Inactive Programs are closing suddenly few seconds after loading

[PreviousGuy]

Hi,

It look like my programs, as Teamviewer, Microsoft Word, are closing suddenly only a few seconds after they are opened.

As I was reading others peep topics, I do the malware check-up steps with Farbar and it result by the following: (is there any problems?)

FRST.txt files : (sorry it is in French mode)

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2017 01
Exécuté par Sandie (administrateur) sur SANDIE-PC (07-06-2017 18:59:25)
Exécuté depuis C:\Users\Sandie\Downloads
Profils chargés: Sandie (Profils disponibles: Sandie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool:

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
(Microsoft Corporation) C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\Avira.SystemSpeedup.UI.Systray.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Akamai Technologies, Inc.) C:\Users\Sandie\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Sandie\AppData\Local\Akamai\netsession_win.exe
(Fisher & Paykel Healthcare) C:\Users\Sandie\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wellbia.com Co., Ltd.) C:\Windows\SysWOW64\xsherlock.xem
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Registre (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-07] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [29246632 2017-05-30] (Dropbox, Inc.)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3154787465-929561759-525958776-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sandie\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3154787465-929561759-525958776-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-3154787465-929561759-525958776-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3154787465-929561759-525958776-1000\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-3154787465-929561759-525958776-1000\...\MountPoints2: K - K:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3154787465-929561759-525958776-1000\...\MountPoints2: {53974149-3792-11e1-b12a-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-3154787465-929561759-525958776-1000\...\MountPoints2: {efc1c226-acd5-11e2-977c-386077fb0477} - J:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3154787465-929561759-525958776-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-07] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
Startup: C:\Users\Sandie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InfoUSB Detector.lnk [2016-06-22]
ShortcutTarget: InfoUSB Detector.lnk -> C:\Users\Sandie\AppData\Roaming\Fisher & Paykel Healthcare\InfoUSBDetector\InfoUSBDetector.exe (Fisher & Paykel Healthcare)
Startup: C:\Users\Sandie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Superviser les alertes relatives aux cartouches - HP OfficeJet Pro 8720.lnk [2017-06-07]
ShortcutTarget: Superviser les alertes relatives aux cartouches - HP OfficeJet Pro 8720.lnk -> C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPStatusBL.dll (HP Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{13AC22B4-6062-4C03-BD6B-8B12D9D71C0B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5BE6617D-B547-480B-95E7-7F11992E0B45}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131371989438681992&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131371989438681992&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3154787465-929561759-525958776-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131371989438681992&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-3154787465-929561759-525958776-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKU\S-1-5-21-3154787465-929561759-525958776-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-3154787465-929561759-525958776-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_cdxfs_17_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtB0E0AtDyB0A0FtC0FzytN0D0Tzu0StCzytBtCtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StA0F0FyCtC0DyByBtGyCyDtDzztGzyyByCtBtGyC0D0ByEtGzzzyzyyDtAzztBzztDyB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyzytCtD0AzytBtG0FtByD0EtGyEtCyDyCtGzy0ByDyBtGyDtD0FyDtCtDzz0D0EtA0Azz2QtN0A0LzuyE%26cr%3D761988319%26a%3Dwbf_cdxfs_17_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_7d748b79ad623fcd40&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITMsQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vmpdJaYXvFQ9IWYVwVRdIGYYwVI4JqYYNVA9JaYTvmo9GqYVNUI3wGYGwVM3vCIXwVM9GqUNNos3wCIYwVA9Jmk3wVA4ICITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IYvFJdJGYVvmpdJqYWNVI9I6oXvmk4ISIXwVxdICIWvmo9J6ISvFJdImIYNVU9I6oVwVM9JGYUvFQ4ICIVvFE4ISoUwVVdIWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVI3vCk4wVM9IWYYvmo9JmISNVA9JmoVNVE9I6oUwVM4ISoWwVw3vGYXvFI4JmISvFI9IWYTvFI9J6IVvmldIWYUwVVdJCk3NoU9GqYYNVc3wCoUQGR7B6RoN9JcMapaLGF7LWBdQGR7BHFaISopzU0aCaV6CaV9C78kBrFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D&param2=MWNaLWxaMat9&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_cdxfs_17_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtB0E0AtDyB0A0FtC0FzytN0D0Tzu0StCzytBtCtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StA0F0FyCtC0DyByBtGyCyDtDzztGzyyByCtBtGyC0D0ByEtGzzzyzyyDtAzztBzztDyB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyzytCtD0AzytBtG0FtByD0EtGyEtCyDyCtGzy0ByDyBtGyDtD0FyDtCtDzz0D0EtA0Azz2QtN0A0LzuyE%26cr%3D761988319%26a%3Dwbf_cdxfs_17_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_7d748b79ad623fcd40&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITMsQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vmpdJaYXvFQ9IWYVwVRdIGYYwVI4JqYYNVA9JaYTvmo9GqYVNUI3wGYGwVM3vCIXwVM9GqUNNos3wCIYwVA9Jmk3wVA4ICITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IYvFJdJGYVvmpdJqYWNVI9I6oXvmk4ISIXwVxdICIWvmo9J6ISvFJdImIYNVU9I6oVwVM9JGYUvFQ4ICIVvFE4ISoUwVVdIWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVI3vCk4wVM9IWYYvmo9JmISNVA9JmoVNVE9I6oUwVM4ISoWwVw3vGYXvFI4JmISvFI9IWYTvFI9J6IVvmldIWYUwVVdJCk3NoU9GqYYNVc3wCoUQGR7B6RoN9JcMapaLGF7LWBdQGR7BHFaISopzU0aCaV6CaV9C78kBrFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D&param2=MWNaLWxaMat9&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3154787465-929561759-525958776-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_7d748b79ad623fcd40&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITMsQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vmpdJaYXvFQ9IWYVwVRdIGYYwVI4JqYYNVA9JaYTvmo9GqYVNUI3wGYGwVM3vCIXwVM9GqUNNos3wCIYwVA9Jmk3wVA4ICITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IYvFJdJGYVvmpdJqYWNVI9I6oXvmk4ISIXwVxdICIWvmo9J6ISvFJdImIYNVU9I6oVwVM9JGYUvFQ4ICIVvFE4ISoUwVVdIWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVI3vCk4wVM9IWYYvmo9JmISNVA9JmoVNVE9I6oUwVM4ISoWwVw3vGYXvFI4JmISvFI9IWYTvFI9J6IVvmldIWYUwVVdJCk3NoU9GqYYNVc3wCoUQGR7B6RoN9JcMapaLGF7LWBdQGR7BHFaISopzU0aCaV6CaV9C78kBrFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D&param2=MWNaLWxaMat9&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3154787465-929561759-525958776-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_7d748b79ad623fcd40&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITMsQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vmpdJaYXvFQ9IWYVwVRdIGYYwVI4JqYYNVA9JaYTvmo9GqYVNUI3wGYGwVM3vCIXwVM9GqUNNos3wCIYwVA9Jmk3wVA4ICITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IYvFJdJGYVvmpdJqYWNVI9I6oXvmk4ISIXwVxdICIWvmo9J6ISvFJdImIYNVU9I6oVwVM9JGYUvFQ4ICIVvFE4ISoUwVVdIWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVI3vCk4wVM9IWYYvmo9JmISNVA9JmoVNVE9I6oUwVM4ISoWwVw3vGYXvFI4JmISvFI9IWYTvFI9J6IVvmldIWYUwVVdJCk3NoU9GqYYNVc3wCoUQGR7B6RoN9JcMapaLGF7LWBdQGR7BHFaISopzU0aCaV6CaV9C78kBrFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQRy78oQGQXFSQoyDo8yJ%3D%3D&param2=MWNaLWxaMat9&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3154787465-929561759-525958776-1000 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_cdxfs_17_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtB0E0AtDyB0A0FtC0FzytN0D0Tzu0StCzytBtCtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StA0F0FyCtC0DyByBtGyCyDtDzztGzyyByCtBtGyC0D0ByEtGzzzyzyyDtAzztBzztDyB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyzytCtD0AzytBtG0FtByD0EtGyEtCyDyCtGzy0ByDyBtGyDtD0FyDtCtDzz0D0EtA0Azz2QtN0A0LzuyE%26cr%3D761988319%26a%3Dwbf_cdxfs_17_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-06-07] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-06-07] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-27] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3154787465-929561759-525958776-1000 -> Pas de nom - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Pas de fichier
Toolbar: HKU\S-1-5-21-3154787465-929561759-525958776-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: p7dszgys.default
FF ProfilePath: C:\Users\Sandie\AppData\Roaming\Mozilla\Firefox\Profiles\p7dszgys.default [2017-06-02]
FF NewTab: Mozilla\Firefox\Profiles\p7dszgys.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p7dszgys.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p7dszgys.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\p7dszgys.default -> hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_cdxfs_17_14&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DtB0E0AtDyB0A0FtC0FzytN0D0Tzu0StCzytBtCtN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2StA0F0FyCtC0DyByBtGyCyDtDzztGzyyByCtBtGyC0D0ByEtGzzzyzyyDtAzztBzztDyB0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyzytCtD0AzytBtG0FtByD0EtGyEtCyDyCtGzy0ByDyBtGyDtD0FyDtCtDzz0D0EtA0Azz2QtN0A0LzuyE%26cr%3D761988319%26a%3Dwbf_cdxfs_17_14%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
FF Keyword.URL: Mozilla\Firefox\Profiles\p7dszgys.default -> user_pref("keyword.URL", true);
FF Extension: (Avira Browser Safety) - C:\Users\Sandie\AppData\Roaming\Mozilla\Firefox\Profiles\p7dszgys.default\Extensions\abs@avira.com.xpi [2017-04-05]
FF Extension: (Lightbeam) - C:\Users\Sandie\AppData\Roaming\Mozilla\Firefox\Profiles\p7dszgys.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2017-03-26]
FF Extension: (Avast Online Security) - C:\Users\Sandie\AppData\Roaming\Mozilla\Firefox\Profiles\p7dszgys.default\Extensions\wrc@avast.com.xpi [2017-06-07]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\Sandie\AppData\Roaming\Mozilla\Firefox\Profiles\p7dszgys.default\features\{8c95e5b1-3c39-48fb-bbeb-9bafc38ed79b}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\Sandie\AppData\Roaming\Mozilla\Firefox\Profiles\p7dszgys.default\features\{8c95e5b1-3c39-48fb-bbeb-9bafc38ed79b}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF SearchPlugin: C:\Users\Sandie\AppData\Roaming\Mozilla\Firefox\Profiles\p7dszgys.default\searchplugins\yahoo! powered.xml [2017-04-05]
FF HKU\S-1-5-21-3154787465-929561759-525958776-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-12] [non signé]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2016-01-19] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2016-01-19] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt -> C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll [2012-03-27] (WEBZEN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.ca/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Default [2017-04-17]
CHR Extension: (Protection Web Avira) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-15]
CHR Extension: (Office Online - Copier et coller) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2015-08-04]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR Profile: C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-07]
CHR Extension: (Google Slides) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-27]
CHR Extension: (Google Docs) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-27]
CHR Extension: (Google Drive) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-27]
CHR Extension: (YouTube) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-27]
CHR Extension: (Recherche Google) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-17]
CHR Extension: (Google Sheets) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-27]
CHR Extension: (Protection Web Avira) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-07]
CHR Extension: (Google Docs hors connexion) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-28]
CHR Extension: (Search Manager) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-06-07]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\Sandie\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3154787465-929561759-525958776-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sandie\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-05-28]
CHR HKU\S-1-5-21-3154787465-929561759-525958776-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3154787465-929561759-525958776-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3154787465-929561759-525958776-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdepacjoijebcfaaenjicnejghibmebp] - <pas de Path/update_url>
CHR HKU\S-1-5-21-3154787465-929561759-525958776-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3154787465-929561759-525958776-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Sandie\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx <non trouvé(e)>
CHR HKU\S-1-5-21-3154787465-929561759-525958776-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdepacjoijebcfaaenjicnejghibmebp] - <pas de Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [feffgldcgbgbkgihdccknhbfknichcio] - <pas de Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdgpdecndphihcinammckiacmcpbaipk] - <pas de Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ibclbohbddcmmaaobgjamgbfbchjdfae] - <pas de Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - <pas de Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Sandie\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S4 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1119712 2017-05-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [488920 2017-05-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [488920 2017-05-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1520680 2017-05-05] (Avira Operations GmbH & Co. KG)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-07] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-07] (AVAST Software)
R2 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-04-16] ()
R2 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-28] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-30] (Dropbox, Inc.)
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-05-26] (Digital Wave Ltd.)
R2 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [Fichier non signé]
R2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Fichier non signé]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
S3 MySQLRouter; C:\Program Files\MySQL\MySQL Router 2.1\bin\mysqlrouter.exe [326144 2017-04-06] () [Fichier non signé]
S2 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Fichier non signé]
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2017-05-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-07] ()
S4 SpeedupService; C:\Program Files (x86)\Avira\AviraSpeedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-04-07] (Avira Operations GmbH & Co. KG)
S2 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Fichier non signé]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
S2 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-09-23] (Wellbia.com Co., Ltd.) [Fichier non signé]
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Pilotes (Avec liste blanche) ======================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-06-07] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-06-07] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-06-07] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-06-07] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-06-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-06-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-06-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-06-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-06-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-06-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-06-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-06-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-06-07] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-28] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-28] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-03] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-05-16] (REALiX(tm))
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [Fichier non signé]
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2017-05-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Fichier non signé]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [Fichier non signé]
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 cpuz134; \??\C:\Users\Sandie\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120628.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120628.004\EX64.SYS [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

 

[PreviousGuy]

Continue....

==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-06-07 18:59 - 2017-06-07 19:01 - 00041357 _____ C:\Users\Sandie\Downloads\FRST.txt
2017-06-07 18:58 - 2017-06-07 18:59 - 00000000 ____D C:\FRST
2017-06-07 18:58 - 2017-06-07 18:58 - 02435072 _____ (Farbar) C:\Users\Sandie\Downloads\FRST64.exe
2017-06-07 18:53 - 2017-06-07 18:56 - 00000000 ____D C:\ProgramData\Avira
2017-06-07 18:51 - 2017-06-07 18:51 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-07 18:38 - 2017-06-07 18:43 - 00180814 _____ C:\Windows\ntbtlog.txt
2017-06-07 18:31 - 2017-06-07 18:31 - 03135104 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sandie\Downloads\avira_registry_cleaner_en.exe
2017-06-07 18:22 - 2017-06-07 18:22 - 00003920 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1496874125
2017-06-07 18:22 - 2017-06-07 18:22 - 00001010 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-06-07 18:22 - 2017-06-07 18:22 - 00001010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-07 18:21 - 2017-06-07 18:21 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-07 18:21 - 2017-06-07 18:21 - 00001889 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-06-07 18:21 - 2017-06-07 18:21 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\AVAST Software
2017-06-07 18:21 - 2017-06-07 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-06-07 18:20 - 2017-06-07 18:21 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-07 18:20 - 2017-06-07 18:20 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-07 18:20 - 2017-06-07 18:20 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-06-07 18:19 - 2017-06-07 18:21 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-07 18:19 - 2017-06-07 18:21 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-07 18:19 - 2017-06-07 18:19 - 06334848 _____ (AVAST Software) C:\Users\Sandie\Downloads\avast_free_antivirus_setup.exe
2017-06-07 18:19 - 2017-06-07 18:19 - 00000039 _____ C:\Users\Sandie\Downloads\Stats.ini
2017-06-07 17:21 - 2017-06-07 17:21 - 00003036 _____ C:\Windows\System32\Tasks\{81845A27-5EC2-4E49-B511-5D4CF7357D20}
2017-06-07 17:20 - 2017-06-07 17:20 - 00003036 _____ C:\Windows\System32\Tasks\{864E362E-8A21-4402-B988-87F0A9132C41}
2017-06-07 17:20 - 2017-06-07 17:20 - 00003036 _____ C:\Windows\System32\Tasks\{3CEB6302-5581-41E1-A41A-8EE7BC1005DA}
2017-06-04 16:30 - 2017-06-04 16:30 - 01098920 _____ (NCH Software) C:\Users\Sandie\Downloads\wpsetup.exe
2017-06-04 16:30 - 2017-06-04 16:30 - 00001103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad - Éditeur audio.lnk
2017-06-04 16:30 - 2017-06-04 16:30 - 00001091 _____ C:\Users\Public\Desktop\WavePad - Éditeur audio.lnk
2017-06-04 16:30 - 2017-06-04 16:30 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-06-04 16:30 - 2017-06-04 16:30 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\NCH Software
2017-06-04 16:30 - 2017-06-04 16:30 - 00000000 ____D C:\ProgramData\NCH Software
2017-06-04 16:30 - 2017-06-04 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software
2017-06-04 16:30 - 2017-06-04 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio
2017-06-04 16:30 - 2017-06-04 16:30 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-06-03 13:02 - 2017-06-03 13:02 - 00001365 _____ C:\Users\Public\Desktop\Free YouTube To MP3 Converter.lnk
2017-06-03 11:17 - 2017-06-03 11:17 - 00002996 _____ C:\Windows\System32\Tasks\{874D0751-0691-4BD2-B017-28EA4406373B}
2017-06-03 11:17 - 2017-06-03 11:17 - 00002996 _____ C:\Windows\System32\Tasks\{39BA6D90-DDEB-4B30-94E3-D955AAA4D926}
2017-06-03 11:17 - 2017-06-03 11:17 - 00002996 _____ C:\Windows\System32\Tasks\{1282E861-7A2D-4514-8C16-087E24F8753A}
2017-06-03 11:16 - 2017-06-03 11:17 - 00002996 _____ C:\Windows\System32\Tasks\{401322B1-7FC7-4DED-BD36-AE9CB2FC5327}
2017-06-03 00:02 - 2017-06-03 00:02 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\MySQL
2017-06-02 20:33 - 2017-06-02 20:33 - 55681792 _____ (Digital Wave Ltd ) C:\Users\Sandie\Downloads\FreeStudio_6.6.35.323_o.exe
2017-06-02 19:47 - 2017-06-02 19:48 - 05618000 _____ C:\Users\Sandie\Downloads\HPEasyStart_5_0_3133_35.exe
2017-06-02 19:20 - 2017-06-04 15:55 - 00000000 ____D C:\Users\Sandie\AppData\Local\Mixxx
2017-06-02 18:52 - 2017-06-02 18:52 - 00001589 _____ C:\Users\Public\Desktop\Mixxx.lnk
2017-06-02 18:52 - 2017-06-02 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixxx
2017-06-02 18:52 - 2017-06-02 18:52 - 00000000 ____D C:\Program Files\Mixxx
2017-06-02 18:51 - 2017-06-02 18:51 - 25035393 _____ C:\Users\Sandie\Downloads\mixxx-2.0.0-win64.exe
2017-06-01 18:44 - 2017-06-01 18:45 - 01610991 _____ C:\Users\Sandie\Downloads\copie_ecole (2).pdf
2017-05-31 21:34 - 2017-05-31 21:33 - 01112322 _____ C:\Users\Sandie\Documents\Le Corbeau et le Renard - Les Fables.pdf
2017-05-31 19:52 - 2017-05-31 19:52 - 00002944 _____ C:\Windows\System32\Tasks\HPCustPartic.exe_{C4BAF897-38DF-4C40-BED7-F199A7814951}
2017-05-31 19:51 - 2017-05-31 19:51 - 00003568 _____ C:\Windows\System32\Tasks\HPCustParticipation HP OfficeJet Pro 8720
2017-05-31 19:50 - 2017-05-31 19:51 - 00000000 ____D C:\Program Files (x86)\HP
2017-05-31 19:50 - 2017-05-31 19:50 - 00002167 _____ C:\Users\Public\Desktop\HP OfficeJet Pro 8720.lnk
2017-05-31 19:50 - 2017-05-31 19:50 - 00001119 _____ C:\Users\Public\Desktop\Achat de consommables - HP OfficeJet Pro 8720.lnk
2017-05-31 19:50 - 2017-05-31 19:50 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enregistrement OCR I.R.I.S..lnk
2017-05-31 19:50 - 2017-05-31 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-05-31 19:50 - 2017-05-31 19:50 - 00000000 ____D C:\Program Files\HP
2017-05-31 19:50 - 2015-08-31 03:11 - 00833544 ____N (HP Inc.) C:\Windows\system32\HPDiscoPM7B12.dll
2017-05-31 19:49 - 2017-05-31 19:49 - 00000057 _____ C:\ProgramData\Ament.ini
2017-05-31 19:42 - 2017-05-31 19:51 - 00000000 ____D C:\ProgramData\HP
2017-05-31 19:38 - 2017-05-31 19:52 - 00000000 ____D C:\Users\Sandie\AppData\Local\HP
2017-05-31 19:31 - 2017-05-31 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-30 16:28 - 2017-05-30 16:28 - 00002996 _____ C:\Windows\System32\Tasks\{774F29A4-904F-42AB-B6E5-8B2E98437D2B}
2017-05-30 16:28 - 2017-05-30 16:28 - 00002996 _____ C:\Windows\System32\Tasks\{5287D69B-4078-4691-B8B1-0F905292093D}
2017-05-30 16:26 - 2017-05-30 16:26 - 00002996 _____ C:\Windows\System32\Tasks\{F784F809-6C3C-4656-9210-0FBFE8F58500}
2017-05-30 16:26 - 2017-05-30 16:26 - 00002996 _____ C:\Windows\System32\Tasks\{ED94BE0D-0252-421E-8D96-DD45F62D8CE4}
2017-05-30 16:26 - 2017-05-30 16:26 - 00002996 _____ C:\Windows\System32\Tasks\{7B15B341-EBD7-4CB5-9B75-4F4061775127}
2017-05-30 16:24 - 2017-05-30 16:24 - 00002996 _____ C:\Windows\System32\Tasks\{EF1BA7CA-C9BD-4192-A4B9-5B68F3446459}
2017-05-30 16:24 - 2017-05-30 16:24 - 00002996 _____ C:\Windows\System32\Tasks\{EA5577AF-8E89-459E-A8A3-013297A4C89E}
2017-05-30 16:24 - 2017-05-30 16:24 - 00002996 _____ C:\Windows\System32\Tasks\{DB42605F-87EF-4E1D-81AA-40190CDB8DF4}
2017-05-30 16:24 - 2017-05-30 16:24 - 00002996 _____ C:\Windows\System32\Tasks\{CF95BE73-E032-4DB2-89FC-425C30125E70}
2017-05-30 16:24 - 2017-05-30 16:24 - 00002996 _____ C:\Windows\System32\Tasks\{B6C6E745-9854-47C5-93AE-44E4A73AC39D}
2017-05-30 06:22 - 2017-05-30 06:22 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-05-28 22:28 - 2017-06-07 18:49 - 00000000 ___RD C:\Users\Sandie\Google Drive
2017-05-28 22:28 - 2017-05-28 22:28 - 00001719 _____ C:\Users\Sandie\Desktop\Google Drive.lnk
2017-05-28 22:26 - 2017-05-28 22:26 - 00002009 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-05-28 22:26 - 2017-05-28 22:26 - 00002007 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-05-28 22:26 - 2017-05-28 22:26 - 00001997 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-05-28 22:26 - 2017-05-28 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-05-28 22:25 - 2017-05-28 22:25 - 01130328 _____ (Google Inc.) C:\Users\Sandie\Downloads\googledrivesync.exe
2017-05-28 20:57 - 2017-05-28 20:57 - 00000000 _____ C:\Users\Sandie\Downloads\CDex-1.82.exe
2017-05-28 20:54 - 2017-06-07 18:59 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-05-28 20:54 - 2017-06-07 18:48 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-05-28 20:54 - 2017-05-31 19:36 - 00000000 ____D C:\Users\Sandie\AppData\Local\Dropbox
2017-05-28 20:54 - 2017-05-31 19:31 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-28 20:54 - 2017-05-28 20:54 - 00690080 _____ (Dropbox, Inc.) C:\Users\Sandie\Downloads\DropboxInstaller (1).exe
2017-05-28 20:54 - 2017-05-28 20:54 - 00003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-05-28 20:54 - 2017-05-28 20:54 - 00003652 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-05-28 20:54 - 2017-05-28 20:54 - 00000000 ____D C:\ProgramData\Dropbox
2017-05-28 20:34 - 2017-05-28 20:34 - 00002968 _____ C:\Windows\System32\Tasks\{9320EEF2-B319-473A-900D-73B74430DC69}
2017-05-28 20:26 - 2017-05-28 21:13 - 00000000 ____D C:\Users\Sandie\Desktop\Sandie Photos
2017-05-28 20:15 - 2017-05-28 20:15 - 39771304 _____ (Samsung Electronics) C:\Users\Sandie\Downloads\Smart_Switch_PC_setup (1).exe
2017-05-28 18:50 - 2017-05-28 18:50 - 00000881 _____ C:\Users\Sandie\AppData\Local\recently-used.xbel
2017-05-28 18:46 - 2017-05-28 18:46 - 00000000 ____D C:\Users\Sandie\AppData\Local\webkit
2017-05-28 18:45 - 2017-05-28 18:50 - 00000000 ____D C:\Users\Sandie\AppData\Local\gtk-2.0
2017-05-28 18:45 - 2017-05-28 18:45 - 00000000 ____D C:\Users\Sandie\.thumbnails
2017-05-28 18:44 - 2017-05-28 18:58 - 00000000 ____D C:\Users\Sandie\.gimp-2.8
2017-05-28 18:44 - 2017-05-28 18:44 - 00000000 ____D C:\Users\Sandie\AppData\Local\gegl-0.2
2017-05-28 18:44 - 2017-05-28 18:44 - 00000000 ____D C:\Users\Sandie\AppData\Local\fontconfig
2017-05-28 16:41 - 2017-05-28 16:41 - 00000861 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-05-28 16:40 - 2017-05-28 16:40 - 00000000 ____D C:\Program Files\GIMP 2
2017-05-28 16:37 - 2017-05-28 16:39 - 89579672 _____ (The GIMP Team ) C:\Users\Sandie\Downloads\gimp-2.8.22-setup.exe
2017-05-28 16:34 - 2017-05-28 16:34 - 00000899 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2017-05-28 16:34 - 2017-05-28 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-05-28 16:34 - 2017-05-28 16:34 - 00000000 ____D C:\Program Files\PuTTY
2017-05-28 16:32 - 2017-05-28 16:32 - 01643255 _____ C:\Users\Sandie\Downloads\putty-src.zip
2017-05-28 16:31 - 2017-05-28 16:31 - 03055104 _____ C:\Users\Sandie\Downloads\putty-64bit-0.69-installer.msi
2017-05-28 12:32 - 2017-05-28 12:32 - 01129021 _____ C:\Users\Sandie\Downloads\motherplate-master.zip
2017-05-28 11:29 - 2017-05-28 11:30 - 20665274 _____ C:\Users\Sandie\Downloads\scout-app-0.7.1-win.zip
2017-05-28 09:51 - 2017-05-28 11:00 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-05-28 09:51 - 2017-05-28 10:41 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\Notepad++
2017-05-28 09:51 - 2017-05-28 09:51 - 00000986 _____ C:\Users\Public\Desktop\Notepad++.lnk
2017-05-28 09:51 - 2017-05-28 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-05-28 09:48 - 2017-05-28 09:48 - 02990616 _____ C:\Users\Sandie\Downloads\npp.7.4.1.Installer.exe
2017-05-28 01:48 - 2017-05-28 11:28 - 00000000 ____D C:\Users\Sandie\AppData\Local\scout-app
2017-05-28 01:46 - 2017-05-28 01:47 - 00000000 ____D C:\Users\Sandie\Downloads\Scout
2017-05-28 01:35 - 2017-05-28 01:35 - 45656150 _____ C:\Users\Sandie\Downloads\WIN_Scout-App_2.12.12.zip
2017-05-28 01:26 - 2017-05-28 01:26 - 20665274 _____ C:\Users\Sandie\Downloads\scout-app-0.7.1-win (1).zip
2017-05-28 01:21 - 2017-05-28 01:21 - 01381582 _____ (Igor Pavlov) C:\Users\Sandie\Downloads\7z1604-x64.exe
2017-05-28 01:21 - 2017-05-28 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-05-28 01:21 - 2017-05-28 01:21 - 00000000 ____D C:\Program Files\7-Zip
2017-05-28 01:19 - 2017-05-28 01:29 - 00000000 ____D C:\ProgramData\WinZip
2017-05-28 01:18 - 2017-05-28 01:18 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.5
2017-05-28 01:17 - 2017-05-28 01:17 - 00763112 _____ (WinZip Computing, S.L.) C:\Users\Sandie\Downloads\winzip21-home.exe
2017-05-28 01:17 - 2017-05-28 01:17 - 00000000 ____D C:\ProgramData\UniqueId
2017-05-28 00:47 - 2017-05-28 00:47 - 71003102 _____ C:\Users\Sandie\Downloads\msys2-x86_64-20161025.exe
2017-05-28 00:29 - 2017-05-28 00:29 - 00000091 _____ C:\Users\Sandie\.irbrc
2017-05-28 00:12 - 2017-05-28 00:12 - 00000056 _____ C:\Users\Sandie\.bash_history
2017-05-28 00:06 - 2017-05-28 00:06 - 00000000 ____D C:\Users\Sandie\.gem
2017-05-27 23:56 - 2017-05-27 23:56 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 32bit
2017-05-27 23:55 - 2017-05-28 00:50 - 00000000 ____D C:\msys32
2017-05-27 23:54 - 2017-05-27 23:54 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.4.1-1-x86
2017-05-27 23:54 - 2017-05-27 23:54 - 00000000 ____D C:\Ruby24
2017-05-27 23:52 - 2017-05-27 23:53 - 08783285 _____ (RubyInstaller Team ) C:\Users\Sandie\Downloads\rubyinstaller-2.4.1-1-x86.exe
2017-05-27 19:50 - 2017-05-27 19:50 - 00000000 ____D C:\Users\Sandie\AppData\Local\Koala
2017-05-27 19:50 - 2017-05-27 19:50 - 00000000 ____D C:\Users\Sandie\.koala
2017-05-27 19:28 - 2017-05-27 19:28 - 00001014 _____ C:\Users\Sandie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Koala.lnk
2017-05-27 19:28 - 2017-05-27 19:28 - 00000960 _____ C:\Users\Sandie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koala.lnk
2017-05-27 19:28 - 2017-05-27 19:28 - 00000930 _____ C:\Users\Sandie\Desktop\Koala.lnk
2017-05-27 19:27 - 2017-05-27 23:44 - 00000000 ____D C:\Program Files (x86)\Koala
2017-05-27 19:12 - 2017-05-27 19:12 - 78832039 _____ C:\Users\Sandie\Downloads\KoalaSetup.exe
2017-05-27 19:05 - 2017-05-27 19:05 - 00000469 _____ C:\Windows\ODBCINST.INI
2017-05-27 18:59 - 2017-05-27 19:05 - 00000000 ____D C:\Program Files\MySQL
2017-05-27 18:59 - 2017-05-27 18:59 - 00003666 _____ C:\Windows\System32\Tasks\MySQLNotifierTask
2017-05-27 18:59 - 2017-05-27 18:59 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\Oracle
2017-05-27 18:59 - 2017-05-27 18:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-05-27 18:59 - 2017-05-27 18:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2017-05-27 18:59 - 2017-05-27 18:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-05-27 18:58 - 2017-05-27 18:58 - 00000000 ____D C:\Users\Sandie\.idlerc
2017-05-27 18:52 - 2017-05-27 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-05-27 18:52 - 2017-05-27 18:54 - 00000000 ____D C:\Program Files (x86)\Python36-32
2017-05-27 18:52 - 2017-05-27 18:52 - 00000000 ____D C:\Users\Sandie\AppData\Local\Package Cache
2017-05-27 18:49 - 2017-05-27 18:49 - 30453192 _____ (Python Software Foundation) C:\Users\Sandie\Downloads\python-3.6.1.exe
2017-05-27 18:40 - 2017-06-03 00:02 - 00000000 ____D C:\ProgramData\MySQL
2017-05-27 18:40 - 2017-05-27 19:06 - 00000000 ____D C:\Program Files (x86)\MySQL
2017-05-27 18:40 - 2017-05-27 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2017-05-27 18:40 - 2017-05-27 18:40 - 00000000 ____D C:\Windows\System32\Tasks\MySQL
2017-05-27 18:37 - 2017-05-27 18:39 - 425545728 _____ C:\Users\Sandie\Downloads\mysql-installer-community-5.7.18.1.msi
2017-05-27 15:31 - 2017-05-27 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2017-05-27 15:28 - 2017-05-28 01:36 - 00000000 ____D C:\xampp
2017-05-27 15:27 - 2017-05-28 11:52 - 00000000 ____D C:\Users\Sandie\Desktop\TPG
2017-05-27 15:20 - 2017-05-27 15:20 - 115437896 _____ (Bitnami) C:\Users\Sandie\Downloads\xampp-win32-5.6.30-1-VC11-installer.exe
2017-05-27 14:52 - 2017-05-27 14:52 - 00000000 ___RD C:\Users\Sandie\Virtual Machines
2017-05-27 14:43 - 2017-05-27 14:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2017-05-27 14:43 - 2017-05-27 14:43 - 00000000 ____D C:\Program Files (x86)\Windows Virtual PC
2017-05-27 14:39 - 2010-11-20 09:34 - 00360832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcvmm.sys
2017-05-27 14:39 - 2010-11-20 09:34 - 00194944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpchbus.sys
2017-05-27 14:39 - 2010-11-20 09:27 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\vpchbuspipe.dll
2017-05-27 14:39 - 2010-11-20 09:25 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\vpc.exe
2017-05-27 14:39 - 2010-11-20 09:25 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\VPCWizard.exe
2017-05-27 14:39 - 2010-11-20 09:25 - 01369600 _____ (Microsoft Corporation) C:\Windows\system32\VPCSettings.exe
2017-05-27 14:39 - 2010-11-20 07:37 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\VMWindow.exe
2017-05-27 14:39 - 2010-11-20 07:37 - 00936448 _____ (Microsoft Corporation) C:\Windows\system32\vmsal.exe
2017-05-27 14:39 - 2010-11-20 07:35 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\VMCPropertyHandler.dll
2017-05-27 14:39 - 2010-11-20 07:35 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcusb.sys
2017-05-27 14:39 - 2010-11-20 07:35 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcnfltr.sys
2017-05-27 14:39 - 2010-11-20 06:52 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vmsal.exe
2017-05-27 14:38 - 2017-05-27 14:39 - 16070039 _____ C:\Users\Sandie\Downloads\Windows6.1-KB958559-x86-RefreshPkg.msu
2017-05-27 14:38 - 2017-05-27 14:38 - 17091624 _____ C:\Users\Sandie\Downloads\Windows6.1-KB958559-x64-RefreshPkg.msu
2017-05-27 13:29 - 2017-04-27 18:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-05-27 13:29 - 2017-04-17 11:37 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-05-27 13:29 - 2017-04-17 11:37 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-05-27 13:29 - 2017-04-17 11:37 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-05-27 13:29 - 2017-04-17 11:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-05-27 13:29 - 2017-04-17 11:23 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-27 13:29 - 2017-04-17 11:22 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-05-27 13:29 - 2017-04-17 11:21 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-05-27 13:29 - 2017-04-17 11:21 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-05-27 13:29 - 2017-04-17 11:21 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-05-27 13:29 - 2017-04-17 11:21 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-05-27 13:29 - 2017-04-17 11:21 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-05-27 13:29 - 2017-04-17 11:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-05-27 13:29 - 2017-04-17 11:01 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-05-27 13:29 - 2017-04-17 11:01 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-05-27 13:29 - 2017-04-17 11:01 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-05-27 13:29 - 2017-04-17 11:01 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-05-27 13:29 - 2017-04-12 09:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-05-27 13:21 - 2017-05-27 13:21 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\Appsolute
2017-05-27 13:12 - 2017-05-27 13:12 - 00000597 _____ C:\Users\Public\Desktop\MAMP PRO.lnk
2017-05-27 13:12 - 2017-05-27 13:12 - 00000557 _____ C:\Users\Public\Desktop\MAMP.lnk
2017-05-27 13:12 - 2017-05-27 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAMP PRO
2017-05-27 13:12 - 2017-05-27 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAMP
2017-05-27 13:12 - 2017-05-27 13:12 - 00000000 ____D C:\MAMPPRO
2017-05-27 13:12 - 2014-07-30 13:13 - 02097152 _____ (The GLib developer community) C:\Windows\SysWOW64\CORE_RL_glib_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 01324544 _____ C:\Windows\SysWOW64\CORE_RL_magick_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 01129984 _____ (Red Hat Software) C:\Windows\SysWOW64\CORE_RL_pango_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00700928 _____ (ImageMagick Studio LLC) C:\Windows\SysWOW64\CORE_RL_wand_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00464896 _____ C:\Windows\SysWOW64\IM_MOD_RL_pattern_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00449024 _____ (David Turner, Robert Wilhelm, & Werner Lemberg) C:\Windows\SysWOW64\CORE_RL_ttf_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00430592 _____ C:\Windows\SysWOW64\CORE_RL_Magick++_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00427520 _____ (The GTK developer community) C:\Windows\SysWOW64\CORE_RL_librsvg_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00352256 _____ (Mike Welles, mike@onshore.com) C:\Windows\SysWOW64\CORE_RL_tiff_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00307200 _____ (D. R. Commander) C:\Windows\SysWOW64\CORE_RL_jpeg_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00295424 _____ C:\Windows\SysWOW64\CORE_RL_libxml_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00278016 _____ (Google Inc.) C:\Windows\SysWOW64\CORE_RL_webp_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00232960 _____ (Little CMS) C:\Windows\SysWOW64\CORE_RL_lcms_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00215040 _____ C:\Windows\SysWOW64\IM_MOD_RL_magick_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00180224 _____ (Michael David Adams) C:\Windows\SysWOW64\CORE_RL_jp2_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00157184 _____ (Communications and Remote Sensing Lab) C:\Windows\SysWOW64\CORE_RL_openjpeg_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00153088 _____ (Glenn Randers-Pehrson - glennrp@users.sf.net) C:\Windows\SysWOW64\CORE_RL_png_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00132096 _____ C:\Windows\SysWOW64\IM_MOD_RL_png_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00115712 _____ C:\Windows\SysWOW64\IM_MOD_RL_dcm_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00090112 _____ C:\Windows\SysWOW64\IM_MOD_RL_msl_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00068096 _____ (Jean-loup Gailly and Mark Adler) C:\Windows\SysWOW64\CORE_RL_zlib_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00055808 _____ C:\Windows\SysWOW64\IM_MOD_RL_svg_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00050688 _____ (Julian Seward, jseward@acm.org) C:\Windows\SysWOW64\CORE_RL_bzlib_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00049664 _____ (Carlo Baldassi) C:\Windows\SysWOW64\CORE_RL_lqr_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00043520 _____ C:\Windows\SysWOW64\IM_MOD_RL_tiff_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00042496 _____ C:\Windows\SysWOW64\IM_MOD_RL_pdf_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00041984 _____ C:\Windows\SysWOW64\IM_MOD_RL_jpeg_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00041984 _____ (Markus Kuhn, Friedrich-Alexander-University of Erlangen-Nuremberg) C:\Windows\SysWOW64\CORE_RL_jbig_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00038400 _____ C:\Windows\SysWOW64\IM_MOD_RL_ps_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00034816 _____ C:\Windows\SysWOW64\IM_MOD_RL_dds_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00033792 _____ C:\Windows\SysWOW64\IM_MOD_RL_json_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00032256 _____ C:\Windows\SysWOW64\IM_MOD_RL_psd_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00031744 _____ C:\Windows\SysWOW64\IM_MOD_RL_pnm_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00030720 _____ C:\Windows\SysWOW64\IM_MOD_RL_miff_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00027648 _____ C:\Windows\SysWOW64\IM_MOD_RL_pict_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00027648 _____ C:\Windows\SysWOW64\IM_MOD_RL_bmp_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00027136 _____ C:\Windows\SysWOW64\IM_MOD_RL_ps3_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00027136 _____ C:\Windows\SysWOW64\IM_MOD_RL_dpx_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00025600 _____ C:\Windows\SysWOW64\IM_MOD_RL_meta_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00023552 _____ C:\Windows\SysWOW64\IM_MOD_RL_ps2_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00022528 _____ C:\Windows\SysWOW64\IM_MOD_RL_gif_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00022016 _____ C:\Windows\SysWOW64\IM_MOD_RL_mpc_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00022016 _____ C:\Windows\SysWOW64\IM_MOD_RL_cmyk_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00021504 _____ C:\Windows\SysWOW64\IM_MOD_RL_wpg_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00020992 _____ C:\Windows\SysWOW64\IM_MOD_RL_mat_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00020992 _____ C:\Windows\SysWOW64\IM_MOD_RL_icon_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00020480 _____ C:\Windows\SysWOW64\IM_MOD_RL_rgb_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00019968 _____ C:\Windows\SysWOW64\IM_MOD_RL_ycbcr_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00019456 _____ C:\Windows\SysWOW64\IM_MOD_RL_viff_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00019456 _____ C:\Windows\SysWOW64\IM_MOD_RL_cin_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00019456 _____ C:\Windows\SysWOW64\IM_MOD_RL_bgr_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00018432 _____ C:\Windows\SysWOW64\IM_MOD_RL_jp2_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00017920 _____ C:\Windows\SysWOW64\IM_MOD_RL_pcx_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00017920 _____ C:\Windows\SysWOW64\IM_MOD_RL_pcd_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00017408 _____ C:\Windows\SysWOW64\IM_MOD_RL_xpm_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00017408 _____ C:\Windows\SysWOW64\IM_MOD_RL_txt_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00017408 _____ C:\Windows\SysWOW64\IM_MOD_RL_sgi_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00017408 _____ C:\Windows\SysWOW64\IM_MOD_RL_dib_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00016896 _____ C:\Windows\SysWOW64\IM_MOD_RL_pcl_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00016896 _____ C:\Windows\SysWOW64\IM_MOD_RL_palm_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00016896 _____ C:\Windows\SysWOW64\IM_MOD_RL_fits_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00016384 _____ C:\Windows\SysWOW64\IM_MOD_RL_xcf_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00015872 _____ C:\Windows\SysWOW64\IM_MOD_RL_pdb_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00015360 _____ C:\Windows\SysWOW64\IM_MOD_RL_webp_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00015360 _____ C:\Windows\SysWOW64\IM_MOD_RL_sun_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00015360 _____ C:\Windows\SysWOW64\IM_MOD_RL_pango_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00015360 _____ C:\Windows\SysWOW64\IM_MOD_RL_hdr_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00014848 _____ C:\Windows\SysWOW64\IM_MOD_RL_yuv_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00014848 _____ C:\Windows\SysWOW64\IM_MOD_RL_tga_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00014336 _____ C:\Windows\SysWOW64\IM_MOD_RL_cut_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00013824 _____ C:\Windows\SysWOW64\IM_MOD_RL_emf_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00013312 _____ C:\Windows\SysWOW64\IM_MOD_RL_vips_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00013312 _____ C:\Windows\SysWOW64\IM_MOD_RL_mpeg_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00013312 _____ C:\Windows\SysWOW64\IM_MOD_RL_jbig_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_xbm_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_rle_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_raw_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_pes_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_ipl_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00012288 _____ C:\Windows\SysWOW64\IM_MOD_RL_dng_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_xps_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_wbmp_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_vicar_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_uil_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_tim_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_sfw_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_mtv_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_html_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_histogram_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_gray_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_ept_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_cip_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_cals_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_avs_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_aai_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_vid_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_ttf_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_pwp_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_map_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_jnx_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_caption_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_art_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_xtrn_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_uyvy_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_sct_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_rla_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_plasma_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_otb_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_mono_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_label_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_hrz_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_fax_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_url_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_rgf_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_pix_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_mvg_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_clipboard_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_braille_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009728 _____ C:\Windows\SysWOW64\IM_MOD_RL_stegano_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009728 _____ C:\Windows\SysWOW64\IM_MOD_RL_screenshot_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009728 _____ C:\Windows\SysWOW64\IM_MOD_RL_mac_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009728 _____ C:\Windows\SysWOW64\IM_MOD_RL_debug_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_thumbnail_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_scr_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_null_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_info_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_gradient_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_clip_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_xc_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_tile_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_matte_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_mask_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_inline_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_hald_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008192 _____ C:\Windows\SysWOW64\IM_MOD_RL_preview_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008192 _____ C:\Windows\SysWOW64\IM_MOD_RL_mpr_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008192 _____ C:\Windows\SysWOW64\IM_MOD_RL_fd_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00008192 _____ C:\Windows\SysWOW64\IM_MOD_RL_djvu_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_wmf_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_fpx_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_exr_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_dps_.dll
2017-05-27 13:12 - 2014-07-30 13:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_dot_.dll
2017-05-27 13:09 - 2017-05-27 13:12 - 00000000 ____D C:\MAMP
2017-05-27 13:04 - 2017-05-27 13:06 - 323684936 _____ (appsolute Gmbh ) C:\Users\Sandie\Downloads\MAMP_MAMP_PRO_3.3.0.exe
2017-05-27 12:59 - 2017-05-27 12:59 - 00002950 _____ C:\Windows\System32\Tasks\{A7270BBF-DBC2-4E39-B7CC-8CE4880554F1}
2017-05-27 12:59 - 2017-05-27 12:59 - 00002950 _____ C:\Windows\System32\Tasks\{2E7EE484-9507-48D8-984E-2EB9BF56FC8A}
2017-05-21 10:05 - 2017-05-21 10:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-05-21 10:05 - 2017-05-21 10:05 - 00002014 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-05-18 22:17 - 2017-05-18 22:17 - 00166288 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2017-05-18 22:17 - 2017-05-18 22:17 - 00131984 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2017-05-18 08:49 - 2017-05-18 08:50 - 00163644 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2017-05-10 19:15 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 19:15 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 19:15 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 19:15 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 19:15 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 19:15 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 19:15 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 19:15 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 19:15 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 19:15 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 19:15 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 19:15 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 19:15 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 19:15 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 19:15 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 19:15 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 19:15 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation)

(see balance in next post as there's a limit of 50K chars)

 

[PreviousGuy]

(last part...)

C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 19:15 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 19:15 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 19:15 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 19:15 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 19:15 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 19:15 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 19:15 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 19:15 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 19:15 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 19:15 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 19:15 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 19:15 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 19:15 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-10 19:15 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 19:15 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 19:15 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 19:15 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 19:15 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 19:15 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 19:15 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 19:15 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 19:15 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 19:15 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 19:15 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 19:15 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 19:15 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 19:15 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 19:14 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 19:14 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 19:14 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 19:14 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 19:14 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 19:14 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 19:14 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 19:14 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 19:14 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 19:14 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 19:14 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 19:14 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 19:14 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 19:14 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 19:14 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 19:14 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 19:14 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 19:14 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 19:14 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 19:14 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 19:14 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 19:14 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 19:14 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 19:14 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 19:14 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 19:14 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 19:14 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 19:14 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 19:14 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 19:14 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 19:14 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-10 19:14 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 19:14 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-10 19:14 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-10 19:14 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-10 19:14 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 19:14 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-10 19:14 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-10 19:14 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-10 19:14 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-10 19:14 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-10 19:14 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-10 19:14 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-10 19:14 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 19:14 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-10 19:14 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-10 19:14 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 19:14 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-10 19:14 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-10 19:14 - 2017-04-16 04:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-10 19:14 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 19:14 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 19:14 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-10 19:14 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-10 19:14 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-10 19:14 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-10 19:14 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 19:14 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-10 19:14 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-10 19:14 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 19:14 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 19:14 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-10 19:14 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-10 19:14 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-10 19:14 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-10 19:14 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-10 19:14 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 19:14 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-10 19:14 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 19:14 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 19:14 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 19:14 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 19:14 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 19:14 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 19:14 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 19:14 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 19:14 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 19:14 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 19:14 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 19:14 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 19:14 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 19:14 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 19:14 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 19:14 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2017-06-07 18:59 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-07 18:59 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-07 18:56 - 2015-06-29 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-07 18:56 - 2015-06-29 19:10 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-07 18:56 - 2013-11-10 20:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-07 18:53 - 2017-04-19 20:13 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-07 18:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-07 18:32 - 2012-04-29 10:15 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\SoftGrid Client
2017-06-07 18:16 - 2017-04-05 19:16 - 00000242 _____ C:\Windows\Tasks\{1343FF5A-7DA4-6C85-00BC-3EC4A04044F8}.job
2017-06-07 18:15 - 2017-04-05 19:15 - 00000984 _____ C:\Windows\Tasks\Yahoo! Powered tecar.job
2017-06-07 17:10 - 2012-04-28 16:47 - 00060760 _____ C:\Users\Sandie\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-07 16:39 - 2012-05-03 19:06 - 00000000 ____D C:\Users\Sandie\AppData\Local\CrashDumps
2017-06-03 21:31 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-03 21:22 - 2012-05-05 08:20 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\DVDVideoSoft
2017-06-03 13:02 - 2017-03-22 20:25 - 00001298 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2017-06-03 13:02 - 2017-03-22 20:25 - 00000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2017-06-03 13:02 - 2012-05-05 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2017-06-03 13:02 - 2012-05-05 08:21 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2017-06-03 12:58 - 2014-09-16 22:13 - 00000000 ____D C:\ProgramData\Origin
2017-06-02 19:37 - 2012-01-05 08:40 - 00816648 _____ C:\Windows\system32\perfh00C.dat
2017-06-02 19:37 - 2012-01-05 08:40 - 00176502 _____ C:\Windows\system32\perfc00C.dat
2017-06-02 19:37 - 2009-07-14 01:13 - 01859672 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-02 19:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-06-02 19:33 - 2013-02-07 22:15 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\TeamViewer
2017-06-02 19:31 - 2016-11-15 17:42 - 00000000 ____D C:\Users\Sandie\AppData\LocalLow\Mozilla
2017-06-02 16:30 - 2013-05-14 09:49 - 00000000 ___RD C:\Users\Sandie\Desktop\sandie
2017-06-01 18:47 - 2013-01-12 11:04 - 00000000 ____D C:\Users\Sandie\AppData\Local\CutePDF Writer
2017-05-31 19:59 - 2009-07-14 00:45 - 00276280 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-30 22:39 - 2016-11-15 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-30 22:39 - 2015-04-30 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-30 07:26 - 2013-02-07 22:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-28 22:28 - 2012-04-28 16:46 - 00000000 ____D C:\Users\Sandie
2017-05-28 22:26 - 2012-08-31 19:08 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-28 22:26 - 2012-04-29 10:18 - 00000000 ____D C:\Users\Sandie\AppData\Local\Google
2017-05-28 20:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-28 20:40 - 2017-04-17 22:21 - 04077488 ____H C:\Users\Sandie\AppData\Local\IconCache.db.backup
2017-05-28 20:35 - 2016-02-04 23:05 - 00000000 ___RD C:\Users\Sandie\Dropbox
2017-05-28 20:20 - 2016-02-05 07:56 - 00002130 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2017-05-28 20:17 - 2016-02-05 07:39 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-05-28 11:02 - 2012-04-28 16:52 - 00000000 ____D C:\Users\Sandie\AppData\Local\Windows Live
2017-05-27 18:59 - 2012-04-29 10:14 - 01889944 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-27 13:20 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2017-05-27 13:15 - 2012-04-29 10:37 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-27 13:00 - 2014-09-16 22:13 - 00000000 ____D C:\Program Files (x86)\Origin
2017-05-16 19:14 - 2017-05-06 12:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-05-15 21:45 - 2012-04-29 10:29 - 00000000 ____D C:\Users\Sandie\AppData\Local\Adobe
2017-05-15 21:15 - 2012-04-29 10:18 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-15 21:15 - 2012-04-29 10:18 - 00004484 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-15 21:15 - 2011-10-27 06:51 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-15 21:14 - 2012-04-29 10:18 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-15 21:14 - 2011-10-27 06:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-15 21:11 - 2013-05-13 18:10 - 00000000 ____D C:\Users\Sandie\AppData\Roaming\Google
2017-05-15 21:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 18:54 - 2015-12-16 08:00 - 00002148 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-10 18:54 - 2014-02-12 22:51 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Fichiers à la racine de certains dossiers =======

2013-01-11 19:03 - 2013-01-11 19:12 - 0000000 _____ () C:\Users\Sandie\AppData\Roaming\bibstats
2014-07-24 13:45 - 2017-04-20 18:16 - 0000000 _____ () C:\Users\Sandie\AppData\Roaming\Equalizer
2014-07-24 13:45 - 2014-07-24 13:45 - 0000268 ___RH () C:\Users\Sandie\AppData\Roaming\Error Handlers
2014-07-24 13:45 - 2017-04-20 18:16 - 0000000 _____ () C:\Users\Sandie\AppData\Roaming\Examples
2015-01-09 21:47 - 2015-02-10 08:50 - 0000107 _____ () C:\Users\Sandie\AppData\Roaming\sdole32.ini
2014-02-04 23:45 - 2017-04-14 00:21 - 0000355 _____ () C:\Users\Sandie\AppData\Roaming\WB.CFG
2017-05-28 18:50 - 2017-05-28 18:50 - 0000881 _____ () C:\Users\Sandie\AppData\Local\recently-used.xbel
2014-04-06 22:13 - 2017-04-21 17:49 - 0007605 _____ () C:\Users\Sandie\AppData\Local\Resmon.ResmonCfg
2017-05-31 19:49 - 2017-05-31 19:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-07-24 13:45 - 2014-07-24 13:45 - 0000268 ___RH () C:\ProgramData\File Templates
2014-07-24 13:45 - 2014-07-24 13:45 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-07-24 13:45 - 2017-04-20 18:16 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-07-24 13:45 - 2017-04-20 18:16 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

Fichiers à déplacer ou supprimer:
====================
C:\Windows\Tasks\{1343FF5A-7DA4-6C85-00BC-3EC4A04044F8}.job


==================== Bamital & volsnap ======================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement

LastRegBack: 2015-08-12 00:49

==================== Fin de FRST.txt ============================

Thanks for your help!

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

I still need second log from FRST.