--------------- QuickDiag | g3n-h@ckm@n | 2_02.11.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 10/11/2016 21:24:07 Updated 02/11/2016 | 17.15 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [AL (Administrator)] - [PORTABLE01] (S-1-5-21-203371649-605838284-753410140-1636) System: Microsoft Windows 7 Professionnel - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Professionnel |C:\windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: HP ProBook 6450b - Hewlett-Packard - IdNumber: CNU0324B3Q - UUID: B1EE5695-12FD-11E0-BA96-64C05F062094 Processor : X64 - 2394 Mhz - Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Default System BIOS - enUS - Hewlett-Packard - S/N: CNU0324B3Q - 68CDE Ver. F.23 - HPQOEM - f CoreTemp : 59 Celsius ----------| Quick ---------- | SoundDevice IDT High Definition Audio CODEC - Status: OK - Manufacturer: IDT - PNPDeviceID: HDAUDIO\FUNC_01&VEN_111D&DEV_7603&SUBSYS_103C146D&REV_1002\4&2B272B59&0&0001 Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2804&SUBSYS_80860101&REV_1000\4&2B272B59&0&0301 ---------- | Video Intel(R) HD Graphics - Resolution: 1440x900 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll,igd10umd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_0046&SUBSYS_146D103C&REV_02\3&21436425&0&10 - AdapterCompatibility: Intel Corporation - RAM: 763064320 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics - DriverVersion: 8.15.10.3268 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK ---------- | CPU CPU #1 value:19 % CPU #2 value:0 % CPU #3 value:25 % CPU #4 value:0 % Total Overall CPU Usage value:11 % ---------- | Network Intel[R] 82577LC Gigabit Network Connection : SENT:0 bytes/sec / RECVD:0 bytes/sec Carte Wi-Fi 802.11b_g_n [projet] 1x1 4313GN Broadcom : SENT:0 bytes/sec / RECVD:0 bytes/sec Microsoft Virtual WiFi Miniport Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec 6TO4 Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec Connexion au réseau local* 11 : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:11 bytes/sec, / RECEIVE Maximum:0 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Intel(R) 82577LC Gigabit Network Connection - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_10EB&SUBSYS_1471103C&REV_05\3&21436425&0&C8 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002 RAS Async Adapter - - - Status: - PnPID : Microsoft 6to4 Adapter - Tunnel - Microsoft - Status: - PnPID : ROOT\*6TO4MP\0000 Bluetooth Device (Personal Area Network) - - - Status: - PnPID : Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001 Carte Wi-Fi 802.11b/g/n (projet) 1x1 4313GN Broadcom - Ethernet 802.3 - Broadcom - Status: - PnPID : PCI\VEN_14E4&DEV_4727&SUBSYS_145C103C&REV_01\000082FFFFB3002600 Microsoft Virtual WiFi Miniport Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1ACEE322&0&01 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000 Apple Mobile Device Ethernet - - - Status: - PnPID : Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0004 Apple Mobile Device Ethernet - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 1949 | Free (MB) : 478 Pagefile = Total (MB) : 3898 | Free (MB) : 1446 Virtual = Total (MB) : 2097 | Free (MB) : 1959 Physical Memory 0 : Capacity: 2147483648 - Top - Posit.: 1 - Manufacturer: Samsung - PartNumber: M471B5673FH0-CH9 - S/N: 96DD03B9 ---------- | SID Users a2com : [S-1-5-21-2758263773-2913995385-2982971710-1002] Administrateur : [S-1-5-21-2758263773-2913995385-2982971710-500] Invité : [S-1-5-21-2758263773-2913995385-2982971710-501] Administrateurs : [S-1-5-32-544] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] Device Administrators : [S-1-5-21-2758263773-2913995385-2982971710-1001] ---------- | Drives F:\ -> [Fixed] | [HP_TOOLS] | Total : 1.99 Go | Free : 1.91 Go -> FAT32 [ATA] C:\ -> [Fixed] | [] | Total : 280.79 Go | Free : 163.35 Go -> NTFS [ATA] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:, F:] : Read:1,480,906 bytes/sec, Written:16,386 bytes/sec Max Read:1,480,906 bytes/sec, Max Write:16,386 bytes/sec Overall - Read Maximum:1,480,906 bytes/sec, Write Maximum:16,386 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : IDE\DISKHITACHI_HTS725032A9A364_________________PC3OC72E\4&7660F52&0&0.0.0 ---------- | Windows updates Last detection : 2016-11-10 20:09:06 Downloaded last ones : 2016-11-09 21:14:29 Installed last ones : 2016-11-09 22:48:33 Next search : 2016-11-11 14:54:24 Windows Is Activated ---------- | Browsers IE : 11.0.9600.18523 (© Microsoft Corporation. Tous droits réservés.) GC : 54.0.2840.71 (Copyright 2016 Google Inc.) Default : "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" ---------- | FlashPlayer FlashPlayer ActiveX : 23.0.0.207 ---------- | Security AM : Malwarebytes' Anti-Malware ( 2.3.173.0) [Update : 14/01/2015 15:27:53] FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 456 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23569) = C:\Windows\System32\smss.exe [09/11/2016 22:14:05] CPU Usage:0 % 556 | [Owner : | Parent : 508() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 00:36:49] CPU Usage:0 % 624 | [Owner : | Parent : 548() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [16/10/2014 15:41:41] CPU Usage:0 % 644 | [Owner : | Parent : 556(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [23/07/2015 12:49:11] CPU Usage:0 % 668 | [Owner : | Parent : 556(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23571) = C:\Windows\System32\lsass.exe [09/11/2016 22:14:04] CPU Usage:0 % 688 | [Owner : | Parent : 556(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [06/03/2014 17:55:28] CPU Usage:0 % 784 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 868 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard - HPFSService Application.) - (5.0.1.3) = C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [19/01/2010 19:17:10] CPU Usage:0 % 920 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 988 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1064 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1092 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1148 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1176 | [Owner : | Parent : 644(services.exe) | ?????] - (.IDT, Inc. - IDT PC Audio.) - (1.0.6300.0) = C:\Program Files\IDT\WDM\stacsv.exe [01/04/2013 17:03:38] CPU Usage:0 % 1464 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard Company - HpService.) - (4.2.2.1) = C:\Windows\System32\hpservice.exe [13/05/2011 13:57:36] CPU Usage:0 % 1528 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1604 | [Owner : | Parent : 644(services.exe) | ?????] - (.Broadcom Corporation - Broadcom 802.11 Wireless Network Service.) - (5.100.82.148) = C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE [12/11/2013 08:52:03] CPU Usage:0 % 1628 | [Owner : | Parent : 1604(WLTRYSVC.EXE) | ?????] - (.Broadcom Corporation - Broadcom 802.11 Wireless Network Controller.) - (5.100.82.148) = C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE [12/11/2013 08:52:04] CPU Usage:0 % 1636 | [Owner : | Parent : 1064(svchost.exe) | ?????] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (6.1.7600.16385) = C:\Windows\System32\wlanext.exe [14/07/2009 00:51:56] CPU Usage:0 % 1644 | [Owner : | Parent : 516(csrss.exe) | ?????] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23392) = C:\Windows\System32\conhost.exe [15/04/2016 19:24:24] CPU Usage:0 % 1652 | [Owner : | Parent : 644(services.exe) | ?????] - (.AVAST Software - avast! Service.) - (12.3.3154.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [01/11/2016 14:19:21] CPU Usage:0 % 1864 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe [17/08/2012 11:55:53] CPU Usage:0 % 1908 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 1936 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 500 | [Owner : | Parent : 644(services.exe) | ?????] - (.Apple Inc. - MobileDeviceService.) - (17.374.70.8) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [05/08/2016 16:29:14] CPU Usage:0 % 900 | [Owner : | Parent : 644(services.exe) | ?????] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.2.1.1100) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [29/12/2009 21:31:32] CPU Usage:0 % 1548 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 736 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard Development Company, L.P - PTChangeFilterService.) - (5.0.21.3) = C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [19/10/2010 11:26:46] CPU Usage:0 % 2096 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard Company - HP DayStarter service.) - (3.2.2.2) = C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [25/03/2010 15:02:02] CPU Usage:0 % 2220 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) - (4.6.8.1) = C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [10/08/2012 15:48:50] CPU Usage:0 % 2244 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard Company - hpHotkeyMonitor Service.) - (3.5.15.1) = C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [01/03/2010 18:27:22] CPU Usage:0 % 2276 | [Owner : | Parent : 644(services.exe) | ?????] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (18.8.124.0) = C:\Windows\System32\IPROSetMonitor.exe [01/11/2013 01:50:18] CPU Usage:0 % 2320 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard Company - LightScribe Service.) - (1.18.12.1) = C:\Program Files\Common Files\LightScribe\LSSrvc.exe [22/02/2010 19:45:44] CPU Usage:0 % 2344 | [Owner : | Parent : 644(services.exe) | ?????] - (.Intel Corporation - Local Manageability Service.) - (6.0.40.1213) = C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [14/08/2010 16:36:33] CPU Usage:0 % 2556 | [Owner : | Parent : 644(services.exe) | ?????] - (.Intel Corporation - RAID Monitor.) - (8.9.6.1002) = C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [14/05/2010 23:04:23] CPU Usage:0 % 2972 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) - (4.6.8.1) = C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [10/08/2012 15:46:12] CPU Usage:0 % 3200 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 00:19:28] CPU Usage:0 % 472 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard Company - HPPA_Service.) - (2.5.0.16) = C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [14/03/2012 13:23:06] CPU Usage:0 % 3296 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.0.39.14) = C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [27/09/2012 11:55:16] CPU Usage:0 % 3792 | [Owner : | Parent : 644(services.exe) | ?????] - (.Hewlett-Packard - HPPA_Service.) - (1.0.6.0) = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [05/04/2010 19:12:00] CPU Usage:0 % 2860 | [Owner : | Parent : 644(services.exe) | ?????] - (.Intel Corporation - User Notification Service.) - (6.0.40.1213) = C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [14/08/2010 16:36:34] CPU Usage:0 % 3036 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [29/06/2011 13:13:49] CPU Usage:0 % 2648 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.14913.1002) = C:\Windows\System32\CompatTelRunner.exe [13/10/2016 19:07:17] CPU Usage:0 % 1196 | [Owner : | Parent : 516(csrss.exe) | ?????] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23392) = C:\Windows\System32\conhost.exe [15/04/2016 19:24:24] CPU Usage:0 % 1032 | [Owner : | Parent : 2648(CompatTelRunner.exe) | ?????] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.14913.1002) = C:\Windows\System32\CompatTelRunner.exe [13/10/2016 19:07:17] CPU Usage:25 % 2160 | [Owner : | Parent : 644(services.exe) | 6.15 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [08/03/2014 13:04:58] CPU Usage:0 % 2496 | [Owner : | Parent : 624(winlogon.exe) | 1.05 Mo] - (.DigitalPersona, Inc. - DigitalPersona Local Agent.) - (5.1.0.585) = C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe [16/07/2010 13:54:06] CPU Usage:0 % 2720 | [Owner : | Parent : 1064(svchost.exe) | 37.06 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 00:24:23] CPU Usage:2 % 1764 | [Owner : | Parent : 3936() | 18.17 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe [13/10/2016 19:05:55] CPU Usage:0 % 1400 | [Owner : | Parent : 1764(explorer.exe) | 11.86 Mo] - (.Broadcom Corporation - Broadcom 802.11 Wireless Network Tray Applet.) - (5.100.82.148) = C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE [12/11/2013 08:52:05] CPU Usage:0 % 2624 | [Owner : | Parent : 1764(explorer.exe) | 1.86 Mo] - (.Intel Corporation - igfxTray Module.) - (8.15.10.3268) = C:\Windows\System32\igfxtray.exe [19/02/2014 15:58:54] CPU Usage:0 % 3548 | [Owner : | Parent : 1764(explorer.exe) | 1.88 Mo] - (.Intel Corporation - hkcmd Module.) - (8.15.10.3268) = C:\Windows\System32\hkcmd.exe [19/02/2014 15:57:57] CPU Usage:0 % 3876 | [Owner : | Parent : 988(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe [13/10/2016 19:06:51] CPU Usage:0 % 492 | [Owner : | Parent : 1764(explorer.exe) | 2.52 Mo] - (.Intel Corporation - persistence Module.) - (8.15.10.3268) = C:\Windows\System32\igfxpers.exe [19/02/2014 15:58:19] CPU Usage:0 % 2124 | [Owner : | Parent : 1764(explorer.exe) | 18.99 Mo] - (.AVAST Software - avast! Antivirus.) - (12.3.3154.22) = C:\Program Files\AVAST Software\Avast\avastui.exe [08/11/2016 13:10:38] CPU Usage:0 % 3932 | [Owner : | Parent : 1764(explorer.exe) | 8.89 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.111.14) = C:\Program Files\Common Files\Java\Java Update\jusched.exe [22/09/2016 20:00:28] CPU Usage:0 % 1256 | [Owner : | Parent : 1764(explorer.exe) | 6.15 Mo] - (.Piriform Ltd - CCleaner.) - (5.23.0.5808) = C:\Program Files\CCleaner\CCleaner.exe [28/09/2016 18:23:58] CPU Usage:0 % 2436 | [Owner : | Parent : 1764(explorer.exe) | 2.91 Mo] - (.Broadcom Corporation. - Bluetooth Tray Application.) - (6.2.1.1100) = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [29/12/2009 21:31:32] CPU Usage:0 % 4256 | [Owner : | Parent : 1764(explorer.exe) | 94.78 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files\Google\Chrome\Application\chrome.exe [24/09/2016 13:39:30] CPU Usage:0 % 4292 | [Owner : | Parent : 4256(chrome.exe) | 1.94 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files\Google\Chrome\Application\chrome.exe [24/09/2016 13:39:30] CPU Usage:0 % 4604 | [Owner : AL | Parent : 4256(chrome.exe) | 54.09 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files\Google\Chrome\Application\chrome.exe [24/09/2016 13:39:30] CPU Usage:10 % 5428 | [Owner : AL | Parent : 4256(chrome.exe) | 66 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files\Google\Chrome\Application\chrome.exe [24/09/2016 13:39:30] CPU Usage:2 % 5436 | [Owner : AL | Parent : 4256(chrome.exe) | 26.67 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files\Google\Chrome\Application\chrome.exe [24/09/2016 13:39:30] CPU Usage:2 % 5508 | [Owner : AL | Parent : 4256(chrome.exe) | 156.97 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files\Google\Chrome\Application\chrome.exe [24/09/2016 13:39:30] CPU Usage:10 % 5624 | [Owner : | Parent : 4388() | 36.96 Mo] - (.- League Client.) - (6.22.0.250) = C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.32\deploy\LeagueClient.exe [10/11/2016 21:15:39] CPU Usage:0 % 2712 | [Owner : | Parent : 5624(LeagueClient.exe) | 26.85 Mo] - (.- League Client.) - (6.22.0.250) = C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.32\deploy\LeagueClientUx.exe [10/11/2016 21:15:39] CPU Usage:0 % 5544 | [Owner : AL | Parent : 2712(LeagueClientUx.exe) | 51.6 Mo] - (.- League Client.) - (6.22.0.250) = C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.32\deploy\LeagueClientUx.exe [10/11/2016 21:15:39] CPU Usage:0 % 5272 | [Owner : AL | Parent : 2712(LeagueClientUx.exe) | 273.85 Mo] - (.- League Client.) - (6.22.0.250) = C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.32\deploy\LeagueClientUx.exe [10/11/2016 21:15:39] CPU Usage:0 % 5168 | [Owner : | Parent : 1148(svchost.exe) | 2.67 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [06/03/2014 17:55:16] CPU Usage:0 % 5396 | [Owner : | Parent : 4256(chrome.exe) | 21.72 Mo] - (.SosVirus - QuickDiag.) - (2.11.2016.1) = C:\Users\al\Downloads\QuickDiag.exe [10/11/2016 21:23:39] CPU Usage:0 % 4948 | [Owner : | Parent : 644(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [06/03/2014 17:54:45] CPU Usage:0 % ---------- | MD5 [MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [13/10/2016 19:05:55] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2903 Ko] - (6.1.7601.23537) : C:\windows\Explorer.exe [MD5.AD7B9C14083B52BC532FBA5948342B98] - [06/03/2014 17:55:22] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [295.5 Ko] - (6.1.7601.17514) : C:\windows\System32\cmd.exe [MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 00:11:09] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [6 Ko] - (6.1.7600.16385) : C:\windows\System32\csrss.exe [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [14/07/2009 00:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\windows\System32\dllhost.exe [MD5.4D1BC518FF64EB70F6B9218A6FBFDEF6] - [15/04/2016 19:24:24] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [852 Ko] - (6.1.7601.23392) : C:\windows\System32\Kernel32.dll [MD5.55A1F001FE2A16C15B494EA6F63C3C45] - [09/11/2016 22:14:04] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.23571) : C:\windows\System32\lsass.exe [MD5.1F54F58D7FA2B3442084E32CDE5E309E] - [14/04/2016 19:24:28] - (.© Microsoft Corporation. - Distributed COM Services.) - [367.5 Ko] - (6.1.7601.19143) : C:\windows\System32\rpcss.dll [MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 00:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\windows\System32\rundll32.exe [MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [23/07/2015 12:49:11] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [253 Ko] - (6.1.7601.18829) : C:\windows\System32\services.exe [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [20.5 Ko] - (6.1.7600.16385) : C:\windows\System32\svchost.exe [MD5.CC157E3445C86456494ED940E1250247] - [24/09/2016 17:39:03] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [792.5 Ko] - (6.1.7601.23528) : C:\windows\System32\user32.dll [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [06/03/2014 17:54:41] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) : C:\windows\System32\userinit.exe [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 00:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) : C:\windows\System32\Wininit.exe [MD5.52449FD429D6053B78AE564DEF303870] - [16/10/2014 15:41:41] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [297 Ko] - (6.1.7601.18540) : C:\windows\System32\Winlogon.exe [MD5.93B49FA857F7036A4EFF32371F6E7391] - [11/11/2015 13:12:10] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.19031) : C:\windows\System32\Drivers\afd.sys [MD5.338C86357871C167A96AB976519BF59E] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\atapi.sys [MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [08/03/2014 06:54:59] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\windows\System32\Drivers\ataport.sys [MD5.77EA11B065E0A8AB902D78145CA51E10] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\cdfs.sys [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [06/03/2014 17:53:39] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\cdrom.sys [MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - [13/10/2016 19:06:51] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [79.5 Ko] - (6.1.7601.23542) : C:\windows\System32\Drivers\dfsc.sys [MD5.9036377B8A6C15DC2EEC53E489D159B5] - [06/03/2014 17:53:27] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\hdaudbus.sys [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [14/07/2009 00:11:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [79 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\i8042prt.sys [MD5.D9D3F168A2FD4C2380D98821A3FF3357] - [08/01/2010 22:34:12] - (.Copyright(C) Intel Corporation 1994-2010 - Intel Matrix Storage Manager driver - ia32.) - [323.52 Ko] - (8.9.6.1002) : C:\windows\System32\Drivers\iastor.sys [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [14/07/2009 00:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\ipnat.sys [MD5.E15146EA99447CDBD2C952CF9B792BEA] - [09/11/2016 22:14:06] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.23571) : C:\windows\System32\Drivers\mrxsmb.sys [MD5.9804FB2E46077F2977552347DFCA7E05] - [11/11/2015 13:11:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [695.94 Ko] - (6.1.7601.19030) : C:\windows\System32\Drivers\ndis.sys [MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [14/06/2016 19:43:51] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\windows\System32\Drivers\netbt.sys [MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - [09/03/2016 17:02:02] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1183.94 Ko] - (6.1.7601.19116) : C:\windows\System32\Drivers\ntfs.sys [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [14/07/2009 00:45:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [77.5 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\parport.sys [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [14/07/2009 00:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\rasl2tp.sys [MD5.B973FCFC50DC1434E1970A146F7E3885] - [06/03/2014 17:55:00] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [130.5 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\rdpdr.sys [MD5.3E21C083B8A01CB70BA1F09303010FCE] - [14/07/2009 00:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\windows\System32\Drivers\smb.sys [MD5.C7E41209132B9CF084CCEA8593F61328] - [24/09/2016 17:15:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1279.23 Ko] - (6.1.7601.23496) : C:\windows\System32\Drivers\tcpip.sys [MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - [11/11/2015 13:12:10] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.19031) : C:\windows\System32\Drivers\tdx.sys [MD5.F497F67932C6FA693D7DE2780631CFE7] - [06/03/2014 17:55:20] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [239.88 Ko] - (6.1.7601.17514) : C:\windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.AVAST Software.-.avast! Shell Extension.) - (12.3.3154.0) -- C:\Program Files\AVAST Software\Avast\ashShell.dll (.AVAST Software.-.avast! AAVM Remote Procedure Call Library.) - (12.3.3154.0) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll (.Broadcom Corporation..-.BTNCopy Module.) - (6.2.1.1100) -- C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll (.Broadcom Corporation..-.Multimedia Keys Hook DLL.) - (6.2.1.1100) -- C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.IDT, Inc..-.IDT PC Audio.) - (1.0.6300.0) -- C:\windows\system32\stapo.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up desktop - (desktop.ini [Startup]) - User: AUTORITE NT\Système LightScribe Control Panel - (C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [HKU\S-1-5-18\...\Run]) - User: AUTORITE NT\Système Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-203371649-605838284-753410140-1636\...\Run]) - User: MAP\AL desktop - (desktop.ini [Startup]) - User: .DEFAULT LightScribe Control Panel - (C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [HKU\.DEFAULT\...\Run]) - User: .DEFAULT Bluetooth - (C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [Common Startup]) - User: Public - ( [HKLM\...\Run]) - User: Public Broadcom Wireless Manager UI - (C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [HKLM\...\Run]) - User: Public IgfxTray - (C:\windows\system32\igfxtray.exe [HKLM\...\Run]) - User: Public HotKeysCmds - (C:\windows\system32\hkcmd.exe [HKLM\...\Run]) - User: Public Persistence - (C:\windows\system32\igfxpers.exe [HKLM\...\Run]) - User: Public AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [HKLM\...\Run]) - User: Public SunJavaUpdateSched - ("C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKLM\...\Run]) - User: Public [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] ""= "Broadcom Wireless Manager UI"=C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [12/11/2013 08:52:05] "IgfxTray"=C:\windows\system32\igfxtray.exe [19/02/2014 15:58:54] "HotKeysCmds"=C:\windows\system32\hkcmd.exe [19/02/2014 15:57:57] "Persistence"=C:\windows\system32\igfxpers.exe [19/02/2014 15:58:19] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] : "C:\Users\al\AppData\Local\Google\Update\GoogleUpdate.exe" /c [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPAdvisorDock] : C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [10/02/2010 03:01:06] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel] : C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2] : C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] : "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TgbVpn] : C:\Program Files\TheGreenBow\TheGreenBow VPN\vpnconf.exe [01/07/2010 09:56:02] ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=ce070c76-37e1-48e4-9cc5-ed0c6b2 "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * sdnclean.exe "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN NUMPROC=4 "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=DPPassFilter scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=668 "SecureBoot"=1 "ProductType"=6 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK C:\Users\al\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk (/recycle) C:\Users\al\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\al\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk (/sendto:) C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk (/name Microsoft.EaseOfAccessCenter) C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( -extoff) C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center\Désinstaller.lnk (/uninstall) C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc\Discord.lnk (--processStart Discord.exe) C:\Users\al\Desktop\Discord.lnk (--processStart Discord.exe) C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk (/recycle) C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk (/prefetch:1) C:\Users\MAP_sauv\AppData\Roaming\Microsoft\PowerPoint\Catalogue%20Grossistes%202012%20-%20Contenant%20so302185813722629664\Catalogue%20Grossistes%202012%20-%20Contenant%20sous%20licence.ppt.lnk (0) C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk (/name Microsoft.EaseOfAccessCenter) C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( -extoff) C:\Users\nfauduet\AppData\Roaming\Microsoft\Excel\crf_nac2014303281981951854369\crf_nac2014.xls.lnk (55) C:\Users\nfauduet\AppData\Roaming\Microsoft\Excel\MAP_2013_belafemouk303281981942026352\MAP_2013_belafemouk.xls.lnk (55) C:\Users\nfauduet\AppData\Roaming\Microsoft\Excel\planning_ce_2013303266312477207226\planning_ce_2013.xls.lnk (55) C:\Users\nfauduet\AppData\Roaming\Microsoft\Excel\planning_gd_import_2013303266312472215217\planning_gd_import_2013.xls.lnk (55) C:\Users\nfauduet\AppData\Roaming\Microsoft\Excel\TARIF%202013-14%20HEIDEL302888111130400464\TARIF%202013-14%20HEIDEL.xlsx.lnk (50) C:\Users\nfauduet\AppData\Roaming\Microsoft\Excel\TARIFS%202013%20-%202014%20HEIDEL302888070074058073\TARIFS%202013%20-%202014%20HEIDEL.xlsx.lnk (50) C:\Users\nfauduet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk (/recycle) C:\Users\nfauduet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk (view=DOCKVIEW,SYSTRAY) C:\Users\nfauduet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk (/prefetch:1) C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk (/name Microsoft.EaseOfAccessCenter) C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( -extoff) C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Périphériques Bluetooth\.lnk ( /deviceAddr=00bd3abdf3b0) C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Périphériques Bluetooth\SAMSUNG OMNIA7.lnk ( /deviceAddr=bc4760977430) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Excel\PDV%20permanent%202011BEAUX%20JOURS_06_06_11%20SAN302037150578396553\PDV%20permanent%202011BEAUX%20JOURS_06_06_11%20SANS%2025%20%25.xls.lnk (55) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Excel\TARIF%202011EUROFOODBIP_2012_01_25302039261091961698\TARIF%202011EUROFOODBIP_2012_01_25.xls.lnk (55) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Excel\tarif%20W%202011302039312028766592\tarif%20W%202011.xls.lnk (55) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk (/recycle) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\PowerPoint\VISUELS%20PRODUITS302037140428408040\VISUELS%20PRODUITS.ppt.lnk (0) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk (/name Microsoft.EaseOfAccessCenter) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( -extoff) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Périphériques Bluetooth\Nokia 2700 classic.lnk ( /deviceAddr=00bd3abdf3b0) C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Périphériques Bluetooth\SAMSUNG OMNIA7.lnk ( /deviceAddr=bc4760977430) C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk (view=DOCKVIEW,SYSTRAY) C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk (/prefetch:1) C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk (/name Microsoft.EaseOfAccessCenter) C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( -extoff) C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk (/name Microsoft.DefaultPrograms) C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk (startmenu) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk (/showgadgets) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk (/open) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk (-NoExit -ImportSystemModules) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!\CleanUp! (demo mode).lnk (/demo) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HP Setup.lnk (DESKTOP) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HPAdvisor.lnk (view=DOCKVIEW,SYSTRAY) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCAlerts.lnk (view=STANDARD,SYSTRAY pillar=PC_ACTION_CENTER TOUCHPOINT=STARTMENU) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDashboard.lnk (view=STANDARD,SYSTRAY pillar=PC_HEALTH_SECURITY TOUCHPOINT=STARTMENU) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDiscovery.lnk (view=STANDARD,SYSTRAY pillar=ECENTER TOUCHPOINT=STARTMENU) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDock.lnk (view=DOCKVIEW,SYSTRAY) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\A propos de Java.lnk (-tab about) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Rechercher les mises à jour.lnk (-tab update) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk (1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk (/name Microsoft.BackupAndRestore) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk (MODE=GETONLINE) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk () uetooth Software"\2BTTray.exeB�*BTTray.exe ---------- | AppCertDlls | AppInit_DLLs ---------- | Dnsapi.dll C:\windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=0 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=1851 ""= [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe,C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=0 "scremoveoption"=0 "ShutdownFlags"=115 "AutoAdminLogon"=0 "DefaultUserName"=a2com ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\Google Chrome.34EOAJ56EFILUCA3KAITNTH4WE\Shell\open\Command] ""="C:\Users\al\AppData\Local\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome.34EOAJ56EFILUCA3KAITNTH4WE\InstallInfo] "ReinstallCommand"="C:\Users\al\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [09/11/2016 22:14:11] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920209537502489 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0x3DB27AD05D4FCB01 "DisableAntiSpyware"=0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 "DefaultInboundAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 "DefaultInboundAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 "DefaultInboundAction"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts 192.168.98.61 srv-map ---------- | @ [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "DEPOff"=0 "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Tabs"=res://ieframe.dll/tabswelcome.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP] : DeviceNP.dll [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | SSODL | SEH | URLSH | STS ---------- | Toolbar [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={6A1806CD-94D4-4689-BA73-E35EA1EA9990} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}] : (@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650) - [] ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39A3F48A-58BC-4B29-9211-CE8F49EFBED6}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}] -> (File Sanitizer for HP ProtectTools) : C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [19/01/2010 19:17:50] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}] -> (HP ProtectTools Security Manager Extension) : C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [06/02/2012 14:04:28] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [01/11/2016 19:22:45] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [01/11/2016 14:20:28] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Programme d'aide de l'Assistant de connexion Windows Live) : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [22/01/2009 14:41:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 07:37:48] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [01/11/2016 19:22:44] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] -> (Windows Live Toolbar Helper) : C:\Program Files\Windows Live\Toolbar\wltcore.dll [06/02/2009 17:17:46] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] -> (HP Network Check Helper) : C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [09/07/2012 17:46:12] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}] -> (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [22/09/2015 18:14:22] ---------- | Chrome C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\al\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKLM\Software\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck] [HKLM\Software\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "otis@digitalpersona.com"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [HKLM\Software\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll ---------- | Active Connections TCP 127.0.0.1:49323 Portable01.idf.map.msft:49346 ESTABLISHED 5624 TCP 127.0.0.1:49323 Portable01.idf.map.msft:49408 ESTABLISHED 5624 TCP 127.0.0.1:49323 Portable01.idf.map.msft:49411 ESTABLISHED 5624 TCP 127.0.0.1:49346 Portable01.idf.map.msft:49323 ESTABLISHED 2712 TCP 127.0.0.1:49408 Portable01.idf.map.msft:49323 ESTABLISHED 2712 TCP 127.0.0.1:49411 Portable01.idf.map.msft:49323 ESTABLISHED 2712 TCP 192.168.1.20:49164 lon16.ff.avast.com:http ESTABLISHED 1652 TCP 192.168.1.20:49554 185.40.64.65:2099 ESTABLISHED 5624 TCP 192.168.1.20:49556 ec2-54-149-184-39.us-west-2.compute.amazonaws.com:https ESTABLISHED 5624 TCP 192.168.1.20:49557 185.40.64.69:5223 ESTABLISHED 5624 TCP 192.168.1.20:50440 151.101.121.62:http TIME_WAIT 0 TCP [2a01:cb08:8952:a700:4123:be35:3c7e:124d]:49245 wa-in-xbc.1e100.net:5228 ESTABLISHED 4256 TCP [2a01:cb08:8952:a700:4123:be35:3c7e:124d]:50188 edge-star6-shv-01-cdg2.facebook.com:https ESTABLISHED 4256 TCP [2a01:cb08:8952:a700:4123:be35:3c7e:124d]:50420 par10s22-in-x0e.1e100.net:https TIME_WAIT 0 TCP [2a01:cb08:8952:a700:4123:be35:3c7e:124d]:50466 par21s03-in-x0e.1e100.net:https ESTABLISHED 5036 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "Domain"=idf.map.msft [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{5AB899A4-6D45-4053-85A9-300327F9803F}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{9A16D272-E14E-4989-8DEB-DF73BD269EF6}] "DhcpNameServer"=172.20.2.39 172.20.2.10 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{D1462CE8-1694-479E-BCE4-9909B51DBDFD}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{5AB899A4-6D45-4053-85A9-300327F9803F}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{9A16D272-E14E-4989-8DEB-DF73BD269EF6}] "DhcpNameServer"=172.20.2.39 172.20.2.10 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{D1462CE8-1694-479E-BCE4-9909B51DBDFD}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5AB899A4-6D45-4053-85A9-300327F9803F}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9A16D272-E14E-4989-8DEB-DF73BD269EF6}] "DhcpNameServer"=172.20.2.39 172.20.2.10 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D1462CE8-1694-479E-BCE4-9909B51DBDFD}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~1\MICROS~1\Office14\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\simpress.exe] : "C:\Program Files\OpenOffice.org 3\program\\simpress.exe" -o "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | Svchost - Netsvcs (Whitelisted) Term - : ---------- | Software [HKLM\Software\7-Zip] [HKLM\Software\ActivCard] [HKLM\Software\ActivIdentity] [HKLM\Software\Adblock Plus for IE] [HKLM\Software\Adobe] [HKLM\Software\AdobeFlashPlayerUpdate] [HKLM\Software\Agere] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI Technologies] [HKLM\Software\AVAST Software] [HKLM\Software\BcmSetup] [HKLM\Software\Broadcom] [HKLM\Software\BrowserChoice] [HKLM\Software\Caphyon] [HKLM\Software\Clients] [HKLM\Software\Di2LCID] [HKLM\Software\Digital River] [HKLM\Software\DigitalPersona] [HKLM\Software\FRANCE TELECOM] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\GEAR Software] [HKLM\Software\Google] [HKLM\Software\GSC] [HKLM\Software\Hewlett-Packard] [HKLM\Software\Hewlett-Packard Company] [HKLM\Software\HP] [HKLM\Software\HPQ] [HKLM\Software\IDT] [HKLM\Software\IM Providers] [HKLM\Software\InstalledOptions] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Licenses] [HKLM\Software\LightScribe] [HKLM\Software\LSI] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\Marvell] [HKLM\Software\McAfee] [HKLM\Software\McAfeeInstallIntegrator] [HKLM\Software\Microsoft] [HKLM\Software\Mindscape] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nikon] [HKLM\Software\Nokia] [HKLM\Software\ODBC] [HKLM\Software\PDF Architect 2] [HKLM\Software\PDFComplete] [HKLM\Software\PDFCreator.net] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Portrait Displays] [HKLM\Software\Realtek] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\RegisteredApplications] [HKLM\Software\RICOH] [HKLM\Software\Riot Games] [HKLM\Software\Riot Games, Inc] [HKLM\Software\Rock Kit] [HKLM\Software\Roxio] [HKLM\Software\SafeBoot International] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Skype] [HKLM\Software\Softwin] [HKLM\Software\Sonic] [HKLM\Software\SpeedFan] [HKLM\Software\SpeedyPC Software] [HKLM\Software\Symantec] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\TeamSpeak 3 Client] [HKLM\Software\TeamViewer] [HKLM\Software\TheGreenBow] [HKLM\Software\Validity] [HKLM\Software\Valve] [HKLM\Software\Volatile] [HKLM\Software\WholeSecurity] [HKLM\Software\Widcomm] [HKLM\Software\Windows] [HKLM\Software\Wow6432Node] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\bdx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] ---------- | Drives F: ---------- | C: [14/07/2009 03:36:15] - |SHDC| - [66973049] - C:\$Recycle.Bin [25/09/2016 14:17:31] - |DC| - [1239413] - C:\AdwCleaner [25/04/2010 09:41:21] - |SHD| - [18909172] - C:\boot [MD5.D6AE2D5521DD93AEBC90D411D099FA36] - [25/04/2010 09:41:22] - |RASH| - (.-.) - [383562] - (0.0.0.0) - C:\bootmgr [01/04/2013 16:56:26] - |SHD| - [2450712] - C:\Config.Msi [14/07/2009 05:53:55] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/09/2010 23:18:28] - |ASH| - (.-.) - [1995890688] - (0.0.0.0) - C:\hiberfil.sys [14/05/2010 23:07:40] - |HD| - [48032122] - C:\hp [08/09/2010 14:28:58] - |SHD| - [0] - C:\HPMBackup [MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/09/2010 16:34:55] - |RASHC| - (.-.) - [0] - (0.0.0.0) - C:\IO.SYS [MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/09/2010 16:34:55] - |RASHC| - (.-.) - [0] - (0.0.0.0) - C:\MSDOS.SYS [15/09/2010 10:10:42] - |RHD| - [668015310] - C:\MSOCache [MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/09/2010 23:18:44] - |ASH| - (.-.) - [1995890688] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 03:37:05] - |D| - [0] - C:\PerfLogs [14/07/2009 03:37:05] - |RD| - [6889361535] - C:\Program Files [14/07/2009 03:37:05] - |HD| - [1400883626] - C:\ProgramData [10/11/2016 21:23:49] - |DC| - [262068] - C:\QuickDiag [MD5.3D64309FAD43B502CB016439558D4BE8] - [10/11/2016 21:24:07] - |AC| - (.-.) - [91843] - (0.0.0.0) - C:\QuickDiag.txt [25/04/2010 08:46:44] - |SHD| - [0] - C:\Recovery [24/09/2016 14:17:53] - |D| - [9829402524] - C:\Riot Games [26/04/2010 17:16:30] - |D| - [6073382750] - C:\swsetup [14/05/2010 23:27:38] - |SHD| - [0] - C:\System Volume Information [26/04/2010 17:16:30] - |HD| - [129106236] - C:\SYSTEM.SAV [MD5.A0EC7358FA65B759D4CB4163DD2EA677] - [02/02/2012 10:07:37] - |AC| - (.TeamViewer -.) - [3449376] - (7.0.12541.0) - C:\TeamViewerQS_fr.exe [MD5.20184C6D415C8794D33544A2DEF087CB] - [18/04/2012 08:41:43] - |AC| - (.TeamViewer GmbH -.) - [3559928] - (7.0.12979.0) - C:\TeamViewer_Setup_fr.exe [MD5.1CA3C6964E0A01778790E75D8A1DBCAE] - [02/02/2012 10:30:46] - |AC| - (.© TheGreenBow 2011. - TheGreenBow IPSec VPN Client Installer.) - [4364328] - (5.6.4.1) - C:\TheGreenBow_VPN_5_06_004.exe [MD5.DE5C447324D4C5F66F3BCE8F8366D2B8] - [19/10/2009 23:43:50] - |C| - (.-.) - [47104] - (0.0.0.0) - C:\Thumbs.db [14/07/2009 03:37:05] - |RD| - [72029534334] - C:\Users [22/03/2010 18:27:28] - |D| - [154457068] - C:\Warranty [14/07/2009 03:37:05] - |D| - [29119314570] - C:\Windows [14/05/2010 23:03:33] - |D| - [1483552] - C:\x86 ---------- | C:\windows [14/07/2009 05:52:30] - |D| - [802] - C:\windows\addins [MD5.B68B8A53D9A149B24157967AA2D99F82] - [21/01/2010 18:42:48] - |A| - (.Copyright ©LSI Corporation 2008 - Agrsmdel.) - [64000] - (2.7.5.0) - C:\windows\agrsmdel.exe [14/07/2009 03:37:05] - |D| - [57436164] - C:\windows\AppCompat [14/07/2009 03:37:05] - |D| - [9916402] - C:\windows\AppPatch [14/07/2009 03:37:05] - |RSD| - [869260519] - C:\windows\assembly [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [01/11/2016 14:19:24] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\windows\avastSS.scr [MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [06/03/2014 17:54:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65024] - (6.1.7601.17514) - C:\windows\bfsvc.exe [14/07/2009 03:37:06] - |D| - [18320680] - C:\windows\Boot [MD5.E46DC7C7E93F68B2BAF2063E141E4C88] - [14/07/2009 05:57:37] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\windows\bootstat.dat [14/07/2009 03:37:06] - |D| - [3233280] - C:\windows\Branding [31/10/2012 19:42:43] - |D| - [0] - C:\windows\Cache [25/04/2010 21:36:34] - |D| - [0] - C:\windows\CSC [MD5.FA06C7957B6DECD4BCC24BE7ACF0F6C1] - [14/05/2010 23:24:01] - |A| - (.-.) - [10] - (0.0.0.0) - C:\windows\csup.txt [14/07/2009 03:37:06] - |D| - [2113488] - C:\windows\Cursors [14/07/2009 05:34:21] - |D| - [6883] - C:\windows\debug [14/07/2009 05:52:30] - |D| - [3042330] - C:\windows\diagnostics [14/07/2009 05:56:48] - |D| - [0] - C:\windows\DigitalLocker [14/07/2009 05:52:30] - |D| - [65] - C:\windows\Downloaded Program Files [01/04/2013 16:57:04] - |D| - [2307738] - C:\windows\DPDrv [25/04/2010 21:36:34] - |D| - [106301103] - C:\windows\ehome [MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [13/10/2016 19:05:55] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2972672] - (6.1.7601.23537) - C:\windows\explorer.exe [14/07/2009 03:37:06] - |RSD| - [416773115] - C:\windows\Fonts [14/05/2010 23:34:19] - |D| - [142336] - C:\windows\fr-FR [MD5.F9202335BBA03A02F084FE588564BBF5] - [14/07/2009 00:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [13824] - (6.1.7600.16385) - C:\windows\fveupdate.exe [14/07/2009 03:37:06] - |D| - [13983480] - C:\windows\Globalization [14/07/2009 03:37:06] - |D| - [79467966] - C:\windows\Help [MD5.2FF3A32F01DF61836FED59D441D8B9DF] - [14/07/2009 01:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [497152] - (6.1.7600.16385) - C:\windows\HelpPane.exe [14/05/2010 23:38:38] - |D| - [5815056] - C:\windows\Hewlett-Packard [MD5.9B90B0C78671A4881D06C91941F6F379] - [14/07/2009 01:12:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [15360] - (6.1.7600.16385) - C:\windows\hh.exe [MD5.E8A98566F621EA82046708A4642E331C] - [15/09/2010 14:51:17] - |A| - (.-.) - [180] - (0.0.0.0) - C:\windows\hpbafd.ini [14/07/2009 03:37:06] - |D| - [143547244] - C:\windows\IME [14/07/2009 03:37:06] - |D| - [168497529] - C:\windows\inf [14/05/2010 22:59:38] - |SHD| - [9738729846] - C:\windows\Installer [14/07/2009 03:37:06] - |D| - [48371] - C:\windows\L2Schemas [14/07/2009 03:37:06] - |D| - [0] - C:\windows\LiveKernelReports [14/07/2009 03:37:06] - |D| - [68688729] - C:\windows\Logs [MD5.2C3B6EBB05284C3D11942DF7EC6396B2] - [10/02/2010 02:58:12] - |A| - (.-.) - [12800] - (0.0.0.0) - C:\windows\LPRES.DLL [14/07/2009 03:37:06] - |RSD| - [13327133] - C:\windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 00:55:01] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\windows\mib.bin [14/07/2009 03:37:07] - |D| - [682029606] - C:\windows\Microsoft.NET [08/03/2014 13:42:32] - |D| - [3634] - C:\windows\Migration [12/04/2016 13:30:26] - |D| - [0] - C:\windows\Minidump [14/07/2009 03:37:07] - |D| - [0] - C:\windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:04:57] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\windows\msdfmap.ini [29/05/2013 08:13:42] - |HD| - [458740] - C:\windows\msdownld.tmp [MD5.2AAD8C9A7E3A4E539D54FC2144D85EB4] - [08/09/2010 14:58:44] - |A| - (.-.) - [384] - (0.0.0.0) - C:\windows\myClean.bat [MD5.A4F6DF0E33E644E802C8798ED94D80EA] - [11/08/2015 21:42:16] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [179712] - (6.1.7601.18917) - C:\windows\notepad.exe [14/05/2010 23:53:54] - |D| - [4865] - C:\windows\OEMCert [14/01/2011 22:42:52] - |D| - [0] - C:\windows\Offline Address Books [14/07/2009 05:52:30] - |D| - [65] - C:\windows\Offline Web Pages [14/08/2010 16:37:40] - |D| - [0] - C:\windows\Options [25/04/2010 09:41:36] - |D| - [685132] - C:\windows\Panther [15/09/2010 10:17:39] - |D| - [0] - C:\windows\PCHEALTH [14/07/2009 05:52:30] - |D| - [62432698] - C:\windows\Performance [MD5.754AEA3DE86B36B4520313C68B4438F7] - [09/11/2016 20:55:38] - |A| - (.-.) - [3268] - (0.0.0.0) - C:\windows\PFRO.log [14/07/2009 03:37:07] - |D| - [1132015] - C:\windows\PLA [14/07/2009 03:37:07] - |D| - [5806192] - C:\windows\PolicyDefinitions [14/08/2010 16:25:06] - |D| - [44577631] - C:\windows\Prefetch [MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [25/04/2010 21:38:01] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\windows\PROFESSIONAL.xml [27/09/2016 13:20:28] - |D| - [46080] - C:\windows\pss [MD5.DBA91CD5A3A68302967C03213E52BDE8] - [21/04/2015 21:09:59] - |AH| - (.-.) - [54156] - (0.0.0.0) - C:\windows\QTFont.qfn [MD5.8A4883F5E7AC37444F23279239553878] - [14/07/2009 00:17:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [398336] - (6.1.7600.16385) - C:\windows\regedit.exe [14/07/2009 03:37:07] - |D| - [21544] - C:\windows\registration [14/07/2009 03:37:07] - |D| - [9841452] - C:\windows\rescache [14/07/2009 03:37:07] - |D| - [1674534] - C:\windows\Resources [MD5.707373C103B686FBF34E02C9970887F3] - [14/08/2010 16:38:04] - |A| - (.Copyright (C) Realtek Semiconductor Corp. - RTSUVCUninst MFC Application.) - [327680] - (1.0.0.3) - C:\windows\RtsUvcUninst.exe [14/07/2009 03:37:07] - |D| - [0] - C:\windows\SchCache [14/07/2009 03:37:07] - |D| - [58021] - C:\windows\schemas [14/07/2009 03:37:07] - |D| - [4227630] - C:\windows\security [14/07/2009 05:34:13] - |D| - [73684302] - C:\windows\ServiceProfiles [14/07/2009 03:37:07] - |D| - [88281880] - C:\windows\servicing [14/07/2009 05:34:16] - |D| - [1042] - C:\windows\Setup [MD5.AC849B99E032F4017BB1CE37934DD4AF] - [08/11/2016 21:22:59] - |A| - (.-.) - [112] - (0.0.0.0) - C:\windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/11/2016 21:22:59] - |A| - (.-.) - [0] - (0.0.0.0) - C:\windows\setuperr.log [25/04/2010 21:36:34] - |D| - [38200] - C:\windows\ShellNew [14/08/2010 16:29:26] - |D| - [1179020409] - C:\windows\SoftwareDistribution [14/07/2009 03:37:07] - |D| - [70586312] - C:\windows\Speech [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 05:48:09] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\windows\Starter.xml [MD5.423D3D1F049CA9AC89AA6E30804A98CD] - [01/04/2013 17:04:32] - |A| - (.Copyright © 2004 - 2009 IDT, Inc. - IDT PC Audio.) - [495708] - (1.0.6300.0) - C:\windows\sttray.exe [17/08/2012 18:39:45] - |D| - [0] - C:\windows\Sun [14/07/2009 03:37:07] - |D| - [700380] - C:\windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:04:23] - |A| - (.-.) - [219] - (0.0.0.0) - C:\windows\system.ini [14/07/2009 03:37:07] - |D| - [3987493147] - C:\windows\System32 [14/07/2009 03:37:09] - |D| - [15] - C:\windows\TAPI [14/07/2009 03:37:09] - |D| - [38138] - C:\windows\Tasks [14/07/2009 03:37:09] - |D| - [8456] - C:\windows\Temp [14/07/2009 03:37:09] - |D| - [0] - C:\windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 22:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\windows\twain.dll [14/07/2009 05:52:30] - |D| - [133120] - C:\windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [06/03/2014 17:54:11] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 23:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 01:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\windows\twunk_32.exe [MD5.015B30309491A911E75748AD69C9E680] - [01/11/2016 14:19:42] - |A| - (.© Microsoft Corporation. - Microsoft® C Runtime Library.) - [921280] - (10.0.10586.212) - C:\windows\ucrtbase.dll [MD5.D41D8CD98F00B204E9800998ECF8427E] - [14/03/2014 11:02:18] - |A| - (.-.) - [0] - (0.0.0.0) - C:\windows\ViewNX2.INI [14/07/2009 03:37:09] - |D| - [12420] - C:\windows\Vss [14/07/2009 03:37:09] - |D| - [44243967] - C:\windows\Web [MD5.E13F489F0B1E52319A86BDD996263F4B] - [14/07/2009 03:04:23] - |A| - (.-.) - [478] - (0.0.0.0) - C:\windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 05:41:57] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\windows\WindowsShell.Manifest [MD5.21F2BB29A4546A9BA324162C89A3F751] - [14/08/2010 16:29:20] - |A| - (.-.) - [1089634] - (0.0.0.0) - C:\windows\WindowsUpdate.log [MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 21:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\windows\winhelp.exe [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 01:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\windows\winhlp32.exe [MD5.73FE8285D075FE7F0CD980870A09AF3D] - [26/09/2016 21:48:47] - |A| - (.-.) - [79] - (0.0.0.0) - C:\windows\wininit.ini [14/07/2009 03:37:09] - |D| - [11132929920] - C:\windows\winsxs [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:34:23] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\windows\WMSysPr9.prx [MD5.6E8EACC0B339365D79A2C06896865D3D] - [14/07/2009 00:41:00] - |A| - (.© Microsoft Corporation. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\windows\write.exe [MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 22:30:30] - |A| - (.-.) - [707] - (0.0.0.0) - C:\windows\_default.pif ---------- | Systemroot\System [14/07/2009 00:00:47] - |A| - [69584] - C:\windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL) [14/07/2009 00:00:47] - |A| - [109456] - C:\windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library) [13/07/2009 22:41:42] - |A| - [32816] - C:\windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries) [13/07/2009 22:41:23] - |A| - [2000] - C:\windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module) [13/07/2009 21:29:46] - |A| - [9936] - C:\windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library) [14/07/2009 00:00:47] - |A| - [73376] - C:\windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI) [14/07/2009 00:00:47] - |A| - [25264] - C:\windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer) [14/07/2009 00:00:47] - |A| - [28160] - C:\windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio) [13/07/2009 22:41:32] - |A| - [68992] - C:\windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia) [13/07/2009 22:41:32] - |A| - [1152] - C:\windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module) [13/07/2009 22:41:27] - |A| - [2032] - C:\windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module) [10/06/2009 22:21:50] - |A| - [126912] - C:\windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL) [13/07/2009 21:29:46] - |A| - [82944] - C:\windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library) [13/07/2009 22:41:50] - |A| - [24064] - C:\windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library) [13/07/2009 22:41:22] - |A| - [5120] - C:\windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library) [13/07/2009 22:41:23] - |A| - [1744] - C:\windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module) [13/07/2009 23:00:27] - |A| - [5532] - C:\windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library) [13/07/2009 22:41:21] - |A| - [3360] - C:\windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component) [13/07/2009 22:41:39] - |A| - [4048] - C:\windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles) [13/07/2009 21:29:46] - |A| - [9008] - C:\windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries) [13/07/2009 22:41:26] - |A| - [2176] - C:\windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module) [13/07/2009 22:41:45] - |A| - [12704] - C:\windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [14/01/2010 22:41:02] - C:\windows\Installer\1109f6.msi : (HP Software Setup - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/11/2009 00:43:20] - C:\windows\Installer\110a07.msi : (HP SoftPaq Download Manager - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/05/2010 23:44:43] - C:\windows\Installer\12b638.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/12/2009 21:10:20] - C:\windows\Installer\12f722.msi : (Device Access Manager for HP ProtectTools - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2009 01:30:28] - C:\windows\Installer\13292a.msi : (ActivClient x86 - ActivIdentity) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/03/2010 21:05:30] - C:\windows\Installer\1385ab.msi : (HP Privacy Manager Sign and Chat - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2013 16:55:40] - C:\windows\Installer\1395d5af.msi : (Blank Project Template - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/01/2010 20:20:20] - C:\windows\Installer\13a645.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2013 17:18:51] - C:\windows\Installer\13aaf1c4.msi : (HP Power Assistant - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2013 17:18:51] - C:\windows\Installer\13aaf22a.msi : (HP Power Assistant - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2013 17:23:11] - C:\windows\Installer\13aaf250.msi : (HP 3D DriveGuard - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/02/2010 02:41:52] - C:\windows\Installer\13c0a8.msi : (Drive Encryption for HP ProtectTools - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/01/2014 09:32:36] - C:\windows\Installer\1fa44f.msi : (System Requirements Lab for Intel - Husdawg, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/11/2013 01:46:30] - C:\windows\Installer\1fa4b3.msi : (Intel(R) Network Connections - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2016 14:12:49] - C:\windows\Installer\224c61.msi : (League of Legends - Riot Games) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2010 00:06:58] - C:\windows\Installer\22ddf.msi : (HP Software Framework - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/01/2012 17:51:26] - C:\windows\Installer\24c627a.msi : (MSVC90_x86 - Nokia) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/02/2010 23:16:00] - C:\windows\Installer\261d5.msi : (Windows 7 Default Setting - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/05/2010 23:07:56] - C:\windows\Installer\26c21.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/01/2015 08:53:26] - C:\windows\Installer\2ab34.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/01/2010 19:20:52] - C:\windows\Installer\2dc23.msi : (WIDCOMM Bluetooth Profile Pack - Broadcom Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/08/2010 16:35:37] - C:\windows\Installer\2dc2c.msi : (Validity Fingerprint Driver install package - Validity Sensors, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/04/2010 04:46:56] - C:\windows\Installer\2dc35.msi : (HP Web Camera - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/10/2009 12:27:10] - C:\windows\Installer\2dc7d.msi : ( - Hewlett-Packard Development Compay, L.P.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/11/2013 09:19:48] - C:\windows\Installer\2e7e93.msi : (HP Power Data - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/11/2013 08:57:23] - C:\windows\Installer\313be8.msi : (HP 3D DriveGuard - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/01/2010 18:27:20] - C:\windows\Installer\3197f.msi : (Blank Project Template - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/03/2010 02:10:26] - C:\windows\Installer\32a4e.msi : (HP QuickLook - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/11/2016 14:33:04] - C:\windows\Installer\422b73e7.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/11/2016 19:17:56] - C:\windows\Installer\43399f7f.msi : (7-Zip Package - Igor Pavlov) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/11/2016 19:21:42] - C:\windows\Installer\43399f85.msi : (Java SE Runtime Environment 8 Update 111 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/11/2016 19:24:41] - C:\windows\Installer\43399f94.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/05/2010 23:02:20] - C:\windows\Installer\4fac.msi : (HP ESU for Microsoft Windows 7 - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/03/2010 21:00:40] - C:\windows\Installer\5fc3.msi : (HP HotKey Support - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2012 04:48:11] - C:\windows\Installer\793b0.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2016 13:32:30] - C:\windows\Installer\82d5b.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/03/2015 11:26:35] - C:\windows\Installer\9edeb.msi : (Java SE Runtime Environment 8.0 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/09/2015 18:20:46] - C:\windows\Installer\a06f5.msi : (Adblock Plus for IE - Eyeo GmbH) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/02/2013 15:02:05] - C:\windows\Installer\a0e062.msi : (HP Support Assistant - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/09/2012 11:58:48] - C:\windows\Installer\a0e068.msi : (Blank Project Template - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2016 13:16:18] - C:\windows\Installer\cf0891.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/08/2016 11:56:44] - C:\windows\Installer\cf0897.msi : (Apple Mobile Device Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/05/2010 23:38:32] - C:\windows\Installer\d0af8.msi : (HP Wireless Assistant - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/05/2010 23:38:40] - C:\windows\Installer\d21da.msi : (LS_HSI - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/05/2010 23:42:41] - C:\windows\Installer\d60ea.msi : (HP User Guides 0185 - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/05/2010 23:20:21] - C:\windows\Installer\dca05.msi : (HP Advisor - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/08/2010 16:35:36] - C:\windows\Installer\HPVFSSVC4.0.15.0.msi : (Validity Fingerprint Driver install package - Validity Sensors, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [14/07/2009 05:42:29] - [73] - C:\windows\System32\desktop.ini [14/05/2010 23:26:46] - [190] - C:\windows\System32\HPPA.ini [14/05/2010 23:38:34] - [188] - C:\windows\System32\HPWA.ini [18/04/2015 23:12:05] - [16303] - C:\windows\System32\ieuinit.inf [14/05/2010 23:23:38] - [1278] - C:\windows\System32\InstallUtil.InstallLog [14/07/2009 05:42:26] - [976] - C:\windows\System32\mapisvc.inf [14/08/2010 16:34:51] - [1092090] - C:\windows\System32\oem27.inf [05/11/2013 09:08:05] - [1049314] - C:\windows\System32\oem79.inf [14/05/2010 23:09:43] - [1677370] - C:\windows\System32\PerfStringBackup.INI [10/06/2009 22:39:59] - [60124] - C:\windows\System32\tcpmon.ini ---------- | [a2com] [21/04/2015 21:06:00] - |D| - [2185] - C:\Users\a2com\Desktop [21/04/2015 21:09:58] - |A| - [262144] - C:\Users\a2com\NTUSER.DAT [21/04/2015 21:09:58] - |ASH| - [13312] - C:\Users\a2com\NTUSER.DAT.LOG1 [21/04/2015 21:09:58] - |ASH| - [0] - C:\Users\a2com\NTUSER.DAT.LOG2 [21/04/2015 21:09:58] - |ASH| - [65536] - C:\Users\a2com\NTUSER.DAT{696577d8-e85a-11e4-831b-70f3957f0638}.TM.blf [21/04/2015 21:09:58] - |ASH| - [524288] - C:\Users\a2com\NTUSER.DAT{696577d8-e85a-11e4-831b-70f3957f0638}.TMContainer00000000000000000001.regtrans-ms [21/04/2015 21:09:58] - |ASH| - [524288] - C:\Users\a2com\NTUSER.DAT{696577d8-e85a-11e4-831b-70f3957f0638}.TMContainer00000000000000000002.regtrans-ms ---------- | [Administrateur.Portable01] [21/04/2015 21:06:01] - |D| - [2185] - C:\Users\Administrateur.Portable01\Desktop [21/04/2015 21:09:59] - |A| - [262144] - C:\Users\Administrateur.Portable01\NTUSER.DAT [21/04/2015 21:09:59] - |ASH| - [13312] - C:\Users\Administrateur.Portable01\NTUSER.DAT.LOG1 [21/04/2015 21:09:59] - |ASH| - [0] - C:\Users\Administrateur.Portable01\NTUSER.DAT.LOG2 [21/04/2015 21:09:59] - |ASH| - [65536] - C:\Users\Administrateur.Portable01\NTUSER.DAT{696577dc-e85a-11e4-831b-70f3957f0638}.TM.blf [21/04/2015 21:09:59] - |ASH| - [524288] - C:\Users\Administrateur.Portable01\NTUSER.DAT{696577dc-e85a-11e4-831b-70f3957f0638}.TMContainer00000000000000000001.regtrans-ms [21/04/2015 21:09:59] - |ASH| - [524288] - C:\Users\Administrateur.Portable01\NTUSER.DAT{696577dc-e85a-11e4-831b-70f3957f0638}.TMContainer00000000000000000002.regtrans-ms ---------- | [al] [01/03/2013 07:59:33] - |HD| - [4106555611] - C:\Users\al\AppData [01/03/2013 07:59:43] - |RD| - [68795] - C:\Users\al\Contacts [01/03/2013 07:59:33] - |RD| - [443480257] - C:\Users\al\Desktop [13/10/2014 09:50:59] - |D| - [1135702] - C:\Users\al\Dialogue [01/03/2013 07:59:33] - |RD| - [4676932530] - C:\Users\al\Documents [01/03/2013 07:59:33] - |RD| - [545699682] - C:\Users\al\Downloads [01/03/2013 07:59:33] - |RD| - [227714] - C:\Users\al\Favorites [01/03/2013 07:59:33] - |RD| - [2322] - C:\Users\al\Links [01/03/2013 07:59:33] - |RD| - [504] - C:\Users\al\Music [01/03/2013 07:59:33] - |ASH| - [7602176] - C:\Users\al\ntuser.dat [01/03/2013 07:59:34] - |ASH| - [262144] - C:\Users\al\ntuser.dat.LOG1 [01/03/2013 07:59:34] - |ASH| - [0] - C:\Users\al\ntuser.dat.LOG2 [01/03/2013 07:59:34] - |ASH| - [65536] - C:\Users\al\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [01/03/2013 07:59:34] - |ASH| - [524288] - C:\Users\al\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [01/03/2013 07:59:34] - |ASH| - [524288] - C:\Users\al\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [21/04/2015 21:02:27] - |SH| - [20] - C:\Users\al\ntuser.ini [01/03/2013 07:59:33] - |RD| - [504] - C:\Users\al\Pictures [01/03/2013 07:59:33] - |RD| - [282] - C:\Users\al\Saved Games [01/03/2013 07:59:51] - |RD| - [2148] - C:\Users\al\Searches [24/09/2016 20:51:47] - |D| - [983040] - C:\Users\al\Tracing [01/03/2013 07:59:33] - |RD| - [504] - C:\Users\al\Videos [01/03/2013 07:59:51] - |RD| - [442] - C:\Users\al\Virtual Machines [20/02/2015 10:45:25] - |D| - [4470775] - C:\Users\al\AppData\Roaming\Adobe [15/10/2013 08:04:39] - |D| - [0] - C:\Users\al\AppData\Roaming\AdobeUM [01/03/2013 08:00:03] - |D| - [4056] - C:\Users\al\AppData\Roaming\Apple Computer [14/03/2014 10:59:29] - |D| - [114] - C:\Users\al\AppData\Roaming\ArcSoft [01/11/2016 14:21:06] - |D| - [30231733] - C:\Users\al\AppData\Roaming\AVAST Software [25/09/2016 12:39:13] - |D| - [1793] - C:\Users\al\AppData\Roaming\Cobalt [01/03/2013 07:59:47] - |D| - [100] - C:\Users\al\AppData\Roaming\DigitalPersona [16/10/2016 20:15:24] - |D| - [22606852] - C:\Users\al\AppData\Roaming\discord [01/03/2013 08:11:47] - |D| - [0] - C:\Users\al\AppData\Roaming\Google [01/03/2013 08:27:06] - |D| - [32638] - C:\Users\al\AppData\Roaming\Hewlett-Packard [01/03/2013 08:00:07] - |D| - [99998] - C:\Users\al\AppData\Roaming\hpqlog [01/03/2013 07:59:45] - |D| - [0] - C:\Users\al\AppData\Roaming\Identities [12/11/2013 08:51:18] - |D| - [0] - C:\Users\al\AppData\Roaming\InstallShield [09/11/2016 21:42:03] - |A| - [115] - C:\Users\al\AppData\Roaming\LogFile.txt [24/09/2016 19:08:43] - |D| - [0] - C:\Users\al\AppData\Roaming\LolClient [01/03/2013 08:12:02] - |D| - [600] - C:\Users\al\AppData\Roaming\Macromedia [15/10/2013 07:36:58] - |D| - [2066] - C:\Users\al\AppData\Roaming\Matus Tomlein [01/11/2016 14:09:02] - |A| - [0] - C:\Users\al\AppData\Roaming\MCVi2UserDetail.ini [01/03/2013 07:59:33] - |SD| - [61403701] - C:\Users\al\AppData\Roaming\Microsoft [14/03/2014 11:01:30] - |D| - [195] - C:\Users\al\AppData\Roaming\Nikon [22/08/2015 16:31:34] - |D| - [2012506] - C:\Users\al\AppData\Roaming\OpenOffice.org [09/12/2014 10:11:55] - |D| - [1739] - C:\Users\al\AppData\Roaming\PDF Architect 2 [13/10/2014 11:02:10] - |D| - [4275] - C:\Users\al\AppData\Roaming\PDF Pro 10 9 [09/12/2014 09:43:49] - |D| - [1536] - C:\Users\al\AppData\Roaming\pdfforge [24/09/2016 13:55:37] - |D| - [18328769] - C:\Users\al\AppData\Roaming\Riot Games [19/02/2014 16:58:53] - |D| - [20385571] - C:\Users\al\AppData\Roaming\Roxio Log Files [14/03/2014 10:56:01] - |A| - [0] - C:\Users\al\AppData\Roaming\Sample Delay [26/09/2016 21:18:54] - |A| - [0] - C:\Users\al\AppData\Roaming\Sampler [24/09/2016 20:51:27] - |D| - [27569781] - C:\Users\al\AppData\Roaming\Skype [14/03/2014 10:53:37] - |RH| - [268] - C:\Users\al\AppData\Roaming\Sounds [09/11/2016 21:41:59] - |D| - [0] - C:\Users\al\AppData\Roaming\SpeedyPC Software [01/11/2016 19:24:27] - |D| - [0] - C:\Users\al\AppData\Roaming\Sun [15/10/2013 09:22:01] - |D| - [40405] - C:\Users\al\AppData\Roaming\TeamViewer [24/09/2016 14:00:28] - |D| - [3798311] - C:\Users\al\AppData\Roaming\TS3Client [16/10/2016 17:39:39] - |D| - [961] - C:\Users\al\AppData\Roaming\Unity [02/10/2016 21:27:04] - |D| - [38461887] - C:\Users\al\AppData\Roaming\WindSolutions [19/04/2015 22:19:26] - |D| - [346707] - C:\Users\al\AppData\Local\Adobe [24/09/2016 13:32:00] - |D| - [3477687] - C:\Users\al\AppData\Local\Apps [21/04/2015 21:03:05] - |D| - [0] - C:\Users\al\AppData\Local\Broadcom [29/07/2015 20:02:22] - |D| - [16014] - C:\Users\al\AppData\Local\CDex [25/09/2016 11:33:57] - |D| - [5984542] - C:\Users\al\AppData\Local\CEF [24/09/2016 13:31:59] - |D| - [0] - C:\Users\al\AppData\Local\Deployment [21/04/2015 21:02:59] - |D| - [0] - C:\Users\al\AppData\Local\DigitalPersona [16/10/2016 20:14:46] - |D| - [171743368] - C:\Users\al\AppData\Local\Discord [24/10/2015 08:40:19] - |D| - [0] - C:\Users\al\AppData\Local\ElevatedDiagnostics [19/04/2015 22:21:54] - |SHD| - [0] - C:\Users\al\AppData\Local\EmieBrowserModeList [19/04/2015 22:21:54] - |SHD| - [0] - C:\Users\al\AppData\Local\EmieSiteList [19/04/2015 22:21:54] - |SHD| - [0] - C:\Users\al\AppData\Local\EmieUserList [20/10/2015 11:15:26] - |A| - [115416] - C:\Users\al\AppData\Local\GDIPFONTCACHEV1.DAT [24/09/2016 13:39:49] - |D| - [752871702] - C:\Users\al\AppData\Local\Google [12/04/2016 13:34:31] - |D| - [393] - C:\Users\al\AppData\Local\GWX [01/10/2015 19:57:33] - |D| - [1753] - C:\Users\al\AppData\Local\Hewlett-Packard [03/11/2016 22:59:25] - |AH| - [2207144] - C:\Users\al\AppData\Local\IconCache.db [01/03/2013 07:59:34] - |D| - [2740551555] - C:\Users\al\AppData\Local\Microsoft [29/02/2016 20:48:55] - |D| - [0] - C:\Users\al\AppData\Local\Microsoft Help [15/09/2015 21:24:37] - |D| - [0] - C:\Users\al\AppData\Local\PDFCreator [26/10/2015 09:17:13] - |D| - [0] - C:\Users\al\AppData\Local\Programs [09/11/2016 21:27:53] - |A| - [7597] - C:\Users\al\AppData\Local\Resmon.ResmonCfg [06/02/2016 22:15:05] - |D| - [2682] - C:\Users\al\AppData\Local\Roxio [16/10/2016 20:14:34] - |D| - [7466] - C:\Users\al\AppData\Local\SquirrelTemp [25/09/2016 11:33:50] - |D| - [68074019] - C:\Users\al\AppData\Local\Steam [01/03/2013 07:59:33] - |D| - [185616] - C:\Users\al\AppData\Local\Symantec [01/03/2013 07:59:33] - |D| - [368691] - C:\Users\al\AppData\Local\Temp [16/10/2016 17:36:00] - |D| - [644547] - C:\Users\al\AppData\Local\Unity [01/03/2013 07:59:51] - |SH| - [174] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [19/04/2015 07:36:50] - |A| - [483] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website [01/03/2013 07:59:34] - |SHD| - [0] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [01/03/2013 07:59:33] - |RD| - [23360] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [01/03/2013 07:59:33] - |RD| - [14631] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [01/03/2013 07:59:51] - |RD| - [174] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [08/11/2016 21:21:51] - |D| - [0] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp! [02/10/2016 21:27:19] - |D| - [2684] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center [01/03/2013 07:59:51] - |SH| - [338] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [16/10/2016 20:15:27] - |D| - [2157] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc [01/03/2013 07:59:52] - |A| - [1425] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [01/03/2013 07:59:33] - |RD| - [580] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [09/11/2016 21:40:44] - |D| - [1197] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software [01/03/2013 07:59:51] - |RD| - [174] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [01/03/2013 07:59:51] - |SH| - [174] - C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [MAP_sauv] [02/02/2012 12:23:49] - |D| - [70389539] - C:\Users\MAP_sauv\ANNIVERSAIRE BRICE ET THIBAUT 2011 [02/02/2012 12:20:43] - |HD| - [14978956429] - C:\Users\MAP_sauv\AppData [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\Application Data [02/02/2012 12:23:54] - |D| - [30355284] - C:\Users\MAP_sauv\CHATILLON SUR LOIRE JANVIER 2011 [02/02/2012 12:20:50] - |RD| - [137180] - C:\Users\MAP_sauv\Contacts [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\Cookies [02/02/2012 12:20:43] - |RD| - [389935208] - C:\Users\MAP_sauv\Desktop [02/02/2012 12:23:56] - |D| - [40207384] - C:\Users\MAP_sauv\DIVERS 2011 [02/02/2012 12:20:43] - |RD| - [10027178713] - C:\Users\MAP_sauv\Documents [02/02/2012 12:20:43] - |RD| - [633534666] - C:\Users\MAP_sauv\Downloads [02/02/2012 12:20:43] - |RD| - [3394] - C:\Users\MAP_sauv\Favorites [02/02/2012 12:20:43] - |RD| - [2322] - C:\Users\MAP_sauv\Links [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\Local Settings [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\Menu Démarrer [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\Mes documents [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\Modèles [02/02/2012 12:20:43] - |RD| - [66604] - C:\Users\MAP_sauv\Music [02/02/2012 12:20:43] - |ASH| - [5767168] - C:\Users\MAP_sauv\NTUSER.DAT [02/02/2012 12:20:44] - |ASH| - [262144] - C:\Users\MAP_sauv\ntuser.dat.LOG1 [02/02/2012 12:20:44] - |ASH| - [0] - C:\Users\MAP_sauv\ntuser.dat.LOG2 [02/02/2012 12:20:44] - |ASH| - [65536] - C:\Users\MAP_sauv\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [02/02/2012 12:20:44] - |ASH| - [524288] - C:\Users\MAP_sauv\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [02/02/2012 12:20:44] - |ASH| - [524288] - C:\Users\MAP_sauv\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [02/02/2012 12:20:43] - |ASH| - [20] - C:\Users\MAP_sauv\ntuser.ini [02/02/2012 12:24:00] - |D| - [413794086] - C:\Users\MAP_sauv\PHOTOS 2011 PERSO BIS [02/02/2012 12:24:29] - |D| - [0] - C:\Users\MAP_sauv\photos nicolas [02/02/2012 12:24:29] - |D| - [35547991] - C:\Users\MAP_sauv\PHOTOS XMAS PARTY [02/02/2012 12:20:43] - |RD| - [1872131700] - C:\Users\MAP_sauv\Pictures [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\Recent [02/02/2012 12:24:30] - |D| - [259097764] - C:\Users\MAP_sauv\SAINT MARTIAL 2011 [02/02/2012 12:20:43] - |RD| - [282] - C:\Users\MAP_sauv\Saved Games [02/02/2012 12:21:01] - |RD| - [4252] - C:\Users\MAP_sauv\Searches [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\SendTo [02/02/2012 12:24:38] - |D| - [14756115] - C:\Users\MAP_sauv\SORTIE SCOLAIRE ELISA JUIN 2011 [02/02/2012 12:24:39] - |D| - [692803504] - C:\Users\MAP_sauv\VALRAS 2011 [02/02/2012 12:20:43] - |RD| - [504] - C:\Users\MAP_sauv\Videos [02/02/2012 12:21:01] - |RD| - [442] - C:\Users\MAP_sauv\Virtual Machines [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\Voisinage d'impression [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\Voisinage réseau [03/02/2012 19:49:18] - |D| - [1628777] - C:\Users\MAP_sauv\AppData\Roaming\Adobe [02/02/2012 12:21:35] - |D| - [169369] - C:\Users\MAP_sauv\AppData\Roaming\Apple Computer [02/02/2012 12:20:55] - |D| - [62] - C:\Users\MAP_sauv\AppData\Roaming\DigitalPersona [12/02/2012 12:17:54] - |D| - [1318] - C:\Users\MAP_sauv\AppData\Roaming\Google [02/02/2012 12:21:36] - |D| - [38107] - C:\Users\MAP_sauv\AppData\Roaming\Hewlett-Packard [02/02/2012 12:20:53] - |D| - [0] - C:\Users\MAP_sauv\AppData\Roaming\Identities [03/02/2012 19:49:41] - |D| - [6601] - C:\Users\MAP_sauv\AppData\Roaming\Macromedia [02/02/2012 12:20:43] - |SD| - [36311494] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft [02/02/2012 12:22:32] - |D| - [94470] - C:\Users\MAP_sauv\AppData\Roaming\TeamViewer [03/02/2012 12:14:53] - |D| - [0] - C:\Users\MAP_sauv\AppData\Local\Apple [06/02/2012 16:16:13] - |D| - [12424] - C:\Users\MAP_sauv\AppData\Local\Apple Computer [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\AppData\Local\Application Data [02/02/2012 12:21:36] - |D| - [0] - C:\Users\MAP_sauv\AppData\Local\Broadcom [02/02/2012 12:20:55] - |D| - [0] - C:\Users\MAP_sauv\AppData\Local\DigitalPersona [02/02/2012 12:22:32] - |A| - [130408] - C:\Users\MAP_sauv\AppData\Local\GDIPFONTCACHEV1.DAT [12/02/2012 12:17:37] - |D| - [49832] - C:\Users\MAP_sauv\AppData\Local\Google [02/02/2012 12:24:02] - |D| - [879436] - C:\Users\MAP_sauv\AppData\Local\Hewlett-Packard [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\AppData\Local\Historique [05/02/2012 20:17:19] - |AH| - [2883863] - C:\Users\MAP_sauv\AppData\Local\IconCache.db [02/02/2012 12:20:43] - |D| - [14922559372] - C:\Users\MAP_sauv\AppData\Local\Microsoft [02/02/2012 12:20:43] - |D| - [0] - C:\Users\MAP_sauv\AppData\Local\Microsoft Help [02/02/2012 12:21:31] - |D| - [0] - C:\Users\MAP_sauv\AppData\Local\PDFC [02/02/2012 12:20:43] - |D| - [0] - C:\Users\MAP_sauv\AppData\Local\Symantec [02/02/2012 12:20:43] - |D| - [13536096] - C:\Users\MAP_sauv\AppData\Local\Temp [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\AppData\Local\Temporary Internet Files [10/04/2012 08:45:19] - |D| - [262465] - C:\Users\MAP_sauv\AppData\Local\WinZip [02/02/2012 12:21:01] - |ASH| - [174] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [02/02/2012 12:20:44] - |SHD| - [0] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [02/02/2012 12:20:43] - |RD| - [17322] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [02/02/2012 12:20:43] - |RD| - [14631] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [02/02/2012 12:21:01] - |RD| - [174] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [02/02/2012 12:21:01] - |ASH| - [338] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [02/02/2012 12:21:02] - |A| - [1425] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [02/02/2012 12:20:43] - |RD| - [580] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [02/02/2012 12:21:01] - |RD| - [174] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [02/02/2012 12:21:01] - |ASH| - [174] - C:\Users\MAP_sauv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [nfauduet] [18/04/2012 09:47:35] - |HD| - [8705199629] - C:\Users\nfauduet\AppData [18/04/2012 09:47:39] - |RD| - [412] - C:\Users\nfauduet\Contacts [18/04/2012 09:47:35] - |RD| - [507670529] - C:\Users\nfauduet\Desktop [18/04/2012 09:47:35] - |RD| - [412446575] - C:\Users\nfauduet\Documents [18/04/2012 09:47:35] - |RD| - [282] - C:\Users\nfauduet\Downloads [18/04/2012 09:47:35] - |RD| - [482] - C:\Users\nfauduet\Favorites [18/04/2012 09:47:35] - |RD| - [1907] - C:\Users\nfauduet\Links [18/04/2012 09:47:35] - |RD| - [64827] - C:\Users\nfauduet\Music [24/09/2016 17:56:25] - |A| - [262144] - C:\Users\nfauduet\ntuser.dat [24/09/2016 17:56:25] - |ASH| - [5120] - C:\Users\nfauduet\ntuser.dat.LOG1 [24/09/2016 17:56:25] - |ASH| - [0] - C:\Users\nfauduet\ntuser.dat.LOG2 [24/09/2016 17:56:26] - |ASH| - [65536] - C:\Users\nfauduet\ntuser.dat{77439466-8252-11e6-a013-70f3957f0638}.TM.blf [24/09/2016 17:56:26] - |ASH| - [524288] - C:\Users\nfauduet\ntuser.dat{77439466-8252-11e6-a013-70f3957f0638}.TMContainer00000000000000000001.regtrans-ms [24/09/2016 17:56:26] - |ASH| - [524288] - C:\Users\nfauduet\ntuser.dat{77439466-8252-11e6-a013-70f3957f0638}.TMContainer00000000000000000002.regtrans-ms [24/09/2016 17:56:33] - |ASH| - [65536] - C:\Users\nfauduet\ntuser.dat{77439474-8252-11e6-a013-70f3957f0638}.TM.blf [24/09/2016 17:56:33] - |ASH| - [524288] - C:\Users\nfauduet\ntuser.dat{77439474-8252-11e6-a013-70f3957f0638}.TMContainer00000000000000000001.regtrans-ms [24/09/2016 17:56:33] - |ASH| - [524288] - C:\Users\nfauduet\ntuser.dat{77439474-8252-11e6-a013-70f3957f0638}.TMContainer00000000000000000002.regtrans-ms [18/04/2012 09:47:35] - |RD| - [504] - C:\Users\nfauduet\Pictures [18/04/2012 09:47:35] - |RD| - [282] - C:\Users\nfauduet\Saved Games [18/04/2012 09:47:42] - |RD| - [772] - C:\Users\nfauduet\Searches [18/04/2012 09:47:35] - |RD| - [504] - C:\Users\nfauduet\Videos [18/04/2012 09:47:42] - |RD| - [442] - C:\Users\nfauduet\Virtual Machines [18/04/2012 17:38:06] - |D| - [4821373] - C:\Users\nfauduet\AppData\Roaming\Adobe [31/10/2012 19:57:04] - |D| - [0] - C:\Users\nfauduet\AppData\Roaming\AdobeUM [18/04/2012 09:48:04] - |D| - [8298142770] - C:\Users\nfauduet\AppData\Roaming\Apple Computer [18/04/2012 09:47:47] - |D| - [100] - C:\Users\nfauduet\AppData\Roaming\DigitalPersona [15/10/2013 09:50:01] - |D| - [1594] - C:\Users\nfauduet\AppData\Roaming\Egziun [18/04/2012 17:38:01] - |D| - [0] - C:\Users\nfauduet\AppData\Roaming\Google [18/04/2012 09:48:05] - |D| - [98482] - C:\Users\nfauduet\AppData\Roaming\Hewlett-Packard [01/04/2013 17:18:51] - |D| - [24669061] - C:\Users\nfauduet\AppData\Roaming\Hewlett-Packard Company [24/02/2013 15:01:16] - |D| - [374612] - C:\Users\nfauduet\AppData\Roaming\hpqLog [18/04/2012 09:47:41] - |D| - [0] - C:\Users\nfauduet\AppData\Roaming\Identities [18/04/2012 17:38:07] - |D| - [0] - C:\Users\nfauduet\AppData\Roaming\Macromedia [24/04/2013 14:43:53] - |D| - [2143] - C:\Users\nfauduet\AppData\Roaming\Matus Tomlein [18/04/2012 09:47:35] - |SD| - [47229064] - C:\Users\nfauduet\AppData\Roaming\Microsoft [31/10/2012 14:39:09] - |D| - [1476483] - C:\Users\nfauduet\AppData\Roaming\OpenOffice.org [05/09/2012 02:01:26] - |D| - [1523447] - C:\Users\nfauduet\AppData\Roaming\Skype [18/04/2012 09:49:31] - |D| - [393260] - C:\Users\nfauduet\AppData\Roaming\TeamViewer [18/04/2012 09:47:35] - |D| - [325641566] - C:\Users\nfauduet\AppData\Local\Temp [18/04/2012 09:47:42] - |ASH| - [174] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [18/04/2012 09:47:36] - |SHD| - [0] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [18/04/2012 09:47:35] - |RD| - [19860] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [18/04/2012 09:47:35] - |RD| - [14631] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [18/04/2012 09:47:42] - |RD| - [174] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/04/2012 09:47:42] - |ASH| - [338] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [18/04/2012 09:47:43] - |A| - [1425] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [18/04/2012 09:47:35] - |RD| - [580] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [13/09/2013 10:19:09] - |D| - [2538] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Périphériques Bluetooth [18/04/2012 09:47:42] - |RD| - [174] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [18/04/2012 09:47:42] - |ASH| - [174] - C:\Users\nfauduet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [nfauduet.ancien] [10/09/2010 10:53:04] - |HD| - [0] - C:\Users\nfauduet.ancien\AppData [10/09/2010 10:53:04] - |D| - [0] - C:\Users\nfauduet.ancien\Documents [26/09/2016 22:17:03] - |A| - [262144] - C:\Users\nfauduet.ancien\ntuser.dat [26/09/2016 22:17:03] - |ASH| - [5120] - C:\Users\nfauduet.ancien\ntuser.dat.LOG1 [26/09/2016 22:17:03] - |ASH| - [0] - C:\Users\nfauduet.ancien\ntuser.dat.LOG2 [26/09/2016 22:17:04] - |ASH| - [65536] - C:\Users\nfauduet.ancien\ntuser.dat{b0f16f6f-841e-11e6-93c1-002682b38a77}.TM.blf [26/09/2016 22:17:04] - |ASH| - [524288] - C:\Users\nfauduet.ancien\ntuser.dat{b0f16f6f-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000001.regtrans-ms [26/09/2016 22:17:04] - |ASH| - [524288] - C:\Users\nfauduet.ancien\ntuser.dat{b0f16f6f-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000002.regtrans-ms [26/09/2016 22:18:41] - |ASH| - [65536] - C:\Users\nfauduet.ancien\ntuser.dat{b0f16fa4-841e-11e6-93c1-002682b38a77}.TM.blf [26/09/2016 22:18:41] - |ASH| - [524288] - C:\Users\nfauduet.ancien\ntuser.dat{b0f16fa4-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000001.regtrans-ms [26/09/2016 22:18:42] - |ASH| - [524288] - C:\Users\nfauduet.ancien\ntuser.dat{b0f16fa4-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000002.regtrans-ms [15/09/2010 07:43:22] - |D| - [0] - C:\Users\nfauduet.ancien\AppData\Roaming\Macromedia ---------- | [Public] [14/07/2009 03:37:05] - |RHD| - [15038] - C:\Users\Public\Desktop [14/07/2009 05:41:57] - |ASH| - [174] - C:\Users\Public\desktop.ini [14/07/2009 03:37:05] - |RD| - [278] - C:\Users\Public\Documents [14/07/2009 03:37:05] - |RD| - [174] - C:\Users\Public\Downloads [14/07/2009 03:37:05] - |RHD| - [0] - C:\Users\Public\Favorites [14/07/2009 03:37:05] - |RHD| - [4048] - C:\Users\Public\Libraries [14/07/2009 03:37:05] - |RD| - [380] - C:\Users\Public\Music [26/09/2016 22:17:04] - |A| - [262144] - C:\Users\Public\ntuser.dat [26/09/2016 22:17:04] - |ASH| - [5120] - C:\Users\Public\ntuser.dat.LOG1 [26/09/2016 22:17:04] - |ASH| - [0] - C:\Users\Public\ntuser.dat.LOG2 [26/09/2016 22:17:05] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{b0f16f73-841e-11e6-93c1-002682b38a77}.TM.blf [26/09/2016 22:17:05] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{b0f16f73-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000001.regtrans-ms [26/09/2016 22:17:05] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{b0f16f73-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000002.regtrans-ms [26/09/2016 22:18:43] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{b0f16fa8-841e-11e6-93c1-002682b38a77}.TM.blf [26/09/2016 22:18:43] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{b0f16fa8-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000001.regtrans-ms [26/09/2016 22:18:43] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{b0f16fa8-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000002.regtrans-ms [14/07/2009 03:37:05] - |RD| - [380] - C:\Users\Public\Pictures [25/04/2010 21:36:03] - |RD| - [9699579] - C:\Users\Public\Recorded TV [14/07/2009 03:37:05] - |RD| - [380] - C:\Users\Public\Videos ---------- | [Sauve Nicolas] [02/02/2012 11:41:39] - |HD| - [9460659418] - C:\Users\Sauve Nicolas\AppData [02/02/2012 11:33:47] - |D| - [30355284] - C:\Users\Sauve Nicolas\CHATILLON SUR LOIRE JANVIER 2011 [02/02/2012 11:33:48] - |RD| - [136859] - C:\Users\Sauve Nicolas\Contacts [02/02/2012 11:33:33] - |RD| - [389935010] - C:\Users\Sauve Nicolas\Desktop [02/02/2012 11:19:39] - |D| - [40207384] - C:\Users\Sauve Nicolas\DIVERS 2011 [02/02/2012 11:19:41] - |RD| - [9718539131] - C:\Users\Sauve Nicolas\Documents [02/02/2012 11:32:51] - |RD| - [633534468] - C:\Users\Sauve Nicolas\Downloads [02/02/2012 11:19:41] - |RD| - [685] - C:\Users\Sauve Nicolas\Favorites [02/02/2012 11:19:41] - |RD| - [2609] - C:\Users\Sauve Nicolas\Links [02/02/2012 11:19:41] - |RD| - [66184] - C:\Users\Sauve Nicolas\Music [26/09/2016 22:17:05] - |A| - [262144] - C:\Users\Sauve Nicolas\ntuser.dat [26/09/2016 22:17:05] - |ASH| - [5120] - C:\Users\Sauve Nicolas\ntuser.dat.LOG1 [26/09/2016 22:17:05] - |ASH| - [0] - C:\Users\Sauve Nicolas\ntuser.dat.LOG2 [26/09/2016 22:17:05] - |ASH| - [65536] - C:\Users\Sauve Nicolas\ntuser.dat{b0f16f77-841e-11e6-93c1-002682b38a77}.TM.blf [26/09/2016 22:17:05] - |ASH| - [524288] - C:\Users\Sauve Nicolas\ntuser.dat{b0f16f77-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000001.regtrans-ms [26/09/2016 22:17:06] - |ASH| - [524288] - C:\Users\Sauve Nicolas\ntuser.dat{b0f16f77-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000002.regtrans-ms [26/09/2016 22:18:44] - |ASH| - [65536] - C:\Users\Sauve Nicolas\ntuser.dat{b0f16fac-841e-11e6-93c1-002682b38a77}.TM.blf [26/09/2016 22:18:44] - |ASH| - [524288] - C:\Users\Sauve Nicolas\ntuser.dat{b0f16fac-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000001.regtrans-ms [26/09/2016 22:18:44] - |ASH| - [524288] - C:\Users\Sauve Nicolas\ntuser.dat{b0f16fac-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000002.regtrans-ms [02/02/2012 11:32:18] - |D| - [413852966] - C:\Users\Sauve Nicolas\PHOTOS 2011 PERSO BIS [02/02/2012 11:32:37] - |D| - [0] - C:\Users\Sauve Nicolas\photos nicolas [02/02/2012 11:32:37] - |D| - [35547991] - C:\Users\Sauve Nicolas\PHOTOS XMAS PARTY [02/02/2012 11:32:38] - |D| - [259097764] - C:\Users\Sauve Nicolas\SAINT MARTIAL 2011 [02/02/2012 11:32:18] - |RD| - [84] - C:\Users\Sauve Nicolas\Saved Games [02/02/2012 11:32:38] - |RD| - [3811] - C:\Users\Sauve Nicolas\Searches [02/02/2012 11:32:49] - |D| - [14756115] - C:\Users\Sauve Nicolas\SORTIE SCOLAIRE ELISA JUIN 2011 [02/02/2012 11:33:07] - |D| - [692803504] - C:\Users\Sauve Nicolas\VALRAS 2011 [02/02/2012 11:32:18] - |RD| - [84] - C:\Users\Sauve Nicolas\Videos [02/02/2012 11:32:18] - |RD| - [93] - C:\Users\Sauve Nicolas\Virtual Machines [02/02/2012 11:47:42] - |D| - [3213792] - C:\Users\Sauve Nicolas\AppData\Roaming\Adobe [02/02/2012 11:47:43] - |D| - [833552938] - C:\Users\Sauve Nicolas\AppData\Roaming\Apple Computer [02/02/2012 11:48:08] - |D| - [62] - C:\Users\Sauve Nicolas\AppData\Roaming\DigitalPersona [02/02/2012 11:48:08] - |D| - [117260] - C:\Users\Sauve Nicolas\AppData\Roaming\Hewlett-Packard [02/02/2012 11:48:10] - |D| - [0] - C:\Users\Sauve Nicolas\AppData\Roaming\Identities [02/02/2012 11:48:10] - |D| - [56833] - C:\Users\Sauve Nicolas\AppData\Roaming\Macromedia [02/02/2012 11:48:13] - |SD| - [64004022] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft [02/02/2012 11:48:34] - |D| - [59602] - C:\Users\Sauve Nicolas\AppData\Roaming\Nokia [02/02/2012 11:48:34] - |D| - [58298] - C:\Users\Sauve Nicolas\AppData\Roaming\PC Suite [02/02/2012 11:48:34] - |D| - [43979] - C:\Users\Sauve Nicolas\AppData\Roaming\TeamViewer [02/02/2012 11:41:39] - |D| - [8188042154] - C:\Users\Sauve Nicolas\AppData\Local\Microsoft [02/02/2012 11:46:46] - |D| - [0] - C:\Users\Sauve Nicolas\AppData\Local\Microsoft Help [02/02/2012 11:46:46] - |D| - [0] - C:\Users\Sauve Nicolas\AppData\Local\PDFC [02/02/2012 11:46:46] - |D| - [0] - C:\Users\Sauve Nicolas\AppData\Local\Symantec [02/02/2012 11:46:46] - |D| - [349583461] - C:\Users\Sauve Nicolas\AppData\Local\Temp [02/02/2012 11:47:39] - |D| - [0] - C:\Users\Sauve Nicolas\AppData\Local\VirtualStore [02/02/2012 11:47:39] - |D| - [262880] - C:\Users\Sauve Nicolas\AppData\Local\WinZip [02/02/2012 11:48:33] - |ASH| - [174] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [02/02/2012 11:48:33] - |RD| - [20684] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [02/02/2012 11:48:33] - |RD| - [14631] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [02/02/2012 11:48:33] - |RD| - [174] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [02/02/2012 11:48:33] - |ASH| - [338] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [02/02/2012 11:48:33] - |A| - [1425] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [02/02/2012 11:48:33] - |RD| - [580] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [02/02/2012 11:48:33] - |D| - [3362] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Périphériques Bluetooth [02/02/2012 11:48:33] - |RD| - [174] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [02/02/2012 11:48:33] - |ASH| - [174] - C:\Users\Sauve Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [TEMP.MAP] [17/04/2012 20:38:34] - |HD| - [30522970] - C:\Users\TEMP.MAP\AppData [17/04/2012 20:38:48] - |RD| - [68796] - C:\Users\TEMP.MAP\Contacts [17/04/2012 20:38:34] - |RD| - [3560210] - C:\Users\TEMP.MAP\Desktop [17/04/2012 20:38:34] - |RD| - [402] - C:\Users\TEMP.MAP\Documents [17/04/2012 20:38:34] - |RD| - [282] - C:\Users\TEMP.MAP\Downloads [17/04/2012 20:38:34] - |RD| - [2873] - C:\Users\TEMP.MAP\Favorites [17/04/2012 20:38:34] - |RD| - [2290] - C:\Users\TEMP.MAP\Links [17/04/2012 20:38:34] - |RD| - [504] - C:\Users\TEMP.MAP\Music [17/04/2012 20:38:32] - |A| - [786432] - C:\Users\TEMP.MAP\ntuser.dat [17/04/2012 20:38:32] - |ASH| - [406528] - C:\Users\TEMP.MAP\ntuser.dat.LOG1 [17/04/2012 20:38:32] - |ASH| - [0] - C:\Users\TEMP.MAP\ntuser.dat.LOG2 [17/04/2012 20:38:33] - |ASH| - [65536] - C:\Users\TEMP.MAP\ntuser.dat{ac013fbe-88c4-11e1-a818-1cc1de9d2719}.TM.blf [17/04/2012 20:38:34] - |ASH| - [524288] - C:\Users\TEMP.MAP\ntuser.dat{ac013fbe-88c4-11e1-a818-1cc1de9d2719}.TMContainer00000000000000000001.regtrans-ms [17/04/2012 20:38:34] - |ASH| - [524288] - C:\Users\TEMP.MAP\ntuser.dat{ac013fbe-88c4-11e1-a818-1cc1de9d2719}.TMContainer00000000000000000002.regtrans-ms [17/04/2012 20:38:34] - |ASH| - [20] - C:\Users\TEMP.MAP\ntuser.ini [17/04/2012 20:38:34] - |RD| - [504] - C:\Users\TEMP.MAP\Pictures [17/04/2012 20:38:33] - |A| - [0] - C:\Users\TEMP.MAP\prfA572.tmp [17/04/2012 20:38:34] - |RD| - [282] - C:\Users\TEMP.MAP\Saved Games [17/04/2012 20:38:54] - |RD| - [3124] - C:\Users\TEMP.MAP\Searches [17/04/2012 20:38:34] - |RD| - [504] - C:\Users\TEMP.MAP\Videos [17/04/2012 20:38:54] - |RD| - [442] - C:\Users\TEMP.MAP\Virtual Machines [17/04/2012 20:49:03] - |D| - [0] - C:\Users\TEMP.MAP\AppData\Roaming\Adobe [17/04/2012 20:47:16] - |D| - [148356] - C:\Users\TEMP.MAP\AppData\Roaming\Apple Computer [17/04/2012 20:38:43] - |D| - [24] - C:\Users\TEMP.MAP\AppData\Roaming\DigitalPersona [17/04/2012 20:49:01] - |D| - [24] - C:\Users\TEMP.MAP\AppData\Roaming\Google [17/04/2012 20:49:05] - |D| - [456] - C:\Users\TEMP.MAP\AppData\Roaming\Macromedia [17/04/2012 20:38:34] - |SD| - [607309] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft [17/04/2012 20:50:47] - |D| - [1476501] - C:\Users\TEMP.MAP\AppData\Roaming\OpenOffice.org [18/04/2012 08:36:13] - |D| - [91658] - C:\Users\TEMP.MAP\AppData\Roaming\TeamViewer [18/04/2012 06:37:07] - |D| - [12424] - C:\Users\TEMP.MAP\AppData\Local\Apple Computer [17/04/2012 20:48:07] - |D| - [0] - C:\Users\TEMP.MAP\AppData\Local\Broadcom [17/04/2012 20:38:43] - |D| - [0] - C:\Users\TEMP.MAP\AppData\Local\DigitalPersona [17/04/2012 20:48:25] - |A| - [130408] - C:\Users\TEMP.MAP\AppData\Local\GDIPFONTCACHEV1.DAT [17/04/2012 20:48:56] - |D| - [4456] - C:\Users\TEMP.MAP\AppData\Local\Google [17/04/2012 20:44:30] - |AH| - [1808353] - C:\Users\TEMP.MAP\AppData\Local\IconCache.db [17/04/2012 20:38:35] - |D| - [26239890] - C:\Users\TEMP.MAP\AppData\Local\Microsoft [17/04/2012 20:38:35] - |D| - [0] - C:\Users\TEMP.MAP\AppData\Local\Microsoft Help [17/04/2012 20:47:09] - |D| - [0] - C:\Users\TEMP.MAP\AppData\Local\PDFC [17/04/2012 20:38:35] - |D| - [0] - C:\Users\TEMP.MAP\AppData\Local\Symantec [17/04/2012 20:38:35] - |D| - [0] - C:\Users\TEMP.MAP\AppData\Local\Temp [17/04/2012 20:38:54] - |ASH| - [174] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [17/04/2012 20:38:35] - |RD| - [17322] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [17/04/2012 20:38:35] - |RD| - [14631] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [17/04/2012 20:38:54] - |RD| - [174] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [17/04/2012 20:38:54] - |ASH| - [338] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [17/04/2012 20:39:00] - |A| - [1425] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [17/04/2012 20:38:35] - |RD| - [580] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [17/04/2012 20:38:54] - |RD| - [174] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp [17/04/2012 20:38:54] - |ASH| - [174] - C:\Users\TEMP.MAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\ProgramData [07/12/2012 13:42:23] - |D| - [5212] - C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [14/03/2014 10:55:15] - |D| - [1408] - C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583 [13/02/2015 16:07:02] - |D| - [180425755] - C:\ProgramData\Adobe [14/03/2014 10:53:37] - |D| - [12] - C:\ProgramData\Ambience [04/01/2012 13:11:57] - |D| - [81797665] - C:\ProgramData\Apple [04/01/2012 13:14:10] - |D| - [5667] - C:\ProgramData\Apple Computer [14/07/2009 05:53:55] - |SHD| - [15099826752] - C:\ProgramData\Application Data [13/10/2014 11:03:50] - |D| - [0] - C:\ProgramData\Avanquest Software [01/11/2016 14:16:59] - |D| - [21665205] - C:\ProgramData\AVAST Software [02/01/2016 17:52:07] - |HD| - [17293163] - C:\ProgramData\CanonBJ [14/07/2009 05:53:55] - |SHD| - [15038] - C:\ProgramData\Desktop [14/07/2009 05:53:55] - |SHD| - [278] - C:\ProgramData\Documents [14/03/2014 10:53:37] - |D| - [93] - C:\ProgramData\EnterNHelp [14/07/2009 05:53:55] - |SHD| - [0] - C:\ProgramData\Favorites [12/02/2012 12:17:30] - |D| - [530912] - C:\ProgramData\Google [14/05/2010 23:07:57] - |D| - [90060280] - C:\ProgramData\Hewlett-Packard [14/05/2010 23:23:38] - |D| - [20212] - C:\ProgramData\HPQLOG [04/01/2012 17:50:46] - |D| - [174830649] - C:\ProgramData\Installations [14/05/2010 23:23:30] - |D| - [2556618] - C:\ProgramData\Macrovision [14/01/2015 15:27:50] - |D| - [36128802] - C:\ProgramData\Malwarebytes [01/11/2016 14:08:45] - |D| - [418] - C:\ProgramData\McAfee [14/07/2009 03:37:05] - |SD| - [577074180] - C:\ProgramData\Microsoft [14/05/2010 23:28:52] - |D| - [1766534] - C:\ProgramData\Microsoft Help [17/03/2014 09:36:19] - |D| - [191535] - C:\ProgramData\Nikon [10/09/2010 08:48:53] - |D| - [155] - C:\ProgramData\Norton [26/09/2016 22:17:01] - |A| - [262144] - C:\ProgramData\ntuser.dat [26/09/2016 22:17:01] - |ASH| - [5120] - C:\ProgramData\ntuser.dat.LOG1 [26/09/2016 22:17:01] - |ASH| - [0] - C:\ProgramData\ntuser.dat.LOG2 [26/09/2016 22:17:01] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{b0f16f62-841e-11e6-93c1-002682b38a77}.TM.blf [26/09/2016 22:17:02] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{b0f16f62-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000001.regtrans-ms [26/09/2016 22:17:02] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{b0f16f62-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000002.regtrans-ms [26/09/2016 22:18:37] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{b0f16f97-841e-11e6-93c1-002682b38a77}.TM.blf [26/09/2016 22:18:37] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{b0f16f97-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000001.regtrans-ms [26/09/2016 22:18:37] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{b0f16f97-841e-11e6-93c1-002682b38a77}.TMContainer00000000000000000002.regtrans-ms [10/09/2010 10:50:41] - |RASH| - [5273] - C:\ProgramData\ntuser.pol [15/10/2013 09:48:05] - |D| - [70997713] - C:\ProgramData\Oracle [04/01/2012 17:52:56] - |D| - [95299] - C:\ProgramData\PC Suite [09/12/2014 09:44:14] - |D| - [0] - C:\ProgramData\PDF Architect 2 [14/03/2014 10:53:37] - |AH| - [20] - C:\ProgramData\PKP_DLeo.DAT [14/03/2014 10:57:07] - |AH| - [0] - C:\ProgramData\PKP_DLes.DAT [14/03/2014 10:56:01] - |AH| - [0] - C:\ProgramData\PKP_DLet.DAT [14/03/2014 10:56:01] - |AH| - [0] - C:\ProgramData\PKP_DLev.DAT [26/09/2016 21:18:07] - |A| - [0] - C:\ProgramData\PrintingModule [24/09/2016 14:22:59] - |D| - [39] - C:\ProgramData\Riot Games [26/09/2016 21:18:54] - |A| - [0] - C:\ProgramData\Screen Saver [14/08/2010 16:39:00] - |D| - [81534104] - C:\ProgramData\Skype [14/05/2010 23:36:30] - |D| - [1371] - C:\ProgramData\Sonic [14/03/2014 10:53:37] - |RAH| - [268] - C:\ProgramData\Specifications [09/11/2016 21:38:29] - |D| - [21832] - C:\ProgramData\SpeedyPC Software [26/09/2016 21:09:38] - |D| - [199702] - C:\ProgramData\Spybot - Search & Destroy [14/07/2009 05:53:55] - |SHD| - [220119] - C:\ProgramData\Start Menu [22/01/2012 11:13:33] - |D| - [119] - C:\ProgramData\Sun [08/09/2010 14:36:08] - |D| - [15745540] - C:\ProgramData\Symantec [14/07/2009 05:53:55] - |SHD| - [0] - C:\ProgramData\Templates [02/02/2012 10:31:15] - |D| - [85] - C:\ProgramData\TheGreenBow [14/03/2014 10:53:37] - |D| - [20] - C:\ProgramData\Ultima_T15 [14/05/2010 23:38:12] - |D| - [5878260] - C:\ProgramData\Uninstall [02/10/2016 21:27:03] - |D| - [82596] - C:\ProgramData\WindSolutions [08/09/2010 14:26:44] - |D| - [0] - C:\ProgramData\WinZip [04/01/2012 13:14:10] - |D| - [1942] - C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [24/02/2013 15:02:06] - |D| - [41568246] - C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 05:46:35] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 05:37:43] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [08/09/2010 14:34:13] - |A| - [1305] - C:\ProgramData\Microsoft\Windows\Start Menu\HP Warranty.lnk [14/08/2010 16:37:38] - |A| - [1729] - C:\ProgramData\Microsoft\Windows\Start Menu\IDT Audio Control Panel.lnk [14/07/2009 03:37:05] - |RD| - [211882] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/05/2010 23:44:45] - |A| - [2213] - C:\ProgramData\Microsoft\Windows\Start Menu\Theft Recovery.lnk [14/07/2009 05:37:43] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [27/12/2012 08:10:35] - |D| - [1637] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [14/07/2009 03:37:05] - |RD| - [39558] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [14/07/2009 05:52:30] - |RD| - [21135] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [15/01/2015 11:18:26] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [01/11/2016 14:20:38] - |D| - [2089] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software [07/02/2014 15:04:59] - |D| - [1061] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [08/11/2016 21:21:51] - |D| - [4936] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp! [14/07/2009 05:41:57] - |ASH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [14/08/2010 16:40:28] - |D| - [2611] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star [27/09/2016 16:27:57] - |RD| - [3418] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [24/09/2016 13:39:34] - |A| - [2139] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [14/05/2010 23:22:34] - |RD| - [26271] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [24/02/2013 15:04:58] - |D| - [2143] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [14/05/2010 23:23:55] - |A| - [1663] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Setup.lnk [01/04/2013 17:04:32] - |A| - [1641] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk [14/08/2010 16:36:34] - |D| - [1825] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [14/05/2010 23:04:27] - |D| - [1154] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager [13/10/2014 09:49:03] - |D| - [6721] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [08/11/2016 13:18:29] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League client alpha [14/05/2010 23:38:43] - |RD| - [9056] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [14/03/2014 10:30:05] - |D| - [913] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon [14/07/2009 03:37:05] - |RD| - [4334] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [14/01/2015 15:27:55] - |D| - [3505] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [14/05/2010 22:57:12] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [14/05/2010 23:33:52] - |RD| - [33979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [10/09/2010 08:30:01] - |D| - [2223] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [08/09/2010 14:25:27] - |RD| - [2159] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services [09/12/2014 09:43:49] - |D| - [8574] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [01/04/2013 17:19:27] - |D| - [2144] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools [14/07/2009 05:42:29] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [24/09/2016 20:50:32] - |D| - [2083] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [14/07/2009 03:37:05] - |RD| - [1010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [24/09/2016 13:58:34] - |A| - [1078] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk [10/09/2010 08:40:58] - |D| - [2561] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheGreenBow [14/07/2009 05:42:30] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [14/05/2010 22:57:11] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [14/07/2009 05:42:24] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [14/07/2009 05:46:36] - |A| - [1515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [14/08/2010 17:22:22] - |RD| - [5366] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC [14/07/2009 05:42:30] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/08/2010 16:33:18] - |A| - [836] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [14/07/2009 05:41:57] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files [27/12/2012 08:10:34] - |D| - [3676195] - C:\Program Files\7-Zip [14/05/2010 23:45:24] - |D| - [13127055] - C:\Program Files\ActivIdentity [26/10/2015 09:18:39] - |D| - [5777789] - C:\Program Files\Adblock Plus for IE [31/10/2012 19:45:55] - |D| - [184640757] - C:\Program Files\Adobe [01/11/2016 14:18:55] - |D| - [525196349] - C:\Program Files\AVAST Software [14/08/2010 16:34:09] - |D| - [29555542] - C:\Program Files\Broadcom [07/02/2014 15:04:57] - |D| - [10449350] - C:\Program Files\CCleaner [08/11/2016 21:21:47] - |D| - [571162] - C:\Program Files\CleanUp! [14/07/2009 03:37:05] - |D| - [711026599] - C:\Program Files\Common Files [14/07/2009 05:41:57] - |ASH| - [174] - C:\Program Files\desktop.ini [14/08/2010 16:33:09] - |D| - [2140664] - C:\Program Files\DIFX [14/07/2009 05:52:30] - |D| - [83226644] - C:\Program Files\DVD Maker [31/10/2012 09:33:28] - |D| - [0] - C:\Program Files\Farming Simulator 2013 [12/02/2012 12:17:30] - |D| - [565180620] - C:\Program Files\Google [14/05/2010 23:00:07] - |D| - [912343541] - C:\Program Files\Hewlett-Packard [14/05/2010 23:18:07] - |D| - [0] - C:\Program Files\Hewlett-Packard Company [14/08/2010 16:36:55] - |D| - [36323615] - C:\Program Files\IDT [14/05/2010 23:18:07] - |HD| - [31183318] - C:\Program Files\InstallShield Installation Information [14/05/2010 23:00:28] - |D| - [83832846] - C:\Program Files\Intel [14/07/2009 03:37:05] - |D| - [26840283] - C:\Program Files\Internet Explorer [02/10/2016 21:39:02] - |D| - [50424504] - C:\Program Files\iTunes [13/10/2014 09:48:28] - |D| - [310336832] - C:\Program Files\Java [14/08/2010 16:37:44] - |D| - [56148] - C:\Program Files\LSI SoftModem [14/01/2015 15:27:50] - |D| - [60210412] - C:\Program Files\Malwarebytes Anti-Malware [14/05/2010 23:04:31] - |D| - [3439181] - C:\Program Files\Marvell [08/09/2010 14:33:13] - |D| - [226432] - C:\Program Files\Microsoft [15/09/2010 10:11:57] - |D| - [39848379] - C:\Program Files\Microsoft Analysis Services [27/09/2016 16:23:32] - |D| - [93076018] - C:\Program Files\Microsoft Games [14/05/2010 23:28:53] - |D| - [712420515] - C:\Program Files\Microsoft Office [14/05/2010 23:42:37] - |D| - [7791803] - C:\Program Files\Microsoft Office Suite Activation Assistant [10/09/2010 08:29:45] - |D| - [42890830] - C:\Program Files\Microsoft Silverlight [08/09/2010 14:33:20] - |D| - [2188837] - C:\Program Files\Microsoft Sync Framework [14/05/2010 23:32:53] - |D| - [8175999] - C:\Program Files\Microsoft.NET [29/05/2013 08:13:00] - |D| - [0] - C:\Program Files\Mozilla Firefox [14/07/2009 05:52:30] - |D| - [25757] - C:\Program Files\MSBuild [10/09/2010 07:45:02] - |D| - [0] - C:\Program Files\MSXML 4.0 [14/03/2014 10:56:18] - |D| - [0] - C:\Program Files\Nikon [04/01/2012 17:51:39] - |D| - [0] - C:\Program Files\Nokia [21/04/2015 21:06:00] - |D| - [511253636] - C:\Program Files\Némopolis [14/05/2010 23:23:22] - |RD| - [1221] - C:\Program Files\Online Services [22/01/2012 11:13:59] - |D| - [0] - C:\Program Files\OpenOffice.org 3 [16/03/2011 09:43:20] - |D| - [0] - C:\Program Files\Orange [09/12/2014 09:43:45] - |D| - [30544541] - C:\Program Files\PDFCreator [14/08/2010 16:38:03] - |D| - [798574] - C:\Program Files\Realtek [14/07/2009 05:52:30] - |D| - [39175425] - C:\Program Files\Reference Assemblies [24/09/2016 20:50:24] - |RD| - [85125631] - C:\Program Files\Skype [09/11/2016 21:51:50] - |D| - [5886568] - C:\Program Files\SpeedFan [09/11/2016 21:38:29] - |D| - [205499701] - C:\Program Files\SpeedyPC Software [26/09/2016 21:09:22] - |D| - [9986218] - C:\Program Files\Spybot - Search & Destroy 2 [14/05/2010 23:38:21] - |D| - [34472854] - C:\Program Files\Synaptics [19/02/2014 15:49:03] - |D| - [1186352] - C:\Program Files\SystemRequirementsLab [24/09/2016 13:58:00] - |D| - [60766297] - C:\Program Files\TeamSpeak 3 Client [10/09/2010 08:40:28] - |D| - [1396750] - C:\Program Files\TheGreenBow [29/05/2013 08:13:26] - |D| - [5443708] - C:\Program Files\theHunter [14/07/2009 05:53:23] - |HD| - [0] - C:\Program Files\Uninstall Information [14/08/2010 16:35:55] - |D| - [7796275] - C:\Program Files\Validity Sensors [14/08/2010 16:33:15] - |D| - [86639225] - C:\Program Files\WIDCOMM [14/07/2009 05:52:30] - |D| - [3050496] - C:\Program Files\Windows Defender [08/09/2010 14:33:42] - |D| - [4353150] - C:\Program Files\Windows Live [14/07/2009 03:37:05] - |D| - [6181376] - C:\Program Files\Windows Mail [14/07/2009 05:52:30] - |D| - [6604034] - C:\Program Files\Windows Media Player [14/07/2009 03:37:05] - |D| - [12197556] - C:\Program Files\Windows NT [14/07/2009 05:52:30] - |D| - [4417800] - C:\Program Files\Windows Photo Viewer [14/07/2009 05:52:30] - |D| - [189952] - C:\Program Files\Windows Portable Devices [14/07/2009 05:52:30] - |D| - [6978152] - C:\Program Files\Windows Sidebar [14/08/2010 17:22:22] - |D| - [5009408] - C:\Program Files\Windows Virtual PC [30/10/2009 06:56:45] - |D| - [1198205973] - C:\Program Files\Windows XP Mode ---------- | C:\Program Files\Common Files [14/05/2010 23:45:24] - |D| - [1550496] - C:\Program Files\Common Files\ActivIdentity [31/10/2012 19:56:36] - |D| - [1825880] - C:\Program Files\Common Files\Adobe [04/01/2012 13:11:57] - |D| - [166597747] - C:\Program Files\Common Files\Apple [01/11/2016 14:20:22] - |D| - [890137] - C:\Program Files\Common Files\AV [02/02/2012 10:31:22] - |A| - [2060] - C:\Program Files\Common Files\cfgbak.tgb [15/05/2014 12:10:27] - |D| - [99992] - C:\Program Files\Common Files\DESIGNER [14/05/2010 23:45:39] - |D| - [328864] - C:\Program Files\Common Files\DigitalPersona [16/03/2011 09:42:29] - |D| - [1902186] - C:\Program Files\Common Files\France Telecom [14/05/2010 23:18:05] - |D| - [5290043] - C:\Program Files\Common Files\InstallShield [14/08/2010 16:29:42] - |D| - [13307838] - C:\Program Files\Common Files\Intel [01/11/2016 19:24:51] - |D| - [1942088] - C:\Program Files\Common Files\Java [14/05/2010 23:38:43] - |D| - [36024838] - C:\Program Files\Common Files\LightScribe [14/07/2009 03:37:05] - |D| - [256960714] - C:\Program Files\Common Files\microsoft shared [14/03/2014 10:56:23] - |D| - [1653833] - C:\Program Files\Common Files\Nikon [01/04/2013 17:20:09] - |D| - [255584] - C:\Program Files\Common Files\Portrait Displays [14/08/2010 16:36:32] - |D| - [166332] - C:\Program Files\Common Files\postureAgent [14/05/2010 23:36:13] - |D| - [207360] - C:\Program Files\Common Files\Roxio Shared [14/07/2009 03:37:05] - |D| - [2702] - C:\Program Files\Common Files\Services [01/11/2016 14:34:13] - |D| - [2581120] - C:\Program Files\Common Files\Skype [14/07/2009 03:37:05] - |D| - [41103783] - C:\Program Files\Common Files\SpeechEngines [09/11/2016 21:40:44] - |D| - [2608792] - C:\Program Files\Common Files\SpeedyPC Software [25/09/2016 11:29:11] - |D| - [837312] - C:\Program Files\Common Files\Steam [17/01/2011 10:04:06] - |D| - [2790632] - C:\Program Files\Common Files\Symantec Shared [14/07/2009 03:37:05] - |D| - [17817528] - C:\Program Files\Common Files\System [10/09/2010 08:40:28] - |D| - [36789] - C:\Program Files\Common Files\temp [08/09/2010 14:31:43] - |D| - [154241949] - C:\Program Files\Common Files\Windows Live ---------- | Tasks [MD5.16F269B8B564F1B990418E7DB4DF80DC] - [19/02/2014 16:39:20] - |A| - [1002] - C:\windows\Tasks\Adobe Flash Player Updater.job [MD5.52AC35BB656840F1C2EE1CE11A04A30D] - [24/09/2016 13:32:36] - |A| - [1044] - C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [MD5.B9CABB34A0B1285A1B21345AA1310C54] - [24/09/2016 13:32:44] - |A| - [1048] - C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [MD5.9F235CA5F773C46EC4C87BB9A0F07236] - [01/03/2013 08:13:14] - |A| - [1014] - C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-203371649-605838284-753410140-1636Core.job [MD5.F67AB30B77279AE27AC4250CFA5DCF9D] - [01/03/2013 08:13:15] - |A| - [1066] - C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-203371649-605838284-753410140-1636UA.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 05:53:47] - |AH| - [6] - C:\windows\Tasks\SA.DAT [MD5.54DB5FD5CD4C885BDF5487690CB7CFD9] - [14/07/2009 05:53:46] - |A| - [32496] - C:\windows\Tasks\SCHEDLGU.TXT [MD5.756DAE9262C9AC82F0C5DECE7A8BB851] - [09/11/2016 21:51:57] - |A| - [462] - C:\windows\Tasks\SpeedyPC Registration3.job [MD5.F64A2D5E9C1762DEAFBEB4978044D22B] - [05/01/2015 08:54:00] - |A| - [3874] - C:\windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.2180780447D4B0BFA5B851B1557002CA] - [19/02/2014 16:39:20] - |A| - [3940] - C:\windows\System32\Tasks\Adobe Flash Player Updater : C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.B397CDE40407F983F064A087FA3B674B] - [30/06/2013 18:35:21] - |A| - [3442] - C:\windows\System32\Tasks\AdobeFlashPlayerUpdate : C:\windows\system32\FlashPlayerUpdateService.exe [MD5.3E9917FF647F97B8520444ADAE0DB864] - [30/06/2013 18:35:22] - |A| - [3182] - C:\windows\System32\Tasks\AdobeFlashPlayerUpdate 2 : C:\windows\system32\FlashPlayerUpdateService.exe [MD5.00000000000000000000000000000000] - [01/11/2016 14:20:22] - |D| - [3860] - C:\windows\System32\Tasks\AVAST Software [MD5.068FF5624AFC8228907AD3C37C2B0B1E] - [01/11/2016 14:20:19] - |A| - [3922] - C:\windows\System32\Tasks\avast! Emergency Update : C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [MD5.AE81019EC3CA24102030D4EFA0EF4F82] - [07/02/2014 15:05:02] - |A| - [2766] - C:\windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.ECE13D41AB3B85B1B103A32D540E20EC] - [10/09/2010 08:24:39] - |A| - [3540] - C:\windows\System32\Tasks\CreateChoiceProcessTask : C:\Windows\System32\browserchoice.exe [MD5.03F6008BE4B4632DEF3FBA3EEADFAF80] - [24/09/2016 13:32:38] - |A| - [3792] - C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.64AA103069FE88A194F515C1F12DA123] - [24/09/2016 13:32:44] - |A| - [4044] - C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.092B06CEB1D8F7BF21743EFA56567195] - [01/03/2013 08:13:15] - |A| - [3638] - C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-203371649-605838284-753410140-1636Core : C:\Users\al\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.5B03C6CC3AD4436365EC62AD836134B6] - [01/03/2013 08:13:15] - |A| - [4034] - C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-203371649-605838284-753410140-1636UA : C:\Users\al\AppData\Local\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [14/05/2010 23:27:15] - |D| - [11700] - C:\windows\System32\Tasks\Hewlett-Packard [MD5.00000000000000000000000000000000] - [14/07/2009 03:37:09] - |D| - [271468] - C:\windows\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [15/09/2010 10:19:08] - |D| - [4392] - C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.7F0CB195DFFD60B6C685FC08B1D0D35A] - [08/09/2010 14:51:53] - |A| - [3948] - C:\windows\System32\Tasks\Registration : "C:\Program Files\Hewlett-Packard\HP Setup\RemEngine.exe" [MD5.00000000000000000000000000000000] - [26/09/2016 21:11:50] - |D| - [0] - C:\windows\System32\Tasks\Safer-Networking [MD5.B471A4BC4DB1BD4B890F1595CC689526] - [09/11/2016 21:51:59] - |A| - [3120] - C:\windows\System32\Tasks\SpeedyPC Registration3 : C:\windows\system32\rundll32.exe [MD5.EC22F0482F430921F89F1AA68D508319] - [15/09/2012 11:26:18] - |A| - [3928] - C:\windows\System32\Tasks\User_Feed_Synchronization-{6516B1EF-A6D8-4796-93E7-70958FC688A2} : C:\windows\system32\msfeedssync.exe [MD5.1FC9E07621F4D91BA978CDB723CFC545] - [15/09/2010 07:43:31] - |A| - [3928] - C:\windows\System32\Tasks\User_Feed_Synchronization-{AE5322BA-70D7-4A9B-9676-6C9F52650121} : C:\windows\system32\msfeedssync.exe [MD5.9AEAE044511316F5BD61AC89B5860FCD] - [09/05/2011 18:00:12] - |A| - [3928] - C:\windows\System32\Tasks\User_Feed_Synchronization-{C3A843C6-EF18-415B-9546-77B475631603} : C:\windows\system32\msfeedssync.exe [MD5.280D9C0FAE2BDD33072CE9F58A8E5ADB] - [10/09/2010 07:15:46] - |A| - [3944] - C:\windows\System32\Tasks\User_Feed_Synchronization-{CDB4A065-C0CF-411C-8C77-F335932F98CE} : C:\windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [14/07/2009 05:54:35] - |D| - [4468] - C:\windows\System32\Tasks\WPD [MD5.5BF05AA5A43763E4EBF291959D92859F] - [15/09/2010 15:52:04] - |A| - [3118] - C:\windows\System32\Tasks\{107D827C-ADC4-44A9-89C3-91CFA2B85DDA} : C:\windows\system32\pcalua.exe ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "VirtualPC-In-UDP-1"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=%SystemRoot%\System32\vpc.exe|Svc=vpc|Name=@vpc.exe,-20511|Desc=@vpc.exe,-20512|EmbedCtxt=@vpc.exe,-20517| "VirtualPC-In-UDP-2"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=%SystemRoot%\System32\vpc.exe|Svc=vpc|Name=@vpc.exe,-20513|Desc=@vpc.exe,-20514|EmbedCtxt=@vpc.exe,-20517| "VirtualPC-In-TCP-1"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|App=%SystemRoot%\System32\vpc.exe|Svc=vpc|Name=@vpc.exe,-20515|Desc=@vpc.exe,-20516|EmbedCtxt=@vpc.exe,-20517| "{C9913B7B-EE0F-418F-B794-BE6B862D8D34}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=500|Name=TheGreenBow IPSec VPN Client phase1|Desc=Trafic P1 VPN IPSec.|EmbedCtxt=TheGreenBow IPSec VPN Client| "{E9C8D50E-50B4-4642-9E18-8DFBFA265CAE}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=4500|Name=TheGreenBow IPSec VPN Client phase2|Desc=Trafic P2 VPN IPSec.|EmbedCtxt=TheGreenBow IPSec VPN Client| "TCP Query User{AA38D89C-D1F9-44A4-84D2-2D4A421F8C3D}C:\program files\microsoft office\office14\outlook.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=C:\program files\microsoft office\office14\outlook.exe|Name=Microsoft Outlook|Desc=Microsoft Outlook|Defer=User| "UDP Query User{B5FA05F2-3D87-4CFA-AC83-386EB5D19820}C:\program files\microsoft office\office14\outlook.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=C:\program files\microsoft office\office14\outlook.exe|Name=Microsoft Outlook|Desc=Microsoft Outlook|Defer=User| "{A6618F1E-C79E-448A-8F59-9D1CFF9CA5BA}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=25|Name=SMTP| "{93501493-7230-4101-9069-D7615BB31D83}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Name=open all| "{60FB639A-6794-4DD0-B2B6-D1708FC4C93D}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Name=open all| "TCP Query User{A7FFB746-AF0C-4FF9-ABD3-41C1AF71B187}C:\windows\system32\taskhost.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\windows\system32\taskhost.exe|Name=Processus hôte pour Tâches Windows|Desc=Processus hôte pour Tâches Windows| "UDP Query User{1DA9C479-83E4-4B9C-BC56-A6887C734941}C:\windows\system32\taskhost.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\windows\system32\taskhost.exe|Name=Processus hôte pour Tâches Windows|Desc=Processus hôte pour Tâches Windows| "TCP Query User{301B7E76-A9EB-40EC-A108-9D942AE570A7}C:\windows\system32\taskhost.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\system32\taskhost.exe|Name=Processus hôte pour Tâches Windows|Desc=Processus hôte pour Tâches Windows| "UDP Query User{668A9B5B-D9B7-430A-A554-048AD7AE206D}C:\windows\system32\taskhost.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\system32\taskhost.exe|Name=Processus hôte pour Tâches Windows|Desc=Processus hôte pour Tâches Windows| "TCP Query User{B1BBB3F3-8A13-4857-926B-28849D8480B1}C:\windows\explorer.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\explorer.exe|Name=Explorateur Windows|Desc=Explorateur Windows| "UDP Query User{588E08B5-8533-44F4-BE29-FED465F82296}C:\windows\explorer.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\explorer.exe|Name=Explorateur Windows|Desc=Explorateur Windows| "TCP Query User{7A9A740F-8BD6-4255-BA68-60B5B8DD2988}C:\windows\system32\taskhost.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\windows\system32\taskhost.exe|Name=Processus hôte pour Tâches Windows|Desc=Processus hôte pour Tâches Windows| "UDP Query User{65E8DD16-66F4-451F-85F7-45A20131A97D}C:\windows\system32\taskhost.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\windows\system32\taskhost.exe|Name=Processus hôte pour Tâches Windows|Desc=Processus hôte pour Tâches Windows| "{BF08CE29-02D7-4672-A24A-78D7D0365045}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelEvents.dll,-2002| "{93D1BB8B-85BC-4050-8773-3B937420896B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Skype\Phone\Skype.exe|Name=Skype| "{C532B1FB-4970-47E5-8E0D-EB07E799004F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{37C9A9DF-DC57-451E-8ED1-81D2EBB3F713}] : (cm_km) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{54505F9E-EE66-4F1D-A63B-B853A1759385}] : (SYMTDI) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{56EBD688-B772-4181-9610-8633FCEE988D}] : (SymIRON) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}] : (GEARAspiWDM) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7E0006EA-81A8-4780-B0C8-474E2DBF4D63}] : (IDSVix86) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A58D9A86-E5DE-4643-A697-AD5B7AFB810E}] : (IDSVix86) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{AED279D9-7DD0-49AB-8024-4F65418531FB}] : (VirtualUSB) [] -> @vpcusb.inf,%ClassName%;USB Virtualization [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C7C038AD-1F2D-44D4-B2FE-D912BE20E6D5}] : (BluetoothVirtual) [] -> @oem26.inf,%BluetoothVirtualName%;Bluetooth Virtual Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [02/02/2010 01:11:46] - (5.1.7.0) - (McAfee, Inc. - SafeBoot FIPS AES Algorithm (256 bit)) - C:\windows\System32\Drivers\SbAlg.sys [02/02/2010 01:11:28] - (5.2.2.4) - (McAfee, Inc. - McAfee Endpoint Encryption FS Locker) - C:\windows\System32\Drivers\SbFsLock.sys [29/12/2012 21:59:38] - (2.3.11.0) - (Almico Software - SpeedFan x32 Driver) - C:\windows\system32\speedfan.sys [02/02/2010 01:11:22] - (0.0.0.0) - ( -) - C:\windows\System32\Drivers\SafeBoot.sys [08/07/2009 20:48:38] - (4.2.2.1) - (Hewlett-Packard Company - HP Disk Filter - SATA/RAID) - C:\windows\system32\DRIVERS\hpdskflt.sys [03/04/1996 20:33:26] - (0.0.0.0) - ( -) - C:\windows\system32\giveio.sys [01/07/2010 09:55:54] - (1.0.1.4) - (TheGreenBow - TheGreenbow NDIS 6.0 Hook Driver) - C:\windows\System32\Drivers\vistahook.sys [01/07/2010 09:55:46] - (100.0.5.6) - (TheGreenBow - TheGreenBow VPN Filter Driver (32bit)) - C:\windows\System32\Drivers\dfiltervpn.sys [01/07/2010 09:55:52] - (1.0.2.3) - (TheGreenBow - TheGreenbow NDIS 6.2 Filter Driver (32 bit)) - C:\windows\System32\Drivers\ndistgb.sys [02/02/2010 01:11:24] - (5.2.2.4) - (McAfee, Inc. - McAfee Endpoint Encryption Reserved Files Lock Driver) - C:\windows\System32\Drivers\RsvLock.SYS [18/04/2015 23:12:48] - (115.2.1.18) - (Symantec Corporation - Symantec Eraser Control Driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [14/08/2010 16:36:09] - (6.10.2.12) - (REDC - RICOH SD/MMC Driver) - C:\windows\system32\DRIVERS\risdpe86.sys [14/08/2010 16:36:09] - (6.10.2.7) - (REDC - RICOH MS Driver) - C:\windows\system32\DRIVERS\rimspe86.sys [14/08/2010 16:36:09] - (6.10.1.8) - (REDC - RICOH PCIe XD Driver) - C:\windows\system32\DRIVERS\rixdpe86.sys [16/02/2010 20:24:12] - (7.0.1.1) - (Hewlett-Packard Company - Keyboard Filter Driver) - C:\windows\system32\DRIVERS\HpqKbFiltr.sys [04/06/2010 01:18:58] - (15.0.24.0) - (Synaptics Incorporated - Synaptics Touchpad Driver) - C:\windows\system32\DRIVERS\SynTP.sys [07/12/2012 13:44:09] - (2.2.3.0) - (GEAR Software Inc. - CD DVD Filter) - C:\windows\system32\DRIVERS\GEARAspiWDM.sys [13/05/2011 13:57:20] - (4.2.2.1) - (Hewlett-Packard Company - HP Accelerometer) - C:\windows\system32\DRIVERS\Accelerometer.sys [01/04/2013 17:03:38] - (6.10.6300.0) - (IDT, Inc. - IDT PC Audio) - C:\windows\system32\DRIVERS\stwrt.sys [21/01/2010 18:42:46] - (2.2.98.0) - (LSI Corporation - SoftModem Device Driver) - C:\windows\system32\DRIVERS\AGRSM.sys [28/03/2016 11:41:34] - (1.67.0.0) - (Apple, Inc. - Apple Mobile Device USB Driver) - C:\windows\System32\Drivers\usbaapl.sys [09/11/2016 22:14:12] - (5.1.2.250) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\windows\System32\ATMFD.DLL ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R0 - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys R0 - amdxata () -> system32\drivers\amdxata.sys R0 - aswRvrt (avast! Revert) -> (?) R0 - aswVmm (avast! VM Monitor) -> (?) R0 - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys R0 - CNG () -> System32\Drivers\cng.sys R0 - Compbatt (Microsoft Composite Battery Driver) -> system32\DRIVERS\compbatt.sys R0 - Disk (Pilote de disque) -> system32\drivers\disk.sys R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys S0 - Fs_Rec () -> (?) R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys R0 - giveio (giveio) -> system32\giveio.sys R0 - hpdskflt (HP Filter) -> system32\DRIVERS\hpdskflt.sys R0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys R0 - iaStor (Intel AHCI Controller) -> system32\DRIVERS\iaStor.sys R0 - KSecDD () -> System32\Drivers\ksecdd.sys R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys R0 - msisadrv () -> system32\drivers\msisadrv.sys R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys R0 - pci (Pilote de bus PCI) -> system32\drivers\pci.sys R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys R0 - SafeBoot () -> (?) R0 - SbAlg () -> (?) R0 - SbFsLock () -> (?) R0 - speedfan (speedfan) -> system32\speedfan.sys R0 - spldr (Security Processor Loader Driver) -> (?) R0 - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys R0 - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys R0 - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> system32\drivers\vmbus.sys R0 - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys R0 - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys R1 - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys R1 - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys R1 - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys R1 - Beep (Beep) -> (?) R1 - blbdrive () -> \SystemRoot\system32\DRIVERS\blbdrive.sys R1 - cdrom (Pilote de CD-ROM) -> \SystemRoot\system32\drivers\cdrom.sys R1 - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys R1 - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys R1 - eeCtrl (Symantec Eraser Control driver) -> \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys R1 - Msfs () -> (?) R1 - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> \SystemRoot\system32\drivers\mssmbios.sys R1 - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys R1 - NetBT (NetBT) -> System32\DRIVERS\netbt.sys R1 - Npfs () -> (?) R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys R1 - Null () -> (?) R1 - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys R1 - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys R1 - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys R1 - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys R1 - RsvLock () -> (?) R1 - Serial (Serial port driver) -> system32\DRIVERS\serial.sys R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys R1 - TermDD (Pilote de périphérique terminal) -> \SystemRoot\system32\drivers\termdd.sys S1 - TgbHook () -> System32\Drivers\vistahook.sys S1 - TgbIpSec () -> System32\Drivers\dfiltervpn.sys R1 - VgaSave () -> \SystemRoot\System32\drivers\vga.sys R1 - vpcvmm (@%SystemRoot%\system32\drivers\vpcvmm.sys,-100) -> system32\drivers\vpcvmm.sys R1 - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys R1 - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys R1 - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys R2 - Apple Mobile Device (Apple Mobile Device) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" R2 - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys S2 - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys R2 - AudioEndpointBuilder (@%SystemRoot%\system32\audiosrv.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - avast! Antivirus (Avast Antivirus) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - btwdins (Bluetooth Service) -> C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe S2 - clr_optimization_v4.0.30319_32 (Microsoft .NET Framework NGEN v4.0.30319_X86) -> C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DcomLaunch (@oleres.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - DiagTrack (@%SystemRoot%\system32\UtcResources.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork R2 - eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - HP Power Assistant Service (HP Power Assistant Service) -> "C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe" R2 - HP ProtectTools Service (HP ProtectTools Service) -> "C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe" R2 - HP Support Assistant Service (HP Support Assistant Service) -> "C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe" R2 - HP Wireless Assistant Service (HP Wireless Assistant Service) -> "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" R2 - HPDayStarterService (HP DayStarter Service) -> "c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe" R2 - HPDrvMntSvc.exe (HP Quick Synchronization Service) -> "C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe" R2 - HPFSService (File Sanitizer for HP ProtectTools) -> C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe R2 - hpHotkeyMonitor (HP Hotkey Monitor) -> "C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe" R2 - hpsrv (HP Service) -> %SystemRoot%\system32\Hpservice.exe R2 - IAANTMON (Intel(R) Matrix Storage Event Monitor) -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe R2 - Intel(R) PROSet Monitoring Service (Intel(R) PROSet Monitoring Service) -> C:\windows\system32\IProsetMonitor.exe R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - LightScribeService (LightScribeService Direct Disc Labeling Service) -> "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" R2 - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys R2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - LMS (Intel(R) Management and Security Application Local Management Service) -> C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys R2 - MMCSS (@%systemroot%\system32\mmcss.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork S2 - msiserver (@%SystemRoot%\system32\msimsg.dll,-27) -> %systemroot%\system32\msiexec.exe /V R2 - Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) -> %systemroot%\system32\lsass.exe R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService R2 - Parvdm () -> system32\DRIVERS\parvdm.sys R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - rimspci () -> system32\DRIVERS\rimspe86.sys R2 - risdpcie () -> system32\DRIVERS\risdpe86.sys R2 - rixdpcie () -> system32\DRIVERS\rixdpe86.sys R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS R2 - RpcSs (@oleres.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss R2 - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe R2 - SCardSvr (@%SystemRoot%\System32\SCardSvr.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs S2 - SkypeUpdate (Skype Updater) -> "C:\Program Files\Skype\Updater\Updater.exe" R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe R2 - STacSV (@%SystemRoot%\system32\stlang.dll,-10101) -> C:\Program Files\IDT\WDM\STacSV.exe S2 - StiSvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - UNS (Intel(R) Management & Security Application User Notification Service) -> "C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" R2 - UxSms (@%SystemRoot%\system32\dwm.exe,-2000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - Wlansvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - wltrysvc (Broadcom Wireless LAN Tray Service) -> "C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe" R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding R2 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs ---------- | System files (Microsoft Files whitelisted) [MD5.CC1F1D3D70DC13C2C281488D347D4415] - [13/05/2011 13:57:20] - (.© Copyright 2001-2011 Hewlett-Packard Development Company, L.P. - HP Accelerometer.) - [35.05 Ko] - (4.2.2.1) - C:\windows\System32\Drivers\Accelerometer.sys [MD5.21E785EBD7DC90A06391141AAC7892FB] - [10/06/2009 22:19:05] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [413.06 Ko] - (1.6.6.4) - C:\windows\System32\Drivers\adp94xx.sys [MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - [13/07/2009 23:09:16] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [290.58 Ko] - (1.6.6.1) - C:\windows\System32\Drivers\adpahci.sys [MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - [13/07/2009 23:09:16] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) - [143.08 Ko] - (7.2.0.0) - C:\windows\System32\Drivers\adpu320.sys [MD5.7560F465F1CE69C53BF17559EE195548] - [21/01/2010 18:42:46] - (.Copyright © LSI Corporation - SoftModem Device Driver.) - [1136.06 Ko] - (2.2.98.0) - C:\windows\System32\Drivers\AGRSM.sys [MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - [14/07/2009 00:11:17] - (.Copyright (C) Acer Laboratories Inc. 2000 - ALi mini IDE Driver.) - [14.06 Ko] - (1.2.0.0) - C:\windows\System32\Drivers\aliide.sys [MD5.CD5914170297126B6266860198D1D4F0] - [14/07/2009 00:11:19] - (.Copyright (C) AMD 2003 - Pilote IDE AMD.) - [14.56 Ko] - (6.1.7600.16385) - C:\windows\System32\Drivers\amdide.sys [MD5.D320BF87125326F996D4904FE24300FC] - [27/04/2011 14:21:24] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [78.38 Ko] - (1.1.2.5) - C:\windows\System32\Drivers\amdsata.sys [MD5.EA43AF0C423FF267355F74E7A53BDABA] - [10/06/2009 22:20:03] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows family.) - [155.58 Ko] - (3.6.1540.127) - C:\windows\System32\Drivers\amdsbs.sys [MD5.46387FB17B086D16DEA267D5BE23A2F2] - [27/04/2011 14:21:23] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [21.88 Ko] - (1.1.2.5) - C:\windows\System32\Drivers\amdxata.sys [MD5.2932004F49677BD84DBC72EDB754FFB3] - [13/07/2009 23:09:17] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [74.58 Ko] - (5.2.0.10384) - C:\windows\System32\Drivers\arc.sys [MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - [13/07/2009 23:09:17] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [84.58 Ko] - (5.2.0.16119) - C:\windows\System32\Drivers\arcsas.sys [MD5.ACE407AF9DCE214772E04894C18BC18B] - [01/11/2016 14:20:10] - (.Copyright (c) 2014 AVAST Software - avast! HWID.) - [33.21 Ko] - (12.3.3154.0) - C:\windows\System32\Drivers\aswHwid.sys [MD5.9A3BCD9CB36311EC1DB686010CE2E793] - [01/11/2016 14:20:10] - (.Copyright (c) 2014 AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) - [90.09 Ko] - (12.3.3154.0) - C:\windows\System32\Drivers\aswMonFlt.sys [MD5.411E8CF998E01C3247DE094376E3CB3B] - [01/11/2016 14:20:10] - (.Copyright (c) 2014 AVAST Software - avast! WFP Redirect Driver.) - [89.09 Ko] - (12.3.3154.0) - C:\windows\System32\Drivers\aswRdr2.sys [MD5.39445B2AA5CD7711DA5572E816D5DC86] - [01/11/2016 14:20:11] - (.Copyright (c) 2014 AVAST Software - avast! Revert.) - [59.01 Ko] - (12.3.3154.0) - C:\windows\System32\Drivers\aswRvrt.sys [MD5.03AD952FC1287D5623763E310CE081BA] - [01/11/2016 14:20:09] - (.Copyright (c) 2014 AVAST Software - avast! Virtualization Driver.) - [718.25 Ko] - (12.3.3154.8) - C:\windows\System32\Drivers\aswsnx.sys [MD5.E061C8C09103BBE429D9DB222ED7F4C3] - [01/11/2016 14:20:11] - (.Copyright (c) 2014 AVAST Software - avast! self protection module.) - [423.6 Ko] - (12.3.3154.8) - C:\windows\System32\Drivers\aswsp.sys [MD5.A084E7BEA9EA4D0BE94357BFE8E987D7] - [01/11/2016 14:20:11] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [115.88 Ko] - (12.3.3154.0) - C:\windows\System32\Drivers\aswStm.sys [MD5.8CA850403483A9373406707E8144EB5C] - [01/11/2016 14:20:11] - (.Copyright (c) 2014 AVAST Software - avast! VM Monitor.) - [219.48 Ko] - (12.3.3154.16) - C:\windows\System32\Drivers\aswvmm.sys [MD5.BD8869EB9CDE6BBE4508D869929869EE] - [13/07/2009 23:02:49] - (.Copyright 2000-2007, Broadcom Corporation. - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) - [224.5 Ko] - (10.100.4.0) - C:\windows\System32\Drivers\b57nd60x.sys [MD5.80F41256540B01197407C99728D7E680] - [12/11/2013 08:52:12] - (.1998-2010, Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver.) - [19.2 Ko] - (5.100.82.148) - C:\windows\System32\Drivers\bcm42rly.sys [MD5.77C3CF56EB900C186741C591F95800A0] - [14/08/2010 16:34:09] - (.1998-2010, Broadcom Corp. All Rights Rsvd - Broadcom 802.11 Network Adapter wireless driver.) - [4170.2 Ko] - (5.100.82.147) - C:\windows\System32\Drivers\BCMWL6.SYS [MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - [14/07/2009 01:59:16] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [13.25 Ko] - (1.10.0.2) - C:\windows\System32\Drivers\BrFiltLo.sys [MD5.56801AD62213A41F6497F96DEE83755A] - [14/07/2009 01:58:59] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [5.13 Ko] - (1.4.0.1) - C:\windows\System32\Drivers\BrFiltUp.sys [MD5.845B8CE732E67F3B4133164868C666EA] - [14/07/2009 01:57:25] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Pilote Brother Série I/F (WDM).) - [265.75 Ko] - (1.0.1.6) - C:\windows\System32\Drivers\BrSerId.sys [MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - [14/07/2009 01:59:02] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [60.88 Ko] - (1.0.0.20) - C:\windows\System32\Drivers\BrSerWdm.sys [MD5.BD456606156BA17E60A04E18016AE54B] - [14/07/2009 01:58:27] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [11.88 Ko] - (1.0.0.12) - C:\windows\System32\Drivers\BrUsbMdm.sys [MD5.AF72ED54503F717A43268B3CC5FAEC2E] - [14/07/2009 01:58:35] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [11.63 Ko] - (1.0.1.3) - C:\windows\System32\Drivers\BrUsbSer.sys [MD5.7E826BE3B3558208D5C9B00034E51BE5] - [14/08/2010 16:33:23] - (.Copyright 2000-2009, Broadcom Corporation. - Bluetooth Audio Device.) - [84.04 Ko] - (6.2.1.800) - C:\windows\System32\Drivers\btwaudio.sys [MD5.AF9148C3E844131AC954CB53FF43D971] - [14/08/2010 16:33:23] - (.Copyright 2000-2007, Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) - [105.54 Ko] - (6.2.1.200) - C:\windows\System32\Drivers\btwavdt.sys [MD5.AAFD7CB76BA61FBB08E302DA208C974A] - [14/08/2010 16:33:23] - (.Copyright 2000-2007, Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) - [28.78 Ko] - (6.2.0.8600) - C:\windows\System32\Drivers\btwl2cap.sys [MD5.480B3D195854B2E55299CDDDDC50BCF9] - [14/08/2010 16:33:23] - (.Copyright 2000-2007, Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) - [18.04 Ko] - (6.2.1.200) - C:\windows\System32\Drivers\btwrchid.sys [MD5.1A231ABEC60FD316EC54C66715543CEC] - [10/06/2009 22:17:52] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [420 Ko] - (4.8.2.0) - C:\windows\System32\Drivers\bxvbdx.sys [MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - [14/07/2009 00:11:18] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [15.58 Ko] - (2.0.7.0) - C:\windows\System32\Drivers\cmdide.sys [MD5.A05433F6218DCB8F0DEC232DE65F8B26] - [21/10/2009 21:37:52] - (.Copyright (C) 2008 Hewlett-Packard Development Company L.P.2009 - HP Device Access Manager for ProtectTools Driver.) - [31.55 Ko] - (5.0.0.6) - C:\windows\System32\Drivers\DAMDrv.sys [MD5.7B149C54A2820875956C924B7991443F] - [01/07/2010 09:55:46] - (.© TheGreenBow 2010. - TheGreenBow VPN Filter Driver (32bit).) - [98.55 Ko] - (100.0.5.6) - C:\windows\System32\Drivers\DfilterVPN.sys [MD5.8B30250D573A8F6B4BD23195160D8707] - [10/06/2009 22:20:26] - (.Copyright © Adaptec, Inc. 2000 - Adaptec Ultra SCSI miniport.) - [69.06 Ko] - (6.0.0.0) - C:\windows\System32\Drivers\djsvs.sys [MD5.E7DD83584042EE5F9B0CF0C8C6B064D5] - [13/01/2014 18:05:55] - (.Copyright(C) 2013, Intel Corporation. - Intel(R) Gigabit Adapter NDIS 6.x driver.) - [360.76 Ko] - (12.10.13.0) - C:\windows\System32\Drivers\e1k6232.sys [MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - [10/06/2009 22:19:19] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [443.08 Ko] - (5.2.10.211) - C:\windows\System32\Drivers\elxstor.sys [MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - [10/06/2009 22:17:55] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3027.5 Ko] - (4.8.13.0) - C:\windows\System32\Drivers\evbdx.sys [MD5.1D4D6D24256F61E6B08A3CF8184A78B8] - [16/03/2011 09:42:10] - (.Copyright (C) Huawei Technologies Co., Ltd. 2004-2006. - USB Modem/Serial Device Driver.) - [100.63 Ko] - (1.0.0.2) - C:\windows\System32\Drivers\ewusbfake.sys [MD5.92CA47DA32009CCC00A5ADED04ABBD78] - [16/03/2011 09:42:14] - (.Copyright (C) Huawei Technologies Co., Ltd. 2004-2006. - USB Modem/Serial Device Driver.) - [100.38 Ko] - (2.0.3.822) - C:\windows\System32\Drivers\ewusbmdm.sys [MD5.185ADA973B5020655CEE342059A86CBB] - [07/12/2012 13:44:09] - (.Copyright (C) GEAR Software Inc. 1997-2012 - CD DVD Filter.) - [26.21 Ko] - (2.2.3.0) - C:\windows\System32\Drivers\GEARAspiWDM.sys [MD5.C44E3C2BAB6837DB337DDEE7544736DB] - [13/07/2009 23:54:14] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [26 Ko] - (1.31.27127.0) - C:\windows\System32\Drivers\hcw85cir.sys [MD5.A88485DC6A7136C10D9A6C7E38FDFE3C] - [17/09/2009 22:54:14] - (.Copyright © 2006-2009, Intel Corporation. - Intel(R) Management Engine Interface.) - [40.13 Ko] - (6.0.0.1179) - C:\windows\System32\Drivers\HECI.sys [MD5.4EF10B866C62ABBEAF7511CDD05A19BE] - [08/07/2009 20:48:38] - (.© Copyright 2001-2011 Hewlett-Packard Development Company, L.P. - HP Disk Filter - SATA/RAID.) - [25.05 Ko] - (4.2.2.1) - C:\windows\System32\Drivers\hpdskflt.sys [MD5.EE9F88368739554DCCA142AE0214BCB1] - [16/02/2010 20:24:12] - (.© Copyright 2001-2010 Hewlett-Packard Development Company, L.P. - Keyboard Filter Driver.) - [21.05 Ko] - (7.0.1.1) - C:\windows\System32\Drivers\HpqKbFiltr.sys [MD5.295FDC419039090EB8B49FFDBB374549] - [13/07/2009 23:09:17] - (.Copyright (c) 2004-2008 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [65.58 Ko] - (6.12.4.32) - C:\windows\System32\Drivers\HpSAMD.sys [MD5.F68CC057AD150151874B5896B51BE8A6] - [22/04/2013 16:05:54] - (.Copyright (C) 1998 - 2011 Intel Corporation. - NDIS 6.1 Advanced Networking Services..) - [137.31 Ko] - (9.8.49.0) - C:\windows\System32\Drivers\iANSW60.sys [MD5.D9D3F168A2FD4C2380D98821A3FF3357] - [08/01/2010 22:34:12] - (.Copyright(C) Intel Corporation 1994-2010 - Intel Matrix Storage Manager driver - ia32.) - [323.52 Ko] - (8.9.6.1002) - C:\windows\System32\Drivers\iaStor.sys [MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - [27/04/2011 14:21:24] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - ia32.) - [324.38 Ko] - (8.6.2.1014) - C:\windows\System32\Drivers\iaStorV.sys [MD5.DF5F4954068F6377DB301AB453F7DAD5] - [19/02/2014 15:58:07] - (.Copyright (c) 1998-2006 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [10606.5 Ko] - (8.15.10.3268) - C:\windows\System32\Drivers\igdkmd32.sys [MD5.4173FF5708F3236CF25195FECD742915] - [13/07/2009 23:09:17] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [40.08 Ko] - (5.4.22.0) - C:\windows\System32\Drivers\iirsp.sys [MD5.E3C36AC5AE87EC970AE8EA2A93D59AE1] - [27/02/2010 01:31:22] - (.Copyright(C) 2008 Intel Corporation - Intel(R) Turbo Boost Technology Driver.) - [129.38 Ko] - (1.2.0.1002) - C:\windows\System32\Drivers\Impcd.sys [MD5.C4FA261B9B5C9822D26020949605AC43] - [19/02/2014 15:57:46] - (.Intel(R) Corporation. - Intel(R) Display Audio Driver.) - [264 Ko] - (6.14.0.3086) - C:\windows\System32\Drivers\IntcDAud.sys [MD5.8DB3CEED224782195B5CAF6ED58F1EA8] - [22/10/2013 08:28:26] - (.Copyright (C) 2002-2012 Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) - [30.32 Ko] - (1.3.0.6) - C:\windows\System32\Drivers\iqvw32.sys [MD5.EB119A53CCF2ACC000AC71B065B78FEF] - [13/07/2009 23:09:19] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [93.58 Ko] - (1.28.3.52) - C:\windows\System32\Drivers\lsi_fc.sys [MD5.8ADE1C877256A22E49B75D1CC9161F9C] - [13/07/2009 23:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [87.08 Ko] - (1.28.3.52) - C:\windows\System32\Drivers\lsi_sas.sys [MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - [13/07/2009 23:09:18] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [53.58 Ko] - (2.0.2.71) - C:\windows\System32\Drivers\lsi_sas2.sys [MD5.0A036C7D7CAB643A7F07135AC47E0524] - [13/07/2009 23:09:18] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [94.58 Ko] - (1.28.3.67) - C:\windows\System32\Drivers\lsi_scsi.sys [MD5.A1D52DB330E18B5A7A718D31D950CA87] - [14/01/2015 15:27:50] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [23.88 Ko] - (0.1.16.0) - C:\windows\System32\Drivers\mbam.sys [MD5.22649DC583AE1F124C12FB1D39AE8B0B] - [14/01/2015 15:27:50] - (.© Malwarebytes. - Malwarebytes Chameleon Protection Driver.) - [123.38 Ko] - (1.1.22.0) - C:\windows\System32\Drivers\mbamchameleon.sys [MD5.5023F594D5448E16F920157174C61358] - [14/01/2015 15:28:34] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [166.21 Ko] - (0.3.0.4) - C:\windows\System32\Drivers\MBAMSwissArmy.sys [MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - [10/06/2009 22:19:35] - (.Copyright © LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) - [30.08 Ko] - (4.5.1.32) - C:\windows\System32\Drivers\megasas.sys [MD5.DCBAB2920C75F390CAF1D29F675D03D6] - [13/07/2009 23:09:17] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [230.06 Ko] - (13.5.409.2009) - C:\windows\System32\Drivers\MegaSR.sys [MD5.66DDF98174707CBADBCA6BBABDA1231C] - [14/01/2015 15:27:50] - (.© Malwarebytes Corporation. - Malwarebytes Web Access Control.) - [51.88 Ko] - (1.0.6.0) - C:\windows\System32\Drivers\mwac.sys [MD5.BA327254D3CACF16841FCA28F48B7724] - [01/07/2010 09:55:52] - (.© TheGreenBow 2010. - TheGreenbow NDIS 6.2 Filter Driver (32 bit).) - [25.55 Ko] - (1.0.2.3) - C:\windows\System32\Drivers\ndistgb.sys [MD5.1352E1648213551923A0A822E441553C] - [02/08/2011 17:38:44] - (.Copyright (C) 2009 Apple Inc. - Apple Mobile Device Ethernet.) - [18 Ko] - (1.8.4.1) - C:\windows\System32\Drivers\netaapl.sys [MD5.5B2DFA9C5C02DDF2A113CC0F551B59DF] - [01/02/2010 20:11:58] - (.Copyright © Intel Corporation 2009 - Intel® Wireless WiFi Link Driver.) - [6597.5 Ko] - (13.1.1.1) - C:\windows\System32\Drivers\NETw5s32.sys [MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - [13/07/2009 23:09:17] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [43.58 Ko] - (7.10.0.0) - C:\windows\System32\Drivers\nfrd960.sys [MD5.B48DC6ABCD3AEFF8618350CCBDC6B09A] - [12/11/2013 08:52:12] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - npf.sys (NT5/6 x86) Kernel Driver.) - [34.27 Ko] - (4.1.0.2001) - C:\windows\System32\Drivers\npf.sys [MD5.B3E25EE28883877076E0E1FF877D02E0] - [27/04/2011 14:21:24] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [114.38 Ko] - (10.6.0.18) - C:\windows\System32\Drivers\nvraid.sys [MD5.4380E59A170D88C4F1022EFF6719A8A4] - [27/04/2011 14:21:24] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [140.38 Ko] - (10.6.0.18) - C:\windows\System32\Drivers\nvstor.sys [MD5.FD2041E9BA03DB7764B2248F02475079] - [04/01/2012 17:52:14] - (.Copyright (c) 2006,2007,2008. Nokia. - PCCS Mode Change Filter Driver.) - [18.38 Ko] - (7.0.0.0) - C:\windows\System32\Drivers\pccsmcfd.sys [MD5.AB95ECF1F6659A60DDC166D8315B0751] - [10/06/2009 22:20:06] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1351.06 Ko] - (9.1.8.6) - C:\windows\System32\Drivers\ql2300.sys [MD5.B4DD51DD25182244B86737DC51AF2270] - [13/07/2009 23:09:18] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [103.58 Ko] - (2.1.3.20) - C:\windows\System32\Drivers\ql40xx.sys [MD5.E891F07815AF88075705EF6A248711F6] - [14/08/2010 16:36:09] - (.Copyright c 2001-2007, Ricoh Company Ltd., - RICOH MS Driver.) - [47.5 Ko] - (6.10.2.7) - C:\windows\System32\Drivers\rimspe86.sys [MD5.0F6756EF8BDA6DFA7BE50465C83132BB] - [14/05/2007 15:17:16] - (.Copyright 2006 Research In Motion Limited - BlackBerry Device Driver.) - [22.13 Ko] - (4.0.0.2) - C:\windows\System32\Drivers\RimUsb.sys [MD5.D853D35F792A3A44726A794BF9A0BBC3] - [14/08/2010 16:36:09] - (.Copyright c 2001-2009, Ricoh Company Ltd., - RICOH SD/MMC Driver.) - [46.5 Ko] - (6.10.2.12) - C:\windows\System32\Drivers\risdpe86.sys [MD5.CF2DE2365FD99E5B8E38C9F3467DCDB8] - [14/08/2010 16:36:09] - (.Copyright c 2001-2009, Ricoh Company Ltd., - RICOH PCIe XD Driver.) - [38 Ko] - (6.10.1.8) - C:\windows\System32\Drivers\rixdpe86.sys [MD5.6C50ADED23D160C95FC9859748C253DD] - [02/02/2010 01:11:24] - (.Copyright © 1991-2009 McAfee, Inc. - McAfee Endpoint Encryption Reserved Files Lock Driver.) - [39.15 Ko] - (5.2.2.4) - C:\windows\System32\Drivers\rsvlock.sys [MD5.40AE35F1FDBAC1F4B0C53D2ED77A0E3F] - [14/08/2010 16:38:04] - (.Copyright (C) Realtek Semiconductor Corp. - Realtek UVC Driver for XP/Vista/Win7.) - [71.63 Ko] - (6.1.7600.28) - C:\windows\System32\Drivers\rtsuvc.sys [MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/02/2010 01:11:22] - (.-.) - [107.93 Ko] - (0.0.0.0) - C:\windows\System32\Drivers\SafeBoot.sys [MD5.67215032A3039E5B78BBBBB4F21B904E] - [02/02/2010 01:11:46] - (.Copyright © 1991-2008 McAfee, Inc. - SafeBoot FIPS AES Algorithm (256 bit).) - [50.59 Ko] - (5.1.7.0) - C:\windows\System32\Drivers\SbAlg.sys [MD5.CD8E12BB9B16C55DEF2AC52B78A09F09] - [02/02/2010 01:11:28] - (.Copyright © 1991-2009 McAfee, Inc. - McAfee Endpoint Encryption FS Locker.) - [12.95 Ko] - (5.2.2.4) - C:\windows\System32\Drivers\SbFsLock.sys [MD5.5071D2D58E72DCF57591D1F1CFFB75AB] - [02/02/2010 01:11:30] - (.Copyright © 1991-2009 McAfee, Inc. - McAfee Endpoint Encryption Hibernation Filter.) - [10.96 Ko] - (5.2.2.4) - C:\windows\System32\Drivers\SbHiber.sys [MD5.90A3935D05B494A5A39D37E71F09A677] - [14/07/2009 03:05:20] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [20 Ko] - (4.3.86.0) - C:\windows\System32\Drivers\secdrv.sys [MD5.A9F0486851BECB6DDA1D89D381E71055] - [10/06/2009 22:20:08] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [39.08 Ko] - (5.1.1039.2600) - C:\windows\System32\Drivers\sisraid2.sys [MD5.3727097B55738E2F554972C3BE5BC1AA] - [13/07/2009 23:09:18] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [76.06 Ko] - (5.1.1039.3600) - C:\windows\System32\Drivers\sisraid4.sys [MD5.DB32D325C192B801DF274BFD12A7E72B] - [13/07/2009 23:09:18] - (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) - [20.58 Ko] - (5.0.1.1) - C:\windows\System32\Drivers\stexstor.sys [MD5.8A8246F40792956E957F3E8D0C188963] - [01/04/2013 17:03:38] - (.Copyright © 2004 - 2009 IDT, Inc. - IDT PC Audio.) - [421.5 Ko] - (6.10.6300.0) - C:\windows\System32\Drivers\stwrt.sys [MD5.0E8676FB3BB95AA40FDF7A4A31018C8B] - [04/06/2010 01:18:58] - (.Copyright (C) Synaptics Incorporated 1996-2010 - Synaptics Touchpad Driver.) - [1273.17 Ko] - (15.0.24.0) - C:\windows\System32\Drivers\SynTP.sys [MD5.1DE279C586E6320FFF2D76A93BE0FC21] - [16/03/2016 17:44:36] - (.(c) 2014 BitDefender S.R.L. - Trufos Kernel Module.) - [398.71 Ko] - (2.4.851.21851) - C:\windows\System32\Drivers\Trufos.sys [MD5.A176718F0DF45F60F545CF3E14F4D108] - [28/03/2016 11:41:34] - (.© Apple, Inc. - Apple Mobile Device USB Driver.) - [44 Ko] - (1.67.0.0) - C:\windows\System32\Drivers\usbaapl.sys [MD5.E43574F6A56A0EE11809B48C09E4FD3C] - [14/07/2009 00:11:20] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [16.58 Ko] - (6.0.6000.170) - C:\windows\System32\Drivers\viaide.sys [MD5.B3ECEA32A1BF6365CA8E4DCE5D3D49B3] - [01/07/2010 09:55:54] - (.© TheGreenBow 2010. - TheGreenbow NDIS 6.0 Hook Driver.) - [63.55 Ko] - (1.0.1.4) - C:\windows\System32\Drivers\vistahook.sys [MD5.9DFA0CC2F8855A04816729651175B631] - [10/06/2009 22:20:24] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [138.58 Ko] - (6.0.6000.6210) - C:\windows\System32\Drivers\vsmraid.sys [MD5.A1EA64D9C5CAC18E3DF3B58E343B301E] - [14/05/2010 23:45:41] - (.-.) - [3.05 Ko] - (0.0.0.0) - C:\windows\System32\Drivers\wddchgb.sys ---------- | Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\0973B297E079B467E3776E59F763D63FD557795B] : (Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414).-.Broadcom) -> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbtums-win7x86-brcm.inf_x86_neutral_acc0edcf24618195\bcbtums-win7x86-brcm.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\7-Zip] : (7-Zip 9.20.-.) -> "C:\Program Files\7-Zip\Uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13] : (Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405).-.Broadcom) -> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbtums-vistax86-brcm.inf_x86_neutral_a622a4701b0a8e59\bcbtums-vistax86-brcm.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 23 ActiveX.-.Adobe Systems Incorporated) -> C:\windows\system32\Macromed\Flash\FlashUtil32_23_0_0_207_ActiveX.exe -maintain activex [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Avast] : (Avast Antivirus Gratuit.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE] : (Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800).-.Broadcom) -> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\bcbthid32.inf_x86_neutral_6c4f31312ffe9ed6\bcbthid32.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Broadcom 802.11 Wireless LAN Adapter] : (Broadcom 802.11 Wireless LAN Adapter.-.Broadcom Corporation) -> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver" driver [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Broadcom Wireless Utility] : (Broadcom Wireless Utility.-.Broadcom Corporation) -> "C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11_App\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CleanUp!] : (CleanUp!.-.) -> C:\Program Files\CleanUp!\uninstall.exe [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Drive Encryption] : (Drive Encryption for HP ProtectTools.-.Hewlett-Packard) -> msiexec.exe /i {34E6F14D-68F9-486D-87BA-6AA8431F3F44} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files\Google\Chrome\Application\54.0.2840.71\Installer\setup.exe" --uninstall --multi-install --chrome --system-level [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HOMESTUDENTR] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HPProtectTools] : (HP ProtectTools Security Manager.-.Hewlett-Packard Company) -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\setup.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}] : (Theft Recovery.-.Hewlett-Packard) -> "C:\Program Files\InstallShield Installation Information\{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\L'Emerillon] : (L'Emerillon 1.1.-.Némopolis) -> C:\Program Files\Némopolis\L'Emerillon\uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\League client alpha 1.0] : (League client alpha.-.Riot Games, Inc) -> C:\Riot Games\League of Legends\Uninstall League client alpha.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\League of Legends 4.1.2] : (League of Legends.-.Riot Games) -> msiexec.exe /x {8E0BDF1C-26D9-4579-A677-53A4CC0D3693} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\LSI Soft Modem] : (LSI HDA Modem.-.LSI Corporation) -> C:\windows\agrsmdel [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] : (Malwarebytes Anti-Malware version 2.2.1.1043.-.Malwarebytes) -> "C:\Program Files\Malwarebytes Anti-Malware\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Marvell Miniport Driver] : (Marvell Miniport Driver.-.Marvell) -> C:\Program Files\Marvell\Miniport Driver\Uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROHYBRID2R] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROSetDX] : (Intel(R) Network Connections 18.8.136.0.-.Intel) -> MsiExec.exe /i{2B7A8C9C-465A-42F0-B9C3-180FDAAB2C4B} ARPREMOVE=1 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SMALLBUSINESSR] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SpeedFan] : (SpeedFan (remove only).-.) -> "C:\Program Files\SpeedFan\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SynTPDeinstKey] : (Synaptics Pointing Device Driver.-.Synaptics Incorporated) -> rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] : (TeamSpeak 3 Client.-.TeamSpeak Systems GmbH) -> "C:\Program Files\TeamSpeak 3 Client\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TheGreenBow IPSec VPN Client] : (TheGreenBow IPSec VPN Client.-.TheGreenBow) -> C:\Program Files\TheGreenBow\TheGreenBow VPN\VPN_Client_uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}] : (PDFCreator.-.pdfforge) -> C:\Program Files\PDFCreator\unins000.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{04801E42-B1A6-4C52-9F3D-CADB5A050433}] : (HP Software Setup.-.Hewlett-Packard Company) -> MsiExec.exe /X{04801E42-B1A6-4C52-9F3D-CADB5A050433} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}] : (HP Customer Experience Enhancements.-.Hewlett-Packard) -> MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1BE8806A-84F8-4655-A381-0D5524430944}] : (ActivClient x86.-.ActivIdentity) -> MsiExec.exe /X{1BE8806A-84F8-4655-A381-0D5524430944} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1D61E881-43CD-447B-9E6B-D2C6138B2862}] : (HP Webcam.-.Roxio) -> C:\ProgramData\Uninstall\{1D61E881-43CD-447B-9E6B-D2C6138B2862}\setup.exe /x {1D61E881-43CD-447B-9E6B-D2C6138B2862} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}] : (System Requirements Lab for Intel.-.Husdawg, LLC) -> MsiExec.exe /I{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{23170F69-40C1-2701-1604-000001000000}] : (7-Zip 16.04.-.Igor Pavlov) -> MsiExec.exe /I{23170F69-40C1-2701-1604-000001000000} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180111F0}] : (Java 8 Update 111.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180111F0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218040F0}] : (Java 8 Update 40.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218040F0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{29DB9165-5FC1-48F0-9188-26123F526848}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{29DB9165-5FC1-48F0-9188-26123F526848} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2B7A8C9C-465A-42F0-B9C3-180FDAAB2C4B}] : (Intel(R) Network Connections 18.8.136.0.-.Intel) -> MsiExec.exe /i{2B7A8C9C-465A-42F0-B9C3-180FDAAB2C4B} ARPREMOVE=1 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}] : (HP SoftPaq Download Manager.-.Hewlett-Packard Company) -> MsiExec.exe /I{2DA697D7-FED3-4DE2-A174-92A2A12F9688} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}] : (Theft Recovery.-.Hewlett-Packard) -> MsiExec.exe /X{33C9F24B-1D92-4632-A915-81E3BB1D5D6B} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{34E6F14D-68F9-486D-87BA-6AA8431F3F44}] : (Drive Encryption for HP ProtectTools.-.Hewlett-Packard) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}] : (HP Advisor.-.Hewlett-Packard) -> MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{40FE01D3-F16D-407C-B471-BBE7147578C3}] : (HP 3D DriveGuard.-.Hewlett-Packard Company) -> MsiExec.exe /X{40FE01D3-F16D-407C-B471-BBE7147578C3} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4B581344-564D-45C8-BD5E-D95A06CA13CA}] : (HP ProtectTools Security Manager.-.Hewlett-Packard Company) -> MsiExec.exe /X{4B581344-564D-45C8-BD5E-D95A06CA13CA} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}] : (HP HotKey Support.-.Hewlett-Packard Company) -> MsiExec.exe /X{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55B52830-024A-443E-AF61-61E1E71AFA1B}] : (Device Access Manager for HP ProtectTools.-.Hewlett-Packard) -> MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5BF8E079-D6E2-4323-B794-75152371122A}] : (Windows 7 Default Setting.-.Hewlett-Packard Company) -> MsiExec.exe /I{5BF8E079-D6E2-4323-B794-75152371122A} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5CFFD58D-A8EB-439C-B3FD-A8862C886C55}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{5CFFD58D-A8EB-439C-B3FD-A8862C886C55} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{604CD5A1-4520-4844-B064-A3D884B77E91}] : (SpeedyPC Pro.-.SpeedyPC Software) -> C:\Program Files\SpeedyPC Software\SpeedyPC\uninstall.exe [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{61026FB6-44BC-48C5-BD29-4E3F9FCBB33B}] : (Adblock Plus pour IE (32-bits).-.Eyeo GmbH) -> MsiExec.exe /X{61026FB6-44BC-48C5-BD29-4E3F9FCBB33B} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> C:\Program Files\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}] : (LightScribe System Software.-.LightScribe) -> MsiExec.exe /X{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}] : (File Sanitizer For HP ProtectTools.-.Hewlett-Packard) -> MsiExec.exe /I{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}] : (Hewlett-Packard ACLM.NET v1.2.1.1.-.Hewlett-Packard Company) -> MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{722A2876-B382-4AB5-8CC9-007FF5B28641}] : (HP ESU for Microsoft Windows 7.-.Hewlett-Packard Company) -> MsiExec.exe /X{722A2876-B382-4AB5-8CC9-007FF5B28641} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{78365FC6-09CA-4AC3-BC01-70FB46596047}] : (Validity Fingerprint Driver.-.Validity Sensors, Inc.) -> MsiExec.exe /X{78365FC6-09CA-4AC3-BC01-70FB46596047} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8D4B1DDC-0CB5-4908-B740-A385C2F3B6A9}] : (HP User Guides 0185.-.Hewlett-Packard) -> MsiExec.exe /X{8D4B1DDC-0CB5-4908-B740-A385C2F3B6A9} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8E0BDF1C-26D9-4579-A677-53A4CC0D3693}] : (League of Legends.-.Riot Games) -> MsiExec.exe /X{8E0BDF1C-26D9-4579-A677-53A4CC0D3693} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}] : (Intel® Matrix Storage Manager.-.Intel Corporation) -> C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}] : (HP Setup.-.Hewlett-Packard Company) -> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}\setup.exe" -l0x9 -removeonly [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}] : (Broadcom 2070 Bluetooth 2.1 + EDR.-.Broadcom Corporation) -> MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A8D40741-490C-4190-82F2-62909891414B}] : (.-.Intel Corporation) -> MsiExec.exe /I{A8D40741-490C-4190-82F2-62909891414B} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001802114130}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AB0000000001}] : (Adobe Reader XI (11.0.10) - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AB0000000001} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}] : (MSVC90_x86.-.Nokia) -> MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}] : (DirectX 9 Runtime.-.Sonic Solutions) -> MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B8112377-4DF5-49AD-B37D-295C87D75FE9}] : (HP Power Assistant.-.Hewlett-Packard Company) -> MsiExec.exe /X{B8112377-4DF5-49AD-B37D-295C87D75FE9} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}] : (Energy Star Digital Logo.-.Hewlett-Packard) -> MsiExec.exe /I{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BEWINTERNET-FR-DMGP-V2}.UninstallSuite] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C7AE4EC3-9C13-4213-8457-74D16B353F91}] : (HP Web Camera.-.Hewlett-Packard) -> MsiExec.exe /I{C7AE4EC3-9C13-4213-8457-74D16B353F91} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D600B125-9437-4229-845B-E10B84190409}] : (HP QuickLook.-.Hewlett-Packard) -> MsiExec.exe /X{D600B125-9437-4229-845B-E10B84190409} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D69F9215-B06A-4ADF-A464-E2607B2FA296}] : (Privacy Manager for HP ProtectTools.-.Hewlett-Packard) -> MsiExec.exe /I{D69F9215-B06A-4ADF-A464-E2607B2FA296} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DA200FDD-DE3D-4958-8465-C4FBC869544B}] : (HP Software Framework.-.Hewlett-Packard Company) -> MsiExec.exe /X{DA200FDD-DE3D-4958-8465-C4FBC869544B} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}] : (Realtek PC Camera.-.Realtek Semiconductor Corp.) -> C:\windows\RtsUvcUninst.exe /u [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}] : (IDT Audio.-.IDT) -> "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}] : (HP Wireless Assistant.-.Hewlett-Packard) -> MsiExec.exe /X{EC720706-3F19-4B7F-BDDD-E31D9B3921D2} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}] : (HP Support Assistant.-.Hewlett-Packard Company) -> "C:\Program Files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> C:\Program Files\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F5CC2EF8-20A4-4366-A681-3FE849E65809}] : (RICOH Media Driver.-.RICOH) -> "C:\Program Files\InstallShield Installation Information\{F5CC2EF8-20A4-4366-A681-3FE849E65809}\SETUP.EXE" -runfromtemp -l0x0009 anything -removeonly [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FC2443F8-F408-4048-A232-282FB5A920E1}] : (HP Power Data.-.Hewlett-Packard) -> MsiExec.exe /X{FC2443F8-F408-4048-A232-282FB5A920E1} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.29.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6} ---------- | Installer [HKCR\Installer\Products\03825B55A420E344FA16161E7EA1AFB1] : Device Access Manager for HP ProtectTools -> c:\Windows\Installer\{55B52830-024A-443E-AF61-61E1E71AFA1B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0694AF70830BBE9498B1F95939A05A44] : HP Customer Experience Enhancements -> C:\Windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe [HKCR\Installer\Products\114202EE62C28E947948B11CBD7FED69] : HP Support Assistant -> C:\windows\Installer\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1467E70A49CAF454EB258EEEE130B5C1] : [HKCR\Installer\Products\14704D8AC0940914282F2609891914B4] : VC90_CRT_x86 -> C:\windows\Installer\{A8D40741-490C-4190-82F2-62909891414B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\24E108406A1B25C4F9D3ACBDA5504033] : HP Software Setup [HKCR\Installer\Products\2D6FDBE10AECC4842AE3D2AD7DDFD00D] : System Requirements Lab for Intel [HKCR\Installer\Products\30FDA6D6752B5AE4BB1CD141A58F5D41] : File Sanitizer For HP ProtectTools -> C:\Windows\Installer\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3CE4EA7C31C931244875471DB653F319] : HP Web Camera [HKCR\Installer\Products\3D10EF04D61FC7044B17BB7E4157873C] : HP 3D DriveGuard -> C:\windows\Installer\{40FE01D3-F16D-407C-B471-BBE7147578C3}\controlPanelIcon.exe [HKCR\Installer\Products\4225ABB41B5CC8B4AA4A86AD66459B1C] : HP HotKey Support -> C:\Windows\Installer\{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}\app_1.exe [HKCR\Installer\Products\443185B4D4658C54DBE59DA560AC31AC] : HP ProtectTools Security Manager -> C:\windows\Installer\{4B581344-564D-45C8-BD5E-D95A06CA13CA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4A94D9E94FD183147BBDD5788A3980E8] : Broadcom 2070 Bluetooth 2.1 + EDR -> C:\windows\Installer\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110110F] : Java 8 Update 111 -> C:\Program Files\Java\jre1.8.0_111\\bin\javaws.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2381208040F] : Java 8 Update 40 [HKCR\Installer\Products\5129F96DA60BFDA44A462E06B7F22A69] : Privacy Manager for HP ProtectTools -> c:\Windows\Installer\{D69F9215-B06A-4ADF-A464-E2607B2FA296}\ARPPRODUCTICON.exe [HKCR\Installer\Products\521B006D7349922448B51EB048914090] : HP QuickLook -> c:\windows\Installer\{D600B125-9437-4229-845B-E10B84190409}\quicklook_Vista.exe [HKCR\Installer\Products\5619BD921CF50F8419886221F3258684] : Apple Application Support (32 bits) -> C:\windows\Installer\{29DB9165-5FC1-48F0-9188-26123F526848}\WinInstall.ico [HKCR\Installer\Products\607027CE91F3F7B4DBDD3ED1B993122D] : HP Wireless Assistant -> C:\Windows\Installer\{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}\WA_tray_32_on.exe [HKCR\Installer\Products\68AB67CA408033019195008120111403] : Adobe Refresh Manager -> C:\windows\Installer\{AC76BA86-0804-1033-1959-001802114130}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744BA0000000010] : Adobe Reader XI (11.0.10) - Français -> C:\windows\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico [HKCR\Installer\Products\6BF62016CB445C84DB92E4F3F9BC3BB3] : Adblock Plus pour IE (32-bits) -> C:\windows\Installer\{61026FB6-44BC-48C5-BD29-4E3F9FCBB33B}\program_icon [HKCR\Installer\Products\6CF56387AC903CA4CB1007BF64950674] : Validity Fingerprint Driver -> C:\windows\Installer\{78365FC6-09CA-4AC3-BC01-70FB46596047}\ValidityLogo.ico [HKCR\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE] : MSXML 4.0 SP2 (KB973688) [HKCR\Installer\Products\701043F6AA9F6C745BC43C1AF91155F3] : Hewlett-Packard ACLM.NET v1.2.1.1 -> C:\windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.29 -> C:\windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe [HKCR\Installer\Products\7732118B5FD4DA943BD792C5787DF59E] : HP Power Assistant -> C:\windows\Installer\{B8112377-4DF5-49AD-B37D-295C87D75FE9}\PA_tray_32.exe [HKCR\Installer\Products\7D796AD23DEF2ED41A47292A1AF26988] : HP SoftPaq Download Manager -> C:\Windows\Installer\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}\SoftpaqDownloadManager.exe [HKCR\Installer\Products\7E577B2224C65CF4E801A9E52375DB49] : MSVCRT [HKCR\Installer\Products\846111FA1A99E35418DD08BDFBD6DAD0] : MSVC90_x86 [HKCR\Installer\Products\8F3442CF804F84042A2382F25B9A021E] : HP Power Data -> C:\windows\Installer\{FC2443F8-F408-4048-A232-282FB5A920E1}\HPPowerData.exe [HKCR\Installer\Products\96F071321C0410726140000010000000] : 7-Zip 16.04 [HKCR\Installer\Products\970E8FB52E6D32347B495751321721A2] : Windows 7 Default Setting [HKCR\Installer\Products\9C43A1DB467497F4EAF111F2C8983D4D] : Energy Star Digital Logo -> C:\windows\Installer\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}\_6FEFF9B68218417F98F549.exe [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A6088EB18F4855643A18D05542349044] : ActivClient x86 -> C:\Windows\Installer\{1BE8806A-84F8-4655-A381-0D5524430944}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B42F9C3329D123649A51183EBBD1D5B6] : Theft Recovery -> C:\Windows\Installer\{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C1FDB0E89D6297546A77354ACCD06339] : League of Legends -> C:\windows\Installer\{8E0BDF1C-26D9-4579-A677-53A4CC0D3693}\lol.launcher_1.exe [HKCR\Installer\Products\C7D8BF048FF62FA4CBB8B0D13BA20FB4] : HP Advisor -> C:\Windows\Installer\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C9C8A7B2A5640F249B3C81F0ADBAC2B4] : -> C:\windows\Installer\{2B7A8C9C-465A-42F0-B9C3-180FDAAB2C4B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CDD1B4D85BC080947B043A582C3F6B9A] : HP User Guides 0185 [HKCR\Installer\Products\D41F6E439F86D68478ABA68A34F1F344] : Drive Encryption for HP ProtectTools -> c:\Windows\Installer\{34E6F14D-68F9-486D-87BA-6AA8431F3F44}\controlPanelIcon.exe [HKCR\Installer\Products\D85DFFC5BE8AC9343BDF8A68C288C655] : Apple Mobile Device Support -> C:\windows\Installer\{5CFFD58D-A8EB-439C-B3FD-A8862C886C55}\Installer.ico [HKCR\Installer\Products\DDA39468D428E8B4DB27C8D5DC5CA217] : MSXML 4.0 SP2 (KB954430) [HKCR\Installer\Products\DDF002ADD3ED859448564CBF8C9645B4] : HP Software Framework -> C:\Windows\Installer\{DA200FDD-DE3D-4958-8465-C4FBC869544B}\app_1.exe [HKCR\Installer\Products\EB3EDFA610CB4A54D960BB5FDA023731] : LightScribe System Software -> C:\Windows\Installer\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater ---------- | ADS ---------- | Drives Disk: 0 Size=305G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 299M Yes No 2,048 614,400 1 1 07-NTFS 288G No No 616,448 588,869,632 2 2 07-NTFS 15G No No 589,486,080 31,457,280 3 3 0C-FAT32X 2.0G No No 620,943,360 4,184,064 ---------- | MBR Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 32-bit Base Board Manufacturer: Hewlett-Packard BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP ProBook 6450b Logical Drives Mask: 0x00000064 Analysis of file "C:\QuickDiag\MBR.bin": Windows 2008 MBR code detected Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: Hitachi_ rev.PC3O -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys C:\windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Company Mobile Data Protection System C:\windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver 1 ntkrnlpa!IofCallDriver[0x836500C5] -> \Device\Harddisk0\DR0[0x86E80528] 3 CLASSPNP[0x8960459E] -> ntkrnlpa!IofCallDriver[0x836500C5] -> [0x86E80C48] 5 hpdskflt[0x897D3F92] -> ntkrnlpa!IofCallDriver[0x836500C5] -> [0x863AB8C8] 7 ACPI[0x890A83D4] -> ntkrnlpa!IofCallDriver[0x836500C5] -> \Device\Ide\IAAStorageDevice-1[0x86370028] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } user & kernel MBR OK ---------- | 20 LastEventLog Nom de l’application défaillante LeagueClient.exe, version : 0.12.0.240, horodatage : 0x5801a978 Nom du module défaillant : LeagueClient.exe, version : 0.12.0.240, horodatage : 0x5801a978 Code d’exception : 0xc0000005 Décalage d’erreur : 0x001b4311 ID du processus défaillant : 0x1304 Heure de début de l’application défaillante : 0x01d23ac5c0df1cb4 Chemin d’accès de l’application défaillante : C:\Riot Games\League of Legends\LeagueClient.exe Chemin d’accès du module défaillant: C:\Riot Games\League of Legends\LeagueClient.exe ID de rapport : 00becc1c-a6b9-11e6-89ad-1cc1de9d2719 ------------ Produit : OpenOffice.org 3.3 -- Veuillez quitter OpenOffice.org 3.3 et le démarrage rapide de OpenOffice.org 3.3 avant de continuer. Si vous utilisez un système multi-utilisateurs, assurez-vous également qu'aucun autre utilisateur n'a ouvert OpenOffice.org 3.3. ------------ CCleaner (5092) testing: Une tentative d'ouverture du fichier "C:\Users\al\AppData\Local\Microsoft\Windows\WebCache\V01.log" pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020) : "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur -1032 (0xfffffbf8). ------------ CCleaner (5092) testing: Une tentative d'ouverture du fichier "C:\Users\al\AppData\Local\Microsoft\Windows\WebCache\V01.log" pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020) : "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur -1032 (0xfffffbf8). ------------ Impossible d’initialiser l’index. Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ Impossible d’initialiser l’application. Contexte : Application Windows Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ Impossible d’initialiser l’objet rassembleur. Contexte : Application Windows, Catalogue SystemIndex Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ Impossible d’initialiser le plug-in dans . Contexte : Application Windows, Catalogue SystemIndex Détails : Élément introuvable. (HRESULT : 0x80070490) (0x80070490) ------------ Impossible d’initialiser le plug-in dans . Contexte : Application Windows, Catalogue SystemIndex Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ Le service Windows Search ne peut pas charger les informations de la banque de propriétés. Contexte : Application Windows, Catalogue SystemIndex Détails : La base de données d’index des contenus est endommagée. (HRESULT : 0xc0041800) (0xc0041800) ------------ Le service de recherche Windows a été arrêté à cause d’un problème avec l’indexeur : The catalog is corrupt. Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ Le service de recherche a détecté des fichiers de données endommagés dans l’index {id=4700}. Le service tentera de corriger automatiquement ce problème en recréant l’index. Détails : Le catalogue d’index des contenus est endommagé. (HRESULT : 0xc0041801) (0xc0041801) ------------ ------------ Windows (2696) Windows: L'Erreur -1811 s'est produite lors de l'ouverture du fichier journal C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001E1.log. ------------ La création du contexte d’activation a échoué pour « C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll ». Assembly dépendant Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé. ------------ Nom de l’application défaillante svchost.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc100 Nom du module défaillant : ntdll.dll, version : 6.1.7601.23543, horodatage : 0x57d2f908 Code d’exception : 0xc000000d Décalage d’erreur : 0x00097741 ID du processus défaillant : 0xe4c Heure de début de l’application défaillante : 0x01d22a2a65660993 Chemin d’accès de l’application défaillante : C:\windows\System32\svchost.exe Chemin d’accès du module défaillant: C:\windows\SYSTEM32\ntdll.dll ID de rapport : 00117e1b-a036-11e6-be50-1cc1de9d2719 ------------ Nom de l’application défaillante CompatTelRunner.exe, version : 10.0.14913.1002, horodatage : 0x57d102c7 Nom du module défaillant : devinv.dll, version : 10.0.14913.1002, horodatage : 0x57d1049e Code d’exception : 0xc0000005 Décalage d’erreur : 0x0002ec20 ID du processus défaillant : 0xf98 Heure de début de l’application défaillante : 0x01d22650a8e9b57f Chemin d’accès de l’application défaillante : C:\windows\system32\CompatTelRunner.exe Chemin d’accès du module défaillant: C:\windows\system32\devinv.dll ID de rapport : f9c8d2c2-9247-11e6-8faf-1cc1de9d2719 ------------ Le programme LolClient.exe version 0.0.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 18d0 Heure de début : 01d223b197c5f4b1 Heure de fin : 0 Chemin d’accès de l’application : C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.220\deploy\LolClient.exe ID de rapport : ba94465a-8fb6-11e6-ac05-1cc1de9d2719 ------------ Nom de l’application défaillante bcmwltry.exe, version : 5.100.82.148, horodatage : 0x5178c3ec Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x046b822c ID du processus défaillant : 0x6e0 Heure de début de l’application défaillante : 0x01d21e6dc8b2e39b Chemin d’accès de l’application défaillante : C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe Chemin d’accès du module défaillant: unknown ID de rapport : 27e90492-8a61-11e6-8fc2-1cc1de9d2719 ------------ ----------( EOF)---------- - 2911 | 22:05:53