 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [20/06/2014 03:17:00] - [237.33 Ko] - C:\Windows\SysWOW64\Wat [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [9057.18 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [47.61 Ko] - C:\Windows\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [101.23 Ko] - C:\Windows\SysWOW64\wdi [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [10174.55 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:36] - [106.26 Ko] - C:\Windows\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:36] - [106.26 Ko] - C:\Windows\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [25/12/2017 12:11:15] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [333.5 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [255.5 Ko] - C:\Windows\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [334 Ko] - C:\Windows\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\christian\AppData\Roaming [22/11/2017 13:48:39] "Local AppData"=C:\Users\christian\AppData\Local [22/11/2017 13:48:39] "My Video"=C:\Users\christian\Desktop\Videos [02/01/2015 19:08:07] [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead es [22/11/2017 13:48:39] "AppData"=C:\Users\christian\AppData\Roaming [22/11/2017 13:48:39] "Local AppData"=C:\Users\christian\AppData\Local [22/11/2017 13:48:39] "My Video"=C:\Users\christian\Desktop\Videos [02/01/2015 19:08:07] [22/11/2017 13:48:39] "NetHood"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Network Shortcuts [22/11/2017 13:48:39] [22/11/2017 13:48:39] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\christian\Contacts "Cookies"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Cookies [22/11/2017 13:48:39] "Favorites"=C:\Users\christian\Favorites [16/08/2018 08:46:04] ry [22/11/2017 13:48:39] "SendTo"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\SendTo [22/11/2017 13:48:39] 13:48:39] "Start Menu"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu [22/11/2017 13:48:39] "My Music"=C:\Users\christian\Music [22/11/2017 13:48:39] s\Cookies [22/11/2017 13:48:39] "Programs"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [22/11/2017 13:48:39] "Recent"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Recent [22/11/2017 13:48:39] "SendTo"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\SendTo [22/11/2017 13:48:39] "CD Burning"=C:\Users\christian\AppData\Local\Microsoft\Windows\Burn\Burn [22/11/2017 13:48:39] ] "PrintHood"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [22/11/2017 13:48:39] "Programs"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [22/11/2017 13:48:39] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\christian\Desktop\Downloads "Recent"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Recent [22/11/2017 13:48:39] 48:39] "Startup"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [22/11/2017 13:48:39] "CD Burning"=C:\Users\christian\AppData\Local\Microsoft\Windows\Burn\Burn [22/11/2017 13:48:39] "Administrative Tools"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/11/2017 13:48:39] "Personal"=C:\Users\christian\Documents [22/11/2017 13:48:39] hes "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\christian\Desktop\Downloads "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\christian\AppData\LocalLow [22/11/2017 13:48:39] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\christian\Links enu\Programs\Startup [22/11/2017 13:48:39] "Cache"=C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files [22/11/2017 13:48:39] "Templates"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Templates [22/11/2017 13:48:39] nistrative Tools [22/11/2017 13:48:39] "Personal"=C:\Users\christian\Documents [22/11/2017 13:48:39] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\christian\Saved Games "Fonts"=C:\Windows\Fonts [14/07/2009 05:20:09] christian\Links ache"=C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files [22/11/2017 13:48:39] "Templates"=C:\Users\christian\AppData\Roaming\Microsoft\Windows\Templates [22/11/2017 13:48:39] er\User Shell Folders] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\christian\Saved Games "Fonts"=C:\Windows\Fonts [14/07/2009 05:20:09] ows\Temporary Internet Files "Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies "Desktop"=%USERPROFILE%\Desktop 2110668100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Favorites"=%USERPROFILE%\Favorites "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies "Local AppData"=%USERPROFILE%\AppData\Local "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo ortcuts "Personal"=%USERPROFILE%\Documents \Microsoft\Windows\Start Menu\Programs\Startup "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu ms "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent s "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Desktop\Downloads "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts tup "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Desktop\Downloads 05:20:08] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 05:20:08] inter Shortcuts "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 05:20:08] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] 4/07/2009 05:20:08] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 05:20:08] "CommonMusic"=C:\Users\Public\Music [14/07/2009 05:20:08] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 07:32:38] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 05:20:08] "Common Documents"=C:\Users\Public\Documents [14/07/2009 05:20:08] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:20:08] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 05:20:08] "Common AppData"=C:\ProgramData [14/07/2009 05:20:08] ndows\Start Menu\Programs\Administrative Tools [14/07/2009 07:32:38] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 05:20:08] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common Desktop"=%PUBLIC%\Desktop uments [14/07/2009 05:20:08] "Common Documents"=%PUBLIC%\Documents "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 05:20:08] "Common AppData"=C:\ProgramData [14/07/2009 05:20:08] "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common Desktop"=%PUBLIC%\Desktop osoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 05:20:08] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 05:20:08] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 05:20:08] ograms\Startup "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 05:20:08] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:20:08] "CommonMusic"=C:\Users\Public\Music [14/07/2009 05:20:08] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Desktop"=C:\Users\Public\Desktop [14/07/2009 05:20:08] rt Menu\Programs\Administrative Tools [14/07/2009 07:32:38] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 05:20:08] "CommonVideo"=C:\Users\Public\Videos [14/07/2009 05:20:08] "Common Documents"=C:\Users\Public\Documents [14/07/2009 05:20:08] "CommonPictures"=C:\Users\Public\Pictures [14/07/2009 05:20:08] "OEM Links"=C:\ProgramData\OEM Links "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 05:20:08] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 05:20:08] "CommonMusic"=C:\Users\Public\Music [14/07/2009 05:20:08] "Common AppData"=C:\ProgramData [14/07/2009 05:20:08] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [14/07/2009 07:32:38] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 05:20:08] "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=C:\Users\Public\Documents [14/07/2009 05:20:08] "Common Documents"=%PUBLIC%\Documents "OEM Links"=C:\ProgramData\OEM Links "CommonPictures"=%PUBLIC%\Pictures "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [14/07/2009 05:20:08] "CommonMusic"=%PUBLIC%\Music "Common AppData"=C:\ProgramData [14/07/2009 05:20:08] "CommonVideo"=%PUBLIC%\Videos [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common Desktop"=%PUBLIC%\Desktop "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "CommonMusic"=%PUBLIC%\Music "Common AppData"=%ProgramData% "Common Templates"=%ProgramData%\Microsoft\Windows\Templates 3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu ---------- | [AppData] "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "Common Templates"=%ProgramData%\Microsoft\Windows\Templates [26/11/2017 19:51:33] - |D| - [0] - C:\Users\AppData\LocalLow [17/07/2018 08:59:22] - |A| - [262144] - C:\Users\AppData\ntuser.dat [26/11/2017 19:51:33] - |D| - [0] - C:\Users\AppData\LocalLow [17/07/2018 08:59:22] - |ASH| - [5120] - C:\Users\AppData\ntuser.dat.LOG1 [17/07/2018 08:59:22] - |A| - [262144] - C:\Users\AppData\ntuser.dat [17/07/2018 08:59:22] - |ASH| - [0] - C:\Users\AppData\ntuser.dat.LOG2 1 [17/07/2018 08:59:23] - |ASH| - [65536] - C:\Users\AppData\ntuser.dat{8d5e6375-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 08:59:23] - |ASH| - [65536] - C:\Users\AppData\ntuser.dat{8d5e6375-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 08:59:23] - |ASH| - [524288] - C:\Users\AppData\ntuser.dat{8d5e6375-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 08:59:23] - |ASH| - [524288] - C:\Users\AppData\ntuser.dat{8d5e6375-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 08:59:23] - |ASH| - [524288] - C:\Users\AppData\ntuser.dat{8d5e6375-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms [17/07/2018 08:59:23] - |ASH| - [524288] - C:\Users\AppData\ntuser.dat{8d5e6375-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms [17/07/2018 09:00:33] - |ASH| - [65536] - C:\Users\AppData\ntuser.dat{8d5e63d2-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 09:00:33] - |ASH| - [524288] - C:\Users\AppData\ntuser.dat{8d5e63d2-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 09:00:33] - |ASH| - [524288] - C:\Users\AppData\ntuser.dat{8d5e63d2-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms ---------- | [christian] ---------- | [christian] [28/01/2018 10:38:50] - |D| - [488996060] - C:\Users\christian\.fcc [22/11/2017 13:48:39] - |HD| - [1361664958] - C:\Users\christian\AppData [22/11/2017 13:48:39] - |HD| - [1361664958] - C:\Users\christian\AppData [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Application Data [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Application Data [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Cookies [22/11/2017 13:48:39] - |RD| - [113952974] - C:\Users\christian\Desktop [22/11/2017 13:48:39] - |RD| - [113952974] - C:\Users\christian\Desktop [22/11/2017 13:48:39] - |RD| - [25381069] - C:\Users\christian\Documents [10/12/2017 14:54:12] - |D| - [1759528336] - C:\Users\christian\Dossier Théocratique [17/12/2017 13:24:57] - |D| - [4099014] - C:\Users\christian\Downloads [17/12/2017 13:24:57] - |D| - [4099014] - C:\Users\christian\Downloads [16/08/2018 08:46:04] - |RD| - [402] - C:\Users\christian\Favorites [16/08/2018 08:46:04] - |RD| - [402] - C:\Users\christian\Favorites [16/07/2018 14:59:18] - |D| - [715776643] - C:\Users\christian\Fonds d'écran windows [16/08/2018 17:16:08] - |D| - [35507254] - C:\Users\christian\Jardinage [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Local Settings [22/11/2017 17:29:08] - |RD| - [9847571] - C:\Users\christian\Logiciels [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Menu Démarrer [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Mes documents [22/11/2017 17:29:55] - |D| - [97130373] - C:\Users\christian\Mes photos [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Modèles [22/11/2017 13:48:39] - |RD| - [1055103529] - C:\Users\christian\Music [22/11/2017 13:48:39] - |ASH| - [2621440] - C:\Users\christian\ntuser.dat [22/11/2017 13:48:42] - |ASH| - [262144] - C:\Users\christian\ntuser.dat.LOG1 [22/11/2017 13:48:42] - |ASH| - [0] - C:\Users\christian\ntuser.dat.LOG2 [22/11/2017 13:48:42] - |ASH| - [0] - C:\Users\christian\ntuser.dat.LOG2 [22/11/2017 13:48:42] - |ASH| - [65536] - C:\Users\christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [22/11/2017 13:48:42] - |ASH| - [524288] - C:\Users\christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [22/11/2017 13:48:42] - |ASH| - [524288] - C:\Users\christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [24/11/2017 16:26:40] - |ASH| - [65536] - C:\Users\christian\ntuser.dat{657f6ddd-d123-11e7-8c3c-ac9e175ac4e9}.TM.blf [24/11/2017 16:26:40] - |ASH| - [524288] - C:\Users\christian\ntuser.dat{657f6ddd-d123-11e7-8c3c-ac9e175ac4e9}.TMContainer00000000000000000001.regtrans-ms [24/11/2017 16:26:40] - |ASH| - [524288] - C:\Users\christian\ntuser.dat{657f6ddd-d123-11e7-8c3c-ac9e175ac4e9}.TMContainer00000000000000000002.regtrans-ms [30/07/2018 14:53:56] - |ASH| - [65536] - C:\Users\christian\ntuser.dat{89542b5e-93f7-11e8-9566-ac9e175ac4e9}.TM.blf [30/07/2018 14:53:56] - |ASH| - [524288] - C:\Users\christian\ntuser.dat{89542b5e-93f7-11e8-9566-ac9e175ac4e9}.TMContainer00000000000000000001.regtrans-ms [30/07/2018 14:53:57] - |ASH| - [524288] - C:\Users\christian\ntuser.dat{89542b5e-93f7-11e8-9566-ac9e175ac4e9}.TMContainer00000000000000000002.regtrans-ms [09/12/2017 14:02:55] - |ASH| - [65536] - C:\Users\christian\ntuser.dat{d94f77dd-dcd8-11e7-b04a-ac9e175ac4e9}.TM.blf [09/12/2017 14:02:55] - |ASH| - [524288] - C:\Users\christian\ntuser.dat{d94f77dd-dcd8-11e7-b04a-ac9e175ac4e9}.TMContainer00000000000000000001.regtrans-ms [09/12/2017 14:02:55] - |ASH| - [524288] - C:\Users\christian\ntuser.dat{d94f77dd-dcd8-11e7-b04a-ac9e175ac4e9}.TMContainer00000000000000000002.regtrans-ms [18/07/2018 17:26:10] - |ASH| - [65536] - C:\Users\christian\ntuser.dat{db638b5d-8a9e-11e8-b049-ac9e175ac4e9}.TM.blf [18/07/2018 17:26:10] - |ASH| - [524288] - C:\Users\christian\ntuser.dat{db638b5d-8a9e-11e8-b049-ac9e175ac4e9}.TMContainer00000000000000000001.regtrans-ms [18/07/2018 17:26:10] - |ASH| - [524288] - C:\Users\christian\ntuser.dat{db638b5d-8a9e-11e8-b049-ac9e175ac4e9}.TMContainer00000000000000000002.regtrans-ms [22/11/2017 13:48:39] - |SH| - [20] - C:\Users\christian\ntuser.ini [09/08/2018 14:15:48] - |D| - [22139726] - C:\Users\christian\Photos depuis le 9-août [22/11/2017 13:48:39] - |RD| - [133709443] - C:\Users\christian\Pictures [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Recent [06/06/2018 14:32:28] - |D| - [72896] - C:\Users\christian\Reçus fiscaux TJF 2018 [06/06/2018 14:32:28] - |D| - [72896] - C:\Users\christian\Reçus fiscaux TJF 2018 [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\SendTo [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\SendTo [22/01/2018 12:31:43] - |D| - [0] - C:\Users\christian\synopsis [24/11/2017 19:48:24] - |ASH| - [47104] - C:\Users\christian\Thumbs.db [27/11/2017 11:23:56] - |D| - [15355022] - C:\Users\christian\Vidéos perso [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Voisinage d'impression [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\Voisinage réseau [22/11/2017 13:48:39] - |D| - [1119284417] - C:\Users\christian\AppData\Local [22/11/2017 13:48:39] - |D| - [1119284417] - C:\Users\christian\AppData\Local [22/11/2017 13:48:39] - |D| - [2604011] - C:\Users\christian\AppData\LocalLow [22/11/2017 13:48:39] - |D| - [2604011] - C:\Users\christian\AppData\LocalLow [22/11/2017 13:48:39] - |D| - [239776530] - C:\Users\christian\AppData\Roaming [22/11/2017 13:48:39] - |D| - [239776530] - C:\Users\christian\AppData\Roaming [22/11/2017 18:26:17] - |D| - [187077] - C:\Users\christian\AppData\Local\Adobe [22/11/2017 18:26:17] - |D| - [187077] - C:\Users\christian\AppData\Local\Adobe [22/11/2017 20:59:10] - |D| - [1064932] - C:\Users\christian\AppData\Local\AMD [22/11/2017 20:59:10] - |D| - [1064932] - C:\Users\christian\AppData\Local\AMD [09/12/2017 12:28:55] - |D| - [0] - C:\Users\christian\AppData\Local\Apple [09/12/2017 12:30:48] - |D| - [45780135] - C:\Users\christian\AppData\Local\Apple Computer [09/12/2017 12:28:55] - |D| - [0] - C:\Users\christian\AppData\Local\Apple [09/12/2017 12:30:48] - |D| - [45780135] - C:\Users\christian\AppData\Local\Apple Computer [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\AppData\Local\Application Data [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\AppData\Local\Application Data [31/07/2018 08:58:12] - |D| - [2349365] - C:\Users\christian\AppData\Local\Apps [31/07/2018 08:58:12] - |D| - [2349365] - C:\Users\christian\AppData\Local\Apps [18/07/2018 15:38:37] - |D| - [18274] - C:\Users\christian\AppData\Local\ATI [20/02/2018 12:53:02] - |D| - [0] - C:\Users\christian\AppData\Local\CEF [22/11/2017 15:36:00] - |D| - [468182] - C:\Users\christian\AppData\Local\cFos [18/07/2018 15:38:37] - |D| - [18274] - C:\Users\christian\AppData\Local\ATI [31/07/2018 08:58:12] - |D| - [0] - C:\Users\christian\AppData\Local\Deployment [20/02/2018 12:53:02] - |D| - [0] - C:\Users\christian\AppData\Local\CEF [30/07/2018 16:55:20] - |D| - [886644] - C:\Users\christian\AppData\Local\Diagnostics [22/11/2017 15:36:00] - |D| - [468182] - C:\Users\christian\AppData\Local\cFos [31/07/2018 08:58:12] - |D| - [0] - C:\Users\christian\AppData\Local\Deployment [30/07/2018 16:55:20] - |D| - [886644] - C:\Users\christian\AppData\Local\Diagnostics [30/07/2018 17:10:31] - |D| - [550135] - C:\Users\christian\AppData\Local\ElevatedDiagnostics [22/11/2017 13:48:39] - |SHD| - [0] - C:\Users\christian\AppData\Local\EmieSiteList [22/11/2017 13:48:39] - |SHD| - [0] - C:\Users\christian\AppData\Local\EmieUserList [30/07/2018 17:10:31] - |D| - [550135] - C:\Users\christian\AppData\Local\ElevatedDiagnostics [20/02/2018 12:52:54] - |D| - [0] - C:\Users\christian\AppData\Local\Facebook [22/11/2017 13:48:39] - |SHD| - [0] - C:\Users\christian\AppData\Local\EmieSiteList [22/11/2017 13:48:39] - |SHD| - [0] - C:\Users\christian\AppData\Local\EmieUserList [20/02/2018 12:52:54] - |D| - [0] - C:\Users\christian\AppData\Local\Facebook [22/11/2017 17:34:48] - |D| - [31327584] - C:\Users\christian\AppData\Local\FCC [22/11/2017 17:34:48] - |D| - [31327584] - C:\Users\christian\AppData\Local\FCC [22/11/2017 17:34:48] - |D| - [216403] - C:\Users\christian\AppData\Local\FCCPlugins [22/11/2017 17:34:48] - |D| - [216403] - C:\Users\christian\AppData\Local\FCCPlugins [22/11/2017 13:52:07] - |A| - [114640] - C:\Users\christian\AppData\Local\GDIPFONTCACHEV1.DAT [22/11/2017 13:52:07] - |A| - [114640] - C:\Users\christian\AppData\Local\GDIPFONTCACHEV1.DAT [22/11/2017 15:01:31] - |D| - [367594269] - C:\Users\christian\AppData\Local\Google [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\AppData\Local\Historique [22/11/2017 14:58:17] - |D| - [105332] - C:\Users\christian\AppData\Local\HP [21/07/2018 10:41:30] - |AH| - [1812401] - C:\Users\christian\AppData\Local\IconCache.db [22/11/2017 15:01:31] - |D| - [367594269] - C:\Users\christian\AppData\Local\Google [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\AppData\Local\Historique [22/11/2017 14:58:17] - |D| - [105332] - C:\Users\christian\AppData\Local\HP [21/07/2018 10:41:30] - |AH| - [1812401] - C:\Users\christian\AppData\Local\IconCache.db [22/11/2017 13:48:39] - |D| - [639953762] - C:\Users\christian\AppData\Local\Microsoft [27/12/2017 14:59:41] - |D| - [65272] - C:\Users\christian\AppData\Local\Microsoft Help [22/11/2017 13:48:39] - |D| - [639953762] - C:\Users\christian\AppData\Local\Microsoft [31/07/2018 09:35:59] - |D| - [17927855] - C:\Users\christian\AppData\Local\Mozilla [22/11/2017 15:35:21] - |D| - [0] - C:\Users\christian\AppData\Local\Programs [22/11/2017 20:24:06] - |D| - [1825189] - C:\Users\christian\AppData\Local\RadeonInstaller [27/12/2017 14:59:41] - |D| - [65272] - C:\Users\christian\AppData\Local\Microsoft Help [31/07/2018 09:35:59] - |D| - [17927855] - C:\Users\christian\AppData\Local\Mozilla [22/11/2017 13:48:39] - |D| - [3275170] - C:\Users\christian\AppData\Local\Temp [22/11/2017 15:35:21] - |D| - [0] - C:\Users\christian\AppData\Local\Programs [22/11/2017 20:24:06] - |D| - [1825189] - C:\Users\christian\AppData\Local\RadeonInstaller [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\AppData\Local\Temporary Internet Files [22/11/2017 13:48:39] - |D| - [3275170] - C:\Users\christian\AppData\Local\Temp [22/11/2017 17:41:57] - |D| - [3737960] - C:\Users\christian\AppData\Local\Thunderbird [22/11/2017 13:48:47] - |D| - [2855] - C:\Users\christian\AppData\Local\VirtualStore [23/11/2017 12:23:04] - |D| - [20981] - C:\Users\christian\AppData\Local\Watchtower [26/11/2017 20:35:31] - |D| - [0] - C:\Users\christian\AppData\LocalLow\Adobe [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\AppData\Local\Temporary Internet Files [18/07/2018 17:33:21] - |D| - [0] - C:\Users\christian\AppData\LocalLow\AMD [22/11/2017 17:41:57] - |D| - [3737960] - C:\Users\christian\AppData\Local\Thunderbird [22/11/2017 13:50:23] - |SHD| - [0] - C:\Users\christian\AppData\LocalLow\EmieSiteList [22/11/2017 13:48:47] - |D| - [2855] - C:\Users\christian\AppData\Local\VirtualStore [22/11/2017 14:27:08] - |SHD| - [0] - C:\Users\christian\AppData\LocalLow\EmieUserList [23/11/2017 12:23:04] - |D| - [20981] - C:\Users\christian\AppData\Local\Watchtower [22/11/2017 13:48:39] - |SD| - [2604011] - C:\Users\christian\AppData\LocalLow\Microsoft [26/11/2017 20:35:31] - |D| - [0] - C:\Users\christian\AppData\LocalLow\Adobe [18/07/2018 17:33:21] - |D| - [0] - C:\Users\christian\AppData\LocalLow\AMD [22/11/2017 17:41:59] - |D| - [0] - C:\Users\christian\AppData\LocalLow\Mozilla [22/11/2017 13:50:23] - |SHD| - [0] - C:\Users\christian\AppData\LocalLow\EmieSiteList [22/11/2017 13:48:39] - |D| - [226194] - C:\Users\christian\AppData\Roaming\Adobe [22/11/2017 14:27:08] - |SHD| - [0] - C:\Users\christian\AppData\LocalLow\EmieUserList [09/12/2017 12:30:48] - |D| - [3602866] - C:\Users\christian\AppData\Roaming\Apple Computer [22/11/2017 13:48:39] - |SD| - [2604011] - C:\Users\christian\AppData\LocalLow\Microsoft [22/11/2017 17:41:59] - |D| - [0] - C:\Users\christian\AppData\LocalLow\Mozilla [22/11/2017 13:48:39] - |D| - [226194] - C:\Users\christian\AppData\Roaming\Adobe [18/07/2018 15:38:37] - |D| - [0] - C:\Users\christian\AppData\Roaming\ATI [09/12/2017 12:30:48] - |D| - [3602866] - C:\Users\christian\AppData\Roaming\Apple Computer [21/07/2018 14:52:28] - |D| - [0] - C:\Users\christian\AppData\Roaming\AVS4YOU [18/07/2018 15:38:37] - |D| - [0] - C:\Users\christian\AppData\Roaming\ATI [13/01/2018 12:48:47] - |D| - [2685] - C:\Users\christian\AppData\Roaming\dvdcss [21/07/2018 14:52:28] - |D| - [0] - C:\Users\christian\AppData\Roaming\AVS4YOU [22/11/2017 15:40:42] - |D| - [0] - C:\Users\christian\AppData\Roaming\FNET [22/11/2017 16:14:41] - |D| - [0] - C:\Users\christian\AppData\Roaming\Google [13/01/2018 12:48:47] - |D| - [2685] - C:\Users\christian\AppData\Roaming\dvdcss [22/11/2017 15:00:36] - |D| - [14009] - C:\Users\christian\AppData\Roaming\HpUpdate [22/11/2017 15:40:42] - |D| - [0] - C:\Users\christian\AppData\Roaming\FNET [22/11/2017 13:48:39] - |D| - [0] - C:\Users\christian\AppData\Roaming\Identities [22/11/2017 16:14:41] - |D| - [0] - C:\Users\christian\AppData\Roaming\Google [22/11/2017 15:23:43] - |D| - [0] - C:\Users\christian\AppData\Roaming\Intel Corporation [22/11/2017 15:00:36] - |D| - [14009] - C:\Users\christian\AppData\Roaming\HpUpdate [22/11/2017 15:38:25] - |D| - [0] - C:\Users\christian\AppData\Roaming\Macromedia [22/11/2017 13:48:39] - |SD| - [159454571] - C:\Users\christian\AppData\Roaming\Microsoft [22/11/2017 13:48:39] - |D| - [0] - C:\Users\christian\AppData\Roaming\Identities [22/11/2017 17:41:57] - |D| - [58219420] - C:\Users\christian\AppData\Roaming\Mozilla [22/11/2017 15:23:43] - |D| - [0] - C:\Users\christian\AppData\Roaming\Intel Corporation [22/11/2017 19:04:06] - |D| - [4659520] - C:\Users\christian\AppData\Roaming\Skype [22/11/2017 15:38:25] - |D| - [0] - C:\Users\christian\AppData\Roaming\Macromedia [22/11/2017 17:41:57] - |D| - [13505503] - C:\Users\christian\AppData\Roaming\Thunderbird [22/11/2017 13:48:39] - |SD| - [159454571] - C:\Users\christian\AppData\Roaming\Microsoft [22/11/2017 18:22:27] - |D| - [91750] - C:\Users\christian\AppData\Roaming\vlc [23/11/2017 12:23:05] - |D| - [0] - C:\Users\christian\AppData\Roaming\Watchtower [22/11/2017 17:41:57] - |D| - [58219420] - C:\Users\christian\AppData\Roaming\Mozilla [08/05/2018 17:09:29] - |D| - [12] - C:\Users\christian\AppData\Roaming\WinRAR [22/11/2017 19:04:06] - |D| - [4659520] - C:\Users\christian\AppData\Roaming\Skype [22/11/2017 17:41:57] - |D| - [13505503] - C:\Users\christian\AppData\Roaming\Thunderbird [22/11/2017 18:22:27] - |D| - [91750] - C:\Users\christian\AppData\Roaming\vlc [23/11/2017 12:23:05] - |D| - [0] - C:\Users\christian\AppData\Roaming\Watchtower [22/11/2017 13:48:39] - |ASH| - [174] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [08/05/2018 17:09:29] - |D| - [12] - C:\Users\christian\AppData\Roaming\WinRAR [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [22/11/2017 13:48:39] - |ASH| - [174] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [22/11/2017 13:48:39] - |RD| - [23866] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [22/11/2017 13:48:42] - |SHD| - [0] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [22/11/2017 13:48:39] - |RD| - [23866] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [22/11/2017 13:48:39] - |RD| - [14639] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [22/11/2017 13:48:39] - |RD| - [14639] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [22/11/2017 13:48:39] - |RD| - [174] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/11/2017 13:48:39] - |RD| - [174] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/11/2017 13:48:39] - |ASH| - [476] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [22/11/2017 13:48:39] - |ASH| - [476] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [29/04/2018 09:46:53] - |D| - [2129] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FCC [29/04/2018 09:46:53] - |D| - [2129] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FCC [22/11/2017 13:48:39] - |A| - [1429] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [22/11/2017 13:48:39] - |A| - [1429] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [22/11/2017 13:48:39] - |RD| - [580] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [22/11/2017 13:48:39] - |RD| - [580] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [22/11/2017 13:48:39] - |RD| - [174] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [22/11/2017 13:48:39] - |RD| - [174] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [08/05/2018 17:08:34] - |D| - [4265] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [08/05/2018 17:08:34] - |D| - [4265] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [22/11/2017 13:48:39] - |ASH| - [174] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [14/07/2009 05:20:08] - |RHD| - [2803] - C:\Users\Public\Desktop [14/07/2009 06:54:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [14/07/2009 05:20:08] - |RD| - [278] - C:\Users\Public\Documents [14/07/2009 05:20:08] - |RD| - [174] - C:\Users\Public\Downloads [14/07/2009 05:20:08] - |RHD| - [0] - C:\Users\Public\Favorites [14/07/2009 05:20:08] - |RHD| - [3992] - C:\Users\Public\Libraries [14/07/2009 05:20:08] - |RD| - [9026435] - C:\Users\Public\Music [17/07/2018 08:59:25] - |A| - [262144] - C:\Users\Public\ntuser.dat [17/07/2018 08:59:25] - |ASH| - [5120] - C:\Users\Public\ntuser.dat.LOG1 [17/07/2018 08:59:25] - |ASH| - [0] - C:\Users\Public\ntuser.dat.LOG2 [17/07/2018 08:59:26] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{8d5e637f-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 08:59:26] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{8d5e637f-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 08:59:26] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{8d5e637f-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms [17/07/2018 09:00:33] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{8d5e63dc-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 09:00:33] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{8d5e63dc-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 09:00:33] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{8d5e63dc-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms [14/07/2009 05:20:08] - |RD| - [5925179] - C:\Users\Public\Pictures [12/04/2011 11:27:52] - |RD| - [9699328] - C:\Users\Public\Recorded TV [14/07/2009 05:20:08] - |RD| - [26246732] - C:\Users\Public\Videos ---------- | C:\ProgramData [22/11/2017 14:32:02] - |D| - [769] - C:\ProgramData\Adobe [22/11/2017 14:58:58] - |A| - [57] - C:\ProgramData\Ament.ini [09/12/2017 12:27:29] - |D| - [256] - C:\ProgramData\Apple [09/12/2017 12:29:46] - |D| - [546] - C:\ProgramData\Apple Computer [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Application Data [18/07/2018 15:38:37] - |D| - [0] - C:\ProgramData\ATI [24/11/2017 17:50:08] - |D| - [19808] - C:\ProgramData\Audyssey Labs [21/07/2018 14:52:29] - |D| - [0] - C:\ProgramData\AVS4YOU [22/11/2017 13:48:32] - |SHD| - [0] - C:\ProgramData\Bureau [22/11/2017 13:48:39] - |ASH| - [174] - C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [14/07/2009 05:20:08] - |RHD| - [2803] - C:\Users\Public\Desktop [14/07/2009 06:54:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [14/07/2009 05:20:08] - |RD| - [278] - C:\Users\Public\Documents [22/11/2017 15:36:00] - |D| - [8171] - C:\ProgramData\cFos [14/07/2009 05:20:08] - |RD| - [174] - C:\Users\Public\Downloads [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Desktop [14/07/2009 05:20:08] - |RHD| - [0] - C:\Users\Public\Favorites [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Documents [14/07/2009 05:20:08] - |RHD| - [3992] - C:\Users\Public\Libraries [24/11/2017 17:50:14] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [22/11/2017 13:48:32] - |SHD| - [0] - C:\ProgramData\Favoris ic [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Favorites dat [17/07/2018 08:59:25] - |ASH| - [5120] - C:\Users\Public\ntuser.dat.LOG1 [17/07/2018 08:59:25] - |ASH| - [0] - C:\Users\Public\ntuser.dat.LOG2 [17/07/2018 08:59:26] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{8d5e637f-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 08:59:26] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{8d5e637f-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 08:59:26] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{8d5e637f-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms [17/07/2018 09:00:33] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{8d5e63dc-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 09:00:33] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{8d5e63dc-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 09:00:33] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{8d5e63dc-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms [14/07/2009 05:20:08] - |RD| - [5925179] - C:\Users\Public\Pictures [12/04/2011 11:27:52] - |RD| - [9699328] - C:\Users\Public\Recorded TV [14/07/2009 05:20:08] - |RD| - [26246732] - C:\Users\Public\Videos ---------- | C:\ProgramData [22/11/2017 14:32:02] - |D| - [769] - C:\ProgramData\Adobe [22/11/2017 14:58:58] - |A| - [57] - C:\ProgramData\Ament.ini [09/12/2017 12:27:29] - |D| - [256] - C:\ProgramData\Apple [09/12/2017 12:29:46] - |D| - [546] - C:\ProgramData\Apple Computer [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Application Data [18/07/2018 15:38:37] - |D| - [0] - C:\ProgramData\ATI [24/11/2017 17:50:08] - |D| - [19808] - C:\ProgramData\Audyssey Labs [21/07/2018 14:52:29] - |D| - [0] - C:\ProgramData\AVS4YOU [22/11/2017 13:48:32] - |SHD| - [0] - C:\ProgramData\Bureau [22/11/2017 15:36:00] - |D| - [8171] - C:\ProgramData\cFos [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Desktop [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Documents [24/11/2017 17:50:14] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [22/11/2017 13:48:32] - |SHD| - [0] - C:\ProgramData\Favoris [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Favorites [22/11/2017 15:35:37] - |D| - [3581632] - C:\ProgramData\FNET [22/11/2017 14:59:42] - |D| - [15821151] - C:\ProgramData\HP [22/11/2017 14:59:42] - |D| - [15821151] - C:\ProgramData\HP [22/11/2017 15:23:31] - |D| - [0] - C:\ProgramData\Intel [22/11/2017 15:23:31] - |D| - [0] - C:\ProgramData\Intel [22/11/2017 18:12:08] - |D| - [510809149] - C:\ProgramData\Kaspersky Lab [22/11/2017 18:00:42] - |D| - [10915043] - C:\ProgramData\Kaspersky Lab Setup Files [10/05/2018 11:15:59] - |D| - [386923088] - C:\ProgramData\Malwarebytes [10/05/2018 12:28:05] - |D| - [53282] - C:\ProgramData\MB2Migration [22/11/2017 13:48:32] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [14/07/2009 05:20:08] - |SD| - [583678930] - C:\ProgramData\Microsoft [27/12/2017 14:59:36] - |D| - [14984] - C:\ProgramData\Microsoft Help [27/12/2017 14:59:36] - |D| - [14984] - C:\ProgramData\Microsoft Help [22/11/2017 13:48:32] - |SHD| - [0] - C:\ProgramData\Modèles [22/11/2017 15:38:44] - |D| - [120867] - C:\ProgramData\NortonInstaller [17/07/2018 08:59:21] - |A| - [262144] - C:\ProgramData\ntuser.dat [17/07/2018 08:59:21] - |A| - [262144] - C:\ProgramData\ntuser.dat [17/07/2018 08:59:21] - |ASH| - [5120] - C:\ProgramData\ntuser.dat.LOG1 [17/07/2018 08:59:21] - |ASH| - [0] - C:\ProgramData\ntuser.dat.LOG2 [17/07/2018 08:59:22] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{8d5e6371-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 08:59:21] - |ASH| - [0] - C:\ProgramData\ntuser.dat.LOG2 d5e6371-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 08:59:22] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{8d5e6371-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms [17/07/2018 09:00:30] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{8d5e63ce-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 08:59:22] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{8d5e6371-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 08:59:22] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{8d5e6371-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms [17/07/2018 09:00:30] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{8d5e63ce-898c-11e8-af3a-d05099246809}.TM.blf [17/07/2018 09:00:30] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{8d5e63ce-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000001.regtrans-ms [17/07/2018 09:00:30] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{8d5e63ce-898c-11e8-af3a-d05099246809}.TMContainer00000000000000000002.regtrans-ms [22/11/2017 20:26:00] - |D| - [15689643] - C:\ProgramData\Package Cache [27/12/2017 15:04:18] - |D| - [1065] - C:\ProgramData\regid.1991-06.com.microsoft [22/11/2017 18:54:26] - |D| - [46551040] - C:\ProgramData\Skype [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Start Menu [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Templates ---------- | C:\ProgramData\Microsoft\Windows\Start Menu ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 07:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 07:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 06:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [14/07/2009 06:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [22/11/2017 13:48:32] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [22/11/2017 13:48:32] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [14/07/2009 05:20:08] - |RD| - [249969] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 06:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [26/02/2018 14:51:40] - |D| - [1489] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [14/07/2009 05:20:08] - |RD| - [42268] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [14/07/2009 07:32:38] - |RD| - [18363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [22/11/2017 14:32:06] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [22/11/2017 20:33:02] - |D| - [1933] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings [09/12/2017 14:21:35] - |D| - [8583] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Camera Suite [09/12/2017 14:21:35] - |D| - [8583] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Camera Suite [09/12/2017 14:16:17] - |D| - [3258] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility [09/12/2017 14:16:17] - |D| - [3258] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility [09/12/2017 14:29:46] - |D| - [3027] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon PhotoRecord [09/12/2017 14:29:46] - |D| - [3027] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon PhotoRecord [09/12/2017 14:26:57] - |D| - [36899] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [29/07/2018 11:56:14] - |D| - [929] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner ilities [29/07/2018 11:56:14] - |D| - [929] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner ini [22/11/2017 15:00:43] - |A| - [998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enregistrement OCR I.R.I.S..lnk [14/07/2009 07:32:38] - |RD| - [6112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games .ini [16/08/2018 09:22:19] - |A| - [2305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [22/11/2017 15:00:27] - |D| - [18440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP strement OCR I.R.I.S..lnk [18/07/2018 15:56:38] - |RD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [14/07/2009 07:32:38] - |RD| - [6112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games y Anti-Virus [22/11/2017 18:13:17] - |D| - [5832] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection [16/08/2018 09:22:19] - |A| - [2305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [14/07/2009 05:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [22/11/2017 15:00:27] - |D| - [18440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [10/05/2018 12:28:29] - |D| - [3820] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [18/07/2018 15:56:38] - |RD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [19/06/2014 13:10:23] - |A| - [1638] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk us [22/11/2017 18:13:17] - |D| - [5832] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection [27/12/2017 15:05:04] - |RD| - [55812] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [14/07/2009 05:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [13/12/2017 14:04:36] - |D| - [3175] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Midas [10/05/2018 12:28:29] - |D| - [3820] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [22/11/2017 17:41:52] - |A| - [1220] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [19/06/2014 13:10:23] - |A| - [1638] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [14/07/2009 06:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [27/12/2017 15:05:04] - |RD| - [55812] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [16/06/2018 18:41:27] - |D| - [1335] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [14/07/2009 05:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [22/11/2017 17:41:52] - |A| - [1220] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [07/12/2017 18:46:13] - |D| - [5622] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [14/07/2009 06:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk brary [16/06/2018 18:41:27] - |D| - [1335] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Anytime Upgrade.lnk [14/07/2009 05:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [19/06/2014 13:10:23] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [07/12/2017 18:46:13] - |D| - [5622] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [14/07/2009 06:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [22/11/2017 15:56:45] - |D| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library [14/07/2009 06:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [14/07/2009 06:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [08/05/2018 17:08:34] - |D| - [4193] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [19/06/2014 13:10:23] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [14/07/2009 06:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [14/07/2009 06:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 06:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [14/07/2009 06:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) \ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [14/07/2009 06:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 06:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [22/11/2017 14:31:59] - |D| - [238303657] - C:\Program Files (x86)\Adobe [22/11/2017 20:32:24] - |D| - [56105642] - C:\Program Files (x86)\AMD [09/12/2017 14:20:53] - |D| - [292839909] - C:\Program Files (x86)\ArcSoft [22/11/2017 15:29:06] - |D| - [9087730] - C:\Program Files (x86)\ASM104xUSB3 [22/11/2017 15:35:00] - |D| - [46883710] - C:\Program Files (x86)\ASRock Utility [09/12/2017 14:26:39] - |D| - [149085954] - C:\Program Files (x86)\Canon [14/07/2009 05:20:08] - |D| - [325899184] - C:\Program Files (x86)\Common Files [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [22/11/2017 15:01:32] - |D| - [467209828] - C:\Program Files (x86)\Google [22/11/2017 15:02:47] - |D| - [1771958] - C:\Program Files (x86)\Hewlett-Packard [22/11/2017 14:59:34] - |D| - [84362020] - C:\Program Files (x86)\HP [22/11/2017 14:59:34] - |D| - [84362020] - C:\Program Files (x86)\HP [22/11/2017 15:22:01] - |HD| - [24904534] - C:\Program Files (x86)\InstallShield Installation Information [22/11/2017 15:13:15] - |D| - [2439575] - C:\Program Files (x86)\Intel [22/11/2017 15:13:15] - |D| - [2439575] - C:\Program Files (x86)\Intel [14/07/2009 05:20:08] - |D| - [10541931] - C:\Program Files (x86)\Internet Explorer [22/11/2017 18:12:08] - |D| - [557384080] - C:\Program Files (x86)\Kaspersky Lab [10/05/2018 11:15:59] - |D| - [0] - C:\Program Files (x86)\Malwarebytes Anti-Malware [16/06/2018 18:41:17] - |D| - [195839482] - C:\Program Files (x86)\Microsoft [27/12/2017 14:59:51] - |D| - [103148255] - C:\Program Files (x86)\Microsoft Analysis Services [27/12/2017 14:59:51] - |D| - [103148255] - C:\Program Files (x86)\Microsoft Analysis Services [19/06/2014 13:11:18] - |D| - [97624651] - C:\Program Files (x86)\Microsoft Office [19/06/2014 13:11:18] - |D| - [97624651] - C:\Program Files (x86)\Microsoft Office [27/12/2017 15:04:28] - |D| - [30160] - C:\Program Files (x86)\Microsoft SQL Server [27/12/2017 15:04:28] - |D| - [30160] - C:\Program Files (x86)\Microsoft SQL Server [19/06/2014 13:56:32] - |D| - [8855615] - C:\Program Files (x86)\Microsoft.NET [13/12/2017 14:04:36] - |D| - [170852491] - C:\Program Files (x86)\Midas [27/12/2017 21:10:07] - |D| - [43424] - C:\Program Files (x86)\Mozilla Firefox [22/11/2017 17:41:51] - |D| - [327277] - C:\Program Files (x86)\Mozilla Maintenance Service [22/11/2017 17:41:50] - |D| - [96317732] - C:\Program Files (x86)\Mozilla Thunderbird [25/12/2017 12:11:22] - |D| - [25757] - C:\Program Files (x86)\MSBuild [22/11/2017 16:44:17] - |D| - [4938265] - C:\Program Files (x86)\MSECache [22/11/2017 16:44:17] - |D| - [4938265] - C:\Program Files (x86)\MSECache [22/11/2017 15:22:01] - |D| - [10555955] - C:\Program Files (x86)\Realtek [25/12/2017 12:11:22] - |D| - [39183617] - C:\Program Files (x86)\Reference Assemblies [22/11/2017 18:54:28] - |RD| - [633152] - C:\Program Files (x86)\Skype [22/11/2017 18:54:28] - |RD| - [633152] - C:\Program Files (x86)\Skype [14/07/2009 06:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [22/11/2017 15:22:00] - |HD| - [0] - C:\Program Files (x86)\Temp [14/07/2009 06:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [22/11/2017 20:27:05] - |D| - [1740601] - C:\Program Files (x86)\VulkanRT [22/11/2017 20:27:05] - |D| - [1740601] - C:\Program Files (x86)\VulkanRT [22/11/2017 15:47:45] - |D| - [1379697862] - C:\Program Files (x86)\Watchtower [14/07/2009 07:32:38] - |D| - [524800] - C:\Program Files (x86)\Windows Defender [14/07/2009 05:20:08] - |D| - [6181376] - C:\Program Files (x86)\Windows Mail [14/07/2009 07:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player [14/07/2009 07:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player [14/07/2009 05:20:08] - |D| - [12197556] - C:\Program Files (x86)\Windows NT [14/07/2009 07:32:38] - |D| - [4417800] - C:\Program Files (x86)\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [5994626] - C:\Program Files (x86)\Windows Sidebar [08/05/2018 17:08:27] - |D| - [5185076] - C:\Program Files (x86)\WinRAR ---------- | C:\Program Files [26/02/2018 14:51:39] - |D| - [5082325] - C:\Program Files\7-Zip [22/11/2017 20:24:02] - |D| - [283534771] - C:\Program Files\AMD [22/11/2017 15:36:08] - |D| - [0] - C:\Program Files\ASRock [09/12/2017 14:16:17] - |D| - [1413438] - C:\Program Files\ASRock Utility [29/07/2018 11:56:09] - |D| - [19996200] - C:\Program Files\CCleaner [14/07/2009 05:20:08] - |D| - [546915384] - C:\Program Files\Common Files [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini [14/07/2009 07:32:38] - |D| - [90256404] - C:\Program Files\DVD Maker [22/11/2017 13:48:32] - |SHD| - [0] - C:\Program Files\Fichiers communs [22/11/2017 15:01:57] - |D| - [943880] - C:\Program Files\Google [22/11/2017 14:59:07] - |D| - [192771679] - C:\Program Files\HP [18/07/2018 15:55:51] - |D| - [3430443] - C:\Program Files\Intel [14/07/2009 05:20:08] - |D| - [30572400] - C:\Program Files\Internet Explorer [26/11/2017 20:31:52] - |D| - [160525284] - C:\Program Files\Malwarebytes [27/12/2017 14:59:51] - |D| - [120350535] - C:\Program Files\Microsoft Analysis Services [14/07/2009 07:32:38] - |D| - [149237810] - C:\Program Files\Microsoft Games [27/12/2017 14:59:37] - |D| - [1426081439] - C:\Program Files\Microsoft Office [19/06/2014 13:11:28] - |D| - [0] - C:\Program Files\Microsoft Security Client [27/12/2017 15:03:59] - |D| - [35280] - C:\Program Files\Microsoft SQL Server [27/12/2017 15:04:28] - |D| - [679616] - C:\Program Files\Microsoft.NET [31/07/2018 09:35:43] - |D| - [0] - C:\Program Files\Mozilla Firefox [25/12/2017 12:11:11] - |D| - [25757] - C:\Program Files\MSBuild [25/12/2017 12:11:11] - |D| - [25757] - C:\Program Files\MSBuild k [13/12/2017 13:59:38] - |D| - [48779768] - C:\Program Files\Realtek [25/12/2017 12:11:11] - |D| - [36842665] - C:\Program Files\Reference Assemblies [14/07/2009 07:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information [07/12/2017 18:45:45] - |D| - [137554819] - C:\Program Files\VideoLAN [14/07/2009 07:32:38] - |D| - [4039680] - C:\Program Files\Windows Defender [14/07/2009 05:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail [14/07/2009 05:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail [14/07/2009 07:32:38] - |D| - [7687085] - C:\Program Files\Windows Media Player [14/07/2009 05:20:08] - |D| - [12627636] - C:\Program Files\Windows NT [14/07/2009 07:32:38] - |D| - [5516056] - C:\Program Files\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [7044767] - C:\Program Files\Windows Sidebar ---------- | C:\Program Files (x86)\Common Files [22/11/2017 14:31:59] - |D| - [4600350] - C:\Program Files (x86)\Common Files\Adobe [22/11/2017 14:31:59] - |D| - [4600350] - C:\Program Files (x86)\Common Files\Adobe [22/11/2017 15:38:28] - |D| - [25438758] - C:\Program Files (x86)\Common Files\Adobe AIR [06/01/2018 12:59:44] - |D| - [0] - C:\Program Files (x86)\Common Files\Apple [21/07/2018 14:46:32] - |D| - [30010328] - C:\Program Files (x86)\Common Files\AVSMedia [21/07/2018 14:46:32] - |D| - [30010328] - C:\Program Files (x86)\Common Files\AVSMedia [23/11/2017 18:45:05] - |D| - [3735541] - C:\Program Files (x86)\Common Files\InstallShield [22/11/2017 15:28:32] - |D| - [243919] - C:\Program Files (x86)\Common Files\Intel Corporation [14/07/2009 05:20:08] - |D| - [210172168] - C:\Program Files (x86)\Common Files\microsoft shared [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [14/07/2009 05:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines [14/07/2009 05:20:08] - |D| - [10591635] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [22/11/2017 20:30:44] - |D| - [32325096] - C:\Program Files\Common files\ATI Technologies [22/11/2017 18:13:22] - |D| - [2152571] - C:\Program Files\Common files\AV [27/12/2017 15:04:40] - |D| - [14488] - C:\Program Files\Common files\DESIGNER [14/07/2009 05:20:08] - |D| - [499084988] - C:\Program Files\Common files\Microsoft Shared [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files\Common files\Services [14/07/2009 05:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines [14/07/2009 05:20:08] - |D| - [12726771] - C:\Program Files\Common files\System ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 07:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.34C871BC5AB89C5B3E22B276F03DA36B] - [14/07/2009 07:08:49] - |A| - [32482] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.34C871BC5AB89C5B3E22B276F03DA36B] - [14/07/2009 07:08:49] - |A| - [32482] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.386FFCB70F9A7F1EA8F359986753DB24] - [25/07/2018 11:57:21] - |A| - [3894] - C:\Windows\System32\Tasks\CCleaner Update : C:\Windows.old\Program Files\CCleaner\CCUpdate.exe [MD5.91A480A7D3F95FD3E2FAB20EE8C74C14] - [25/07/2018 11:51:08] - |A| - [2806] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.F5532803BD26EBF3E1A185421DADE6CC] - [20/06/2014 03:18:37] - |A| - [3566] - C:\Windows\System32\Tasks\CreateChoiceProcessTask : C:\Windows\System32\browserchoice.exe [MD5.F5532803BD26EBF3E1A185421DADE6CC] - [20/06/2014 03:18:37] - |A| - [3566] - C:\Windows\System32\Tasks\CreateChoiceProcessTask : C:\Windows\System32\browserchoice.exe [MD5.69DF893844AB0A1DBEB7780DC048FA18] - [16/08/2018 09:19:27] - |A| - [3374] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.7F647C7E01CEB6D6C9F05A0CD356C6C8] - [16/08/2018 09:19:27] - |A| - [3502] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.336872A304A663F60985D649FEA5E0C1] - [22/11/2017 15:00:35] - |A| - [3636] - C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8610 : "C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe" [MD5.336872A304A663F60985D649FEA5E0C1] - [22/11/2017 15:00:35] - |A| - [3636] - C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8610 : "C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe" [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:13] - |D| - [289278] - C:\Windows\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [27/12/2017 15:06:08] - |D| - [4730] - C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.900BAA098AD3CFC8338D30E8D8E0E98F] - [22/11/2017 20:32:54] - |A| - [3160] - C:\Windows\System32\Tasks\StartCN : "C:\Program Files\AMD\CNext\CNext\cncmd.exe" [MD5.EAF27A71833F9DC394DDA7A437DD5BED] - [22/11/2017 14:07:32] - |A| - [3968] - C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [14/07/2009 07:09:57] - |D| - [4494] - C:\Windows\System32\Tasks\WPD [MD5.39AC64861EF61677E13B518410CB8173] - [26/02/2018 13:10:55] - |A| - [3034] - C:\Windows\System32\Tasks\{22B74545-4B8C-4CB0-98CE-60B1A8A4D89C} : C:\Users\christian\Documents\Downloads\installer_jdownloader2_0225756612.exe [MD5.39AC64861EF61677E13B518410CB8173] - [26/02/2018 13:10:59] - |A| - [3034] - C:\Windows\System32\Tasks\{443A2D3F-1340-43BD-BAF7-D99BA733E96D} : C:\Users\christian\Documents\Downloads\installer_jdownloader2_0225756612.exe [MD5.86643EF9F02955AED01F36146AC14C5B] - [22/11/2017 21:06:36] - |A| - [3150] - C:\Windows\System32\Tasks\{C263A594-2ECA-4260-B889-F950FD893914} : C:\Windows\system32\pcalua.exe [MD5.8CE0B74B05E28212026CEF91957E2E3B] - [01/08/2018 19:46:13] - |A| - [3002] - C:\Windows\System32\Tasks\{D6ABE6F0-FA35-46CF-A317-04752FFD4830} : C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [MD5.8CE0B74B05E28212026CEF91957E2E3B] - [01/08/2018 19:46:13] - |A| - [3002] - C:\Windows\System32\Tasks\{D6ABE6F0-FA35-46CF-A317-04752FFD4830} : C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [MD5.436837357766908FE198145AC784897B] - [22/11/2017 15:34:36] - |A| - [3264] - C:\Windows\System32\Tasks\{E22A37AA-8216-428F-8750-45C9D81D94C5} : C:\Windows\system32\pcalua.exe [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{78F3C6CF-DAD4-441C-AFAA-4E87AE615FC1}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002| "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{9F1EF4B8-875C-4896-8E36-54EC278564F8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|Name=Port TCP WS-Eventing 5357| "{78F3C6CF-DAD4-441C-AFAA-4E87AE615FC1}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002| "{9F1EF4B8-875C-4896-8E36-54EC278564F8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|Name=Port TCP WS-Eventing 5357| "IIS-WebServerRole-HTTP-In-TCP"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=80|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30500|Desc=@%windir%\system32\inetsrv\iisres.dll,-30510|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30501| "IIS-WebServerRole-HTTPS-In-TCP"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30502|Desc=@%windir%\system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30503| "TCP Query User{6BD9EE7D-0EFE-44CF-B3EC-4E7A0F149176}C:\windows.old\users\christian\appdata\local\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\windows.old\users\christian\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User| "UDP Query User{0E7A4F6C-B354-46C3-BED2-8A0D1F85B721}C:\windows.old\users\christian\appdata\local\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\windows.old\users\christian\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User| "{9B9604C1-116A-416C-AFA6-E467B8882500}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows.old\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{35C0EDE3-7629-4FCE-A7A4-C91DC63C0F05}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows.old\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{3E1C197B-9301-4EB5-9883-2B62F2C4B717}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\7-Zip\7zFM.exe|Name=7-Zip File Manager| ystem32\inetsrv\iisres.dll,-30510|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30501| "{0FCA207B-3B98-4E7A-BE57-F20D6C9BB959}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\7-Zip\7zFM.exe|Name=7-Zip File Manager| system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30503| "{931669C6-9177-4450-83CB-7A2D24A933E3}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files\7-Zip\7zFM.exe|Name=7-Zip File Manager| "{CEBDEA82-9FD1-4AA5-94C1-09853C9CDE4B}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files\7-Zip\7zFM.exe|Name=7-Zip File Manager| "TCP Query User{6BD9EE7D-0EFE-44CF-B3EC-4E7A0F149176}C:\windows.old\users\christian\appdata\local\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\windows.old\users\christian\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User| "{FDD7E201-4DDA-4CED-80A1-E18D1787FBFC}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "UDP Query User{0E7A4F6C-B354-46C3-BED2-8A0D1F85B721}C:\windows.old\users\christian\appdata\local\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\windows.old\users\christian\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (amdkmdap) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> "{9B9604C1-116A-416C-AFA6-E467B8882500}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows.old\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| "{35C0EDE3-7629-4FCE-A7A4-C91DC63C0F05}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows.old\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update| [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 "{3E1C197B-9301-4EB5-9883-2B62F2C4B717}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\7-Zip\7zFM.exe|Name=7-Zip File Manager| [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 Manager| "{931669C6-9177-4450-83CB-7A2D24A933E3}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files\7-Zip\7zFM.exe|Name=7-Zip File Manager| [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 "{CEBDEA82-9FD1-4AA5-94C1-09853C9CDE4B}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files\7-Zip\7zFM.exe|Name=7-Zip File Manager| [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 "{FDD7E201-4DDA-4CED-80A1-E18D1787FBFC}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| KLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (amdkmdap) [] -> mRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> %SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 ystem32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 mRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 14 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 em32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 2\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 0 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 1 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (amdkmdap) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (amdkmdap) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 ight (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 ---------- | Loaded modules (whitelist) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [20/02/2018 11:53:38] - (14.0.0.9) - (AO Kaspersky Lab - Updatable component loader [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kl1.sys [27/01/2018 11:10:16] - (5.2.6.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\Windows\system32\DRIVERS\cm_km.sys [27/12/2017 10:10:46] - (15.0.0.12) - (AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klbackupdisk.sys [25/04/2018 21:41:26] - (20.0.44.61) - (AO Kaspersky Lab - klhk [fre_win7_x64]) - C:\Windows\system32\DRIVERS\klhk.sys [02/02/2018 03:45:36] - (15.0.0.17) - (AO Kaspersky Lab - Backup File Filter [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klbackupflt.sys [23/07/2018 12:24:41] - (15.1.29.0) - (AO Kaspersky Lab - Filter Core [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klflt.sys [23/07/2018 12:24:41] - (15.1.87.0) - (AO Kaspersky Lab - Core System Interceptors [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klif.sys [30/05/2017 18:51:40] - (14.0.0.3) - (AO Kaspersky Lab - Format Recognizer [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klpd.sys [07/11/2017 23:56:12] - (14.0.0.5) - (AO Kaspersky Lab - Legacy Network Filter [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kltdi.sys [17/02/2018 02:50:40] - (14.0.0.99) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win7_x64]) - C:\Windows\system32\DRIVERS\klwtp.sys [12/02/2018 04:17:12] - (14.0.0.18) - (AO Kaspersky Lab - Packet Network Filter [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klim6.sys [24/02/2018 05:17:48] - (15.0.0.11) - (AO Kaspersky Lab - Network Processor [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kneps.sys [09/12/2017 14:16:17] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - ASRock App Charger Driver) - C:\Windows\system32\DRIVERS\AsrAppCharger.sys [09/12/2017 14:16:17] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - ASRock App Charger Driver) - C:\Windows\system32\DRIVERS\AsrAppCharger.sys [11/01/2017 05:59:42] - (1.16.43.1) - (ASMedia Technology Inc - ASMedia xHCI Host Controller Driver) - C:\Windows\system32\DRIVERS\asmtxhci.sys [07/06/2016 02:31:06] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\Windows\system32\DRIVERS\kltap.sys [11/01/2017 05:59:40] - (1.16.43.1) - (ASMedia Technology Inc - ASMedia USB3.1 Hub Driver) - C:\Windows\system32\DRIVERS\asmthub3.sys [15/01/2018 05:16:12] - (15.0.0.3) - (AO Kaspersky Lab - Keyboard Device Filter [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klkbdflt.sys [11/12/2017 11:49:14] - (13.0.0.4) - (AO Kaspersky Lab - Mouse Device Filter [fre_wlh_x64]) - C:\Windows\system32\DRIVERS\klmouflt.sys [25/04/2018 21:41:26] - (16.2.11.0) - (AO Kaspersky Lab - Virtual Disk [fre_win7_x64]) - C:\Windows\system32\DRIVERS\kldisk.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - atapi (Canal IDE) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) -> system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Compbatt (Pilote de batterie composite Microsoft) -> system32\drivers\compbatt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iaStorA () -> system32\DRIVERS\iaStorA.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iaStorF () -> system32\DRIVERS\iaStorF.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iusb3hcs (Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0) -> system32\DRIVERS\iusb3hcs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - kl1 (kl1) -> system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) -> system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AsrAppCharger (AsrAppCharger) -> system32\DRIVERS\AsrAppCharger.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\Windows\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) -> system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - klhk (Kaspersky Lab service driver) -> system32\DRIVERS\klhk.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) -> system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - klim6 (Kaspersky Anti-Virus NDIS 6 Filter) -> system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) -> system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - kltdi (kltdi) -> system32\DRIVERS\kltdi.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Klwtp (KLwtp - WFP callout traffic inspector) -> system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - kneps (kneps) -> system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> \SystemRoot\system32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Serial (Pilote de port série) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - TermDD (Pilote de périphérique terminal) -> \SystemRoot\system32\drivers\termdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - kldisk (kldisk) -> system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\System32\Drivers\MbamChameleon.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - atapi (Canal IDE) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) -> system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Compbatt (Pilote de batterie composite Microsoft) -> system32\drivers\compbatt.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iaStorA () -> system32\DRIVERS\iaStorA.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iaStorF () -> system32\DRIVERS\iaStorF.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iusb3hcs (Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0) -> system32\DRIVERS\iusb3hcs.sys - AcceptPause: False - AcceptStop: True [MD5.1A234F4643F5658BAB07BFA611282267] - [26/11/2017 19:50:36] - (.Copyright (C) 2012 ASRock Incorporation - ASRock IO Driver.) - [21.76 Ko] - (1.0.0.0) - C:\Windows\Syswow64\Drivers\AsrDrv101.sys R0 - [Kernel Driver] - kl1 (kl1) -> system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) -> system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AsrAppCharger (AsrAppCharger) -> system32\DRIVERS\AsrAppCharger.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\Windows\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) -> system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - klhk (Kaspersky Lab service driver) -> system32\DRIVERS\klhk.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) -> system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - klim6 (Kaspersky Anti-Virus NDIS 6 Filter) -> system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) -> system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - kltdi (kltdi) -> system32\DRIVERS\kltdi.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Klwtp (KLwtp - WFP callout traffic inspector) -> system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - kneps (kneps) -> system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> \SystemRoot\system32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True [HKU\S-1-5-21-4157162215-3885314228-2110668100-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\FCC] : (FCC.-.FreeConferenceCall LLC) -> C:\Users\christian\AppData\Local\FCC\fcc_uninstaller.exe R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Serial (Pilote de port série) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - TermDD (Pilote de périphérique terminal) -> \SystemRoot\system32\drivers\termdd.sys - AcceptPause: False - AcceptStop: True [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> e: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - kldisk (kldisk) -> system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\System32\Drivers\MbamChameleon.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) [MD5.1A234F4643F5658BAB07BFA611282267] - [26/11/2017 19:50:36] - (.Copyright (C) 2012 ASRock Incorporation - ASRock IO Driver.) - [21.76 Ko] - (1.0.0.0) - C:\Windows\Syswow64\Drivers\AsrDrv101.sys ---------- | Uninstall (Whitelist) ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> entVersion\Uninstall\FCC] : (FCC.-.FreeConferenceCall LLC) -> C:\Users\christian\AppData\Local\FCC\fcc_uninstaller.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> > [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{02AC4396-B365-A393-817A-B7C075D896EF}] : (AMD Problem Report Wizard.-.##COMPANY_NAME##) -> MsiExec.exe /X{02AC4396-B365-A393-817A-B7C075D896EF} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5CF3A19A-4F7E-4085-B7E1-150AF73745B4}] : (Étude pour l'amélioration du produit HP Officejet Pro 8610.-.Hewlett-Packard Co.) -> MsiExec.exe /I{5CF3A19A-4F7E-4085-B7E1-150AF73745B4} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7314174C-890C-436C-BD2D-61F284755FD0}] : (AMD Settings - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{7314174C-890C-436C-BD2D-61F284755FD0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{02AC4396-B365-A393-817A-B7C075D896EF}] : (AMD Problem Report Wizard.-.##COMPANY_NAME##) -> MsiExec.exe /X{02AC4396-B365-A393-817A-B7C075D896EF} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5CF3A19A-4F7E-4085-B7E1-150AF73745B4}] : (Étude pour l'amélioration du produit HP Officejet Pro 8610.-.Hewlett-Packard Co.) -> MsiExec.exe /I{5CF3A19A-4F7E-4085-B7E1-150AF73745B4} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7314174C-890C-436C-BD2D-61F284755FD0}] : (AMD Settings - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{7314174C-890C-436C-BD2D-61F284755FD0} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C197B5AF-9BAA-9FC8-B3D0-2FEB73451264}] : (AMD Settings.-.##COMPANY_NAME##) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F33B9E27-DBEF-43CE-A9F7-815EA09FC862}] : (Logiciel de base du périphérique HP Officejet Pro 8610.-.Hewlett-Packard Co.) -> MsiExec.exe /I{F33B9E27-DBEF-43CE-A9F7-815EA09FC862} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C197B5AF-9BAA-9FC8-B3D0-2FEB73451264}] : (AMD Settings.-.##COMPANY_NAME##) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Anti-Virus.-.Kaspersky Lab) -> MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883} REMOVE=ALL [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F33B9E27-DBEF-43CE-A9F7-815EA09FC862}] : (Logiciel de base du périphérique HP Officejet Pro 8610.-.Hewlett-Packard Co.) -> MsiExec.exe /I{F33B9E27-DBEF-43CE-A9F7-815EA09FC862} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{F33C0717-8E04-4EB5-90C8-47221287DB4F} REMOVE=ALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PhotoRecord] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}] : (Adobe AIR.-.Adobe Systems Inc.) -> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}] : (Canon PhotoRecord.-.Cisra) -> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26BDE7D8-93F0-4A07-AD47-1707DB417941}] : (Camera Support Core Library.-.Canon) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2F81FBFC-9A37-431F-9050-14B55485DF5A}] : (Internet Library.-.Canon Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B2848DA-FDE6-47C5-AB5F-9E434E5E93C9}] : (HP Officejet Pro 8610 Aide.-.Hewlett Packard) -> MsiExec.exe /I{3B2848DA-FDE6-47C5-AB5F-9E434E5E93C9} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}] : (RAW Image Task 1.1.-.Canon) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Anti-Virus.-.Kaspersky Lab) -> MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883} REMOVE=ALL ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Anti-Virus.-.Kaspersky Lab) -> MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{F33C0717-8E04-4EB5-90C8-47221287DB4F} REMOVE=ALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] : (HP Update.-.Hewlett-Packard) -> MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PhotoRecord] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9800E1D7-66E0-7A46-A47F-31B59B7A3F44}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}] : (Adobe AIR.-.Adobe Systems Inc.) -> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-A91000000001}] : (Adobe Reader 9.1 - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}] : (Camera Window.-.Canon) -> 8E100-C0BB-41E8-B4C6-C486B61FDA7B} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26BDE7D8-93F0-4A07-AD47-1707DB417941}] : (Camera Support Core Library.-.Canon) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2F81FBFC-9A37-431F-9050-14B55485DF5A}] : (Internet Library.-.Canon Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}] : (Canon Utilities ZoomBrowser EX.-.CISRA) -> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B2848DA-FDE6-47C5-AB5F-9E434E5E93C9}] : (HP Officejet Pro 8610 Aide.-.Hewlett Packard) -> MsiExec.exe /I{3B2848DA-FDE6-47C5-AB5F-9E434E5E93C9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}] : (I.R.I.S. OCR.-.HP) -> MsiExec.exe /I{CA6BCA2F-EDEB-408F-850B-31404BE16A61} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}] : (RemoteCapture Task 1.0.3.-.Canon) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}] : (RAW Image Task 1.1.-.Canon) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D17C5B85-FEA3-493D-97EE-E27C2E09908C}] : (Watchtower Library - Français.-.Watchtower Bible and Tract Society of Pennsylvania, Inc.) -> C:\Program Files (x86)\Watchtower\Watchtower Library\F\uninst.exe ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DE286975-ACF1-45B8-9EF7-34E162B2C817}] : (MovieEdit Task.-.Canon) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Anti-Virus.-.Kaspersky Lab) -> MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}] : (Asmedia USB Host Controller Driver.-.Asmedia Technology) -> MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] : (HP Update.-.Hewlett-Packard) -> MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}] : (PhotoStitch.-.Canon) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9800E1D7-66E0-7A46-A47F-31B59B7A3F44}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F33C0717-8E04-4EB5-90C8-47221287DB4F}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{F33C0717-8E04-4EB5-90C8-47221287DB4F} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ---------- | Ports [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}] : (I.R.I.S. OCR.-.HP) -> MsiExec.exe /I{CA6BCA2F-EDEB-408F-850B-31404BE16A61} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}] : (RemoteCapture Task 1.0.3.-.Canon) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D17C5B85-FEA3-493D-97EE-E27C2E09908C}] : (Watchtower Library - Français.-.Watchtower Bible and Tract Society of Pennsylvania, Inc.) -> C:\Program Files (x86)\Watchtower\Watchtower Library\F\uninst.exe ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DE286975-ACF1-45B8-9EF7-34E162B2C817}] : (MovieEdit Task.-.Canon) -> ---------- | Installer [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}] : (Asmedia USB Host Controller Driver.-.Asmedia Technology) -> MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}] : (PhotoStitch.-.Canon) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F33C0717-8E04-4EB5-90C8-47221287DB4F}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{F33C0717-8E04-4EB5-90C8-47221287DB4F} ---------- | Ports [HKCR\Installer\Products\001E8780BB0C8E144B6C4C686BF1ADB7] : Canon PhotoRecord [HKCR\Installer\Products\0BE7C4FEB17D3A3459250835EDB44010] : PhotoStitch [HKCR\Installer\Products\4F316817D2942724CA3C0DA4E80F8F38] : Kaspersky Anti-Virus -> C:\Windows\Installer\{718613F4-492D-4272-ACC3-D04A8EF0F883}\arp.ico [HKCR\Installer\Products\579682ED1FCA8B54E97F431E262B8C71] : MovieEdit Task [HKCR\Installer\Products\68A1C2FC89A526843AEA99293E6A24D7] : RemoteCapture Task 1.0.3 -> C:\Windows\Installer\{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B7449A0100000010] : Adobe Reader 9.1 - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-A91000000001}\SC_Reader.ico [HKCR\Installer\Products\6934CA20563B393A18A77B0C578D69FE] : AMD Problem Report Wizard -> C:\Windows\Installer\{02AC4396-B365-A393-817A-B7C075D896EF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7170C33F40E85BE4098C74222178BDF4] : Kaspersky Secure Connection -> C:\Windows\Installer\{F33C0717-8E04-4EB5-90C8-47221287DB4F}\arp.ico [HKCR\Installer\Products\72E9B33FFEBDEC349A7F18E50AF98C26] : Logiciel de base du périphérique HP Officejet Pro 8610 -> C:\Windows\Installer\{F33B9E27-DBEF-43CE-A9F7-815EA09FC862}\ARP_Icon [HKCR\Installer\Products\7D1E00890E6664A74AF7135BB9A7F344] : AMD Settings -> C:\Windows\Installer\{9800E1D7-66E0-7A46-A47F-31B59B7A3F44}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8663020007180A44EB446B23AFD487F0] : Adobe AIR [HKCR\Installer\Products\8D7EDB620F3970A4DA747170BD149714] : Camera Support Core Library -> C:\Windows\Installer\{26BDE7D8-93F0-4A07-AD47-1707DB417941}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93B0BF4E199C7EE459DDA1A187753DD3] : Asmedia USB Host Controller Driver -> C:\Windows\Installer\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A7D67D1CBB3FAE747A64B5E1F2CFD12F] : Canon Utilities ZoomBrowser EX [HKCR\Installer\Products\A91A3FC5E7F458047B1E51A07F73544B] : Étude pour l'amélioration du produit HP Officejet Pro 8610 -> C:\Windows\Installer\{5CF3A19A-4F7E-4085-B7E1-150AF73745B4}\ARP_Icon [HKCR\Installer\Products\AD8482B36EDF5C74BAF5E934E4E5399C] : HP Officejet Pro 8610 Aide -> C:\Windows\Installer\{3B2848DA-FDE6-47C5-AB5F-9E434E5E93C9}\ARP_Icon [HKCR\Installer\Products\C4714137C098C634DBD2162F4857F50D] : AMD Settings - Branding -> C:\Windows\Installer\{7314174C-890C-436C-BD2D-61F284755FD0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CFBF18F273A9F1340905415B4558FDA5] : Internet Library -> C:\Windows\Installer\{2F81FBFC-9A37-431F-9050-14B55485DF5A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D03EB43B957A2CE45BF891EFD2BE6F15] : Camera Window -> C:\Windows\Installer\{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}\ARPPRODUCTICON.exe [HKCR\Installer\Products\DB8E7E863322EB94186DA1F1FAB11569] : RAW Image Task 1.1 -> C:\Windows\Installer\{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F2ACB6ACBEDEF80458B01304B41EA616] : I.R.I.S. OCR -> C:\Windows\Installer\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}\ARP_Icon [HKCR\Installer\Products\FA5B791CAAB98CF93B0DF2BE37542146] : AMD Settings -> C:\Windows\Installer\{C197B5AF-9BAA-9FC8-B3D0-2FEB73451264}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FC03D219E93F13B4DAA921C3B697E42E] : HP Update -> C:\Windows\Installer\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Installer [HKCR\Installer\Products\001E8780BB0C8E144B6C4C686BF1ADB7] : Canon PhotoRecord [HKCR\Installer\Products\0BE7C4FEB17D3A3459250835EDB44010] : PhotoStitch [HKCR\Installer\Products\4F316817D2942724CA3C0DA4E80F8F38] : Kaspersky Anti-Virus -> C:\Windows\Installer\{718613F4-492D-4272-ACC3-D04A8EF0F883}\arp.ico [HKCR\Installer\Products\579682ED1FCA8B54E97F431E262B8C71] : MovieEdit Task [HKCR\Installer\Products\68A1C2FC89A526843AEA99293E6A24D7] : RemoteCapture Task 1.0.3 -> C:\Windows\Installer\{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B7449A0100000010] : Adobe Reader 9.1 - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-A91000000001}\SC_Reader.ico [HKCR\Installer\Products\6934CA20563B393A18A77B0C578D69FE] : AMD Problem Report Wizard -> C:\Windows\Installer\{02AC4396-B365-A393-817A-B7C075D896EF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7170C33F40E85BE4098C74222178BDF4] : Kaspersky Secure Connection -> C:\Windows\Installer\{F33C0717-8E04-4EB5-90C8-47221287DB4F}\arp.ico [HKCR\Installer\Products\72E9B33FFEBDEC349A7F18E50AF98C26] : Logiciel de base du périphérique HP Officejet Pro 8610 -> C:\Windows\Installer\{F33B9E27-DBEF-43CE-A9F7-815EA09FC862}\ARP_Icon [HKCR\Installer\Products\7D1E00890E6664A74AF7135BB9A7F344] : AMD Settings -> C:\Windows\Installer\{9800E1D7-66E0-7A46-A47F-31B59B7A3F44}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8663020007180A44EB446B23AFD487F0] : Adobe AIR [HKCR\Installer\Products\8D7EDB620F3970A4DA747170BD149714] : Camera Support Core Library -> C:\Windows\Installer\{26BDE7D8-93F0-4A07-AD47-1707DB417941}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93B0BF4E199C7EE459DDA1A187753DD3] : Asmedia USB Host Controller Driver -> C:\Windows\Installer\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A7D67D1CBB3FAE747A64B5E1F2CFD12F] : Canon Utilities ZoomBrowser EX [HKCR\Installer\Products\A91A3FC5E7F458047B1E51A07F73544B] : Étude pour l'amélioration du produit HP Officejet Pro 8610 -> C:\Windows\Installer\{5CF3A19A-4F7E-4085-B7E1-150AF73745B4}\ARP_Icon [HKCR\Installer\Products\AD8482B36EDF5C74BAF5E934E4E5399C] : HP Officejet Pro 8610 Aide -> C:\Windows\Installer\{3B2848DA-FDE6-47C5-AB5F-9E434E5E93C9}\ARP_Icon [HKCR\Installer\Products\C4714137C098C634DBD2162F4857F50D] : AMD Settings - Branding -> C:\Windows\Installer\{7314174C-890C-436C-BD2D-61F284755FD0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CFBF18F273A9F1340905415B4558FDA5] : Internet Library -> C:\Windows\Installer\{2F81FBFC-9A37-431F-9050-14B55485DF5A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D03EB43B957A2CE45BF891EFD2BE6F15] : Camera Window -> C:\Windows\Installer\{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}\ARPPRODUCTICON.exe [HKCR\Installer\Products\DB8E7E863322EB94186DA1F1FAB11569] : RAW Image Task 1.1 -> C:\Windows\Installer\{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F2ACB6ACBEDEF80458B01304B41EA616] : I.R.I.S. OCR -> C:\Windows\Installer\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}\ARP_Icon [HKCR\Installer\Products\FA5B791CAAB98CF93B0DF2BE37542146] : AMD Settings -> C:\Windows\Installer\{C197B5AF-9BAA-9FC8-B3D0-2FEB73451264}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FC03D219E93F13B4DAA921C3B697E42E] : HP Update -> C:\Windows\Installer\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Drives ---------- | Drives ---------- | MBR ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog ---------- | 20 LastEventLog ------------ ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ATI EEU Service event error ------------ ATI EEU Service event error ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ------------ La sauvegarde a échoué en raison d’une erreur d’écriture dans l’emplacement de sauvegarde, H:\. Erreur : Emplacement de sauvegarde introuvable ou incorrect. Vérifiez vos paramètres de sauvegarde, ainsi que l’emplacement de sauvegarde. (0x81000006). ------------ ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Product: Google Update Helper -- Error 1310. Error writing to file: C:\Windows\Installer\3ad6b6.msi. System error 5. Verify that you have access to that directory. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ----------( EOF)---------- - 5652 | 11:21:43 ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ La sauvegarde a échoué en raison d’une erreur d’écriture dans l’emplacement de sauvegarde, H:\. Erreur : Emplacement de sauvegarde introuvable ou incorrect. Vérifiez vos paramètres de sauvegarde, ainsi que l’emplacement de sauvegarde. (0x81000006). ------------ ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. ------------ Product: Google Update Helper -- Error 1310. Error writing to file: C:\Windows\Installer\3ad6b6.msi. System error 5. Verify that you have access to that directory. ------------ ----------( EOF )---------- - 5681 | 11:21:44