¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ QuickDiag | g3n-h@ckm@n | 2_04.04.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ¤¤¤¤¤ - Start 22/05/2016 11:50:19 Updated 04/04/2016 | 18.05 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ [GD windows (Administrator)] - [GDWINDOWS-PC] SID = S-1-5-21-1614556109-2639682541-2892100055-1000 System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 PC : Gigabyte Technology Co., Ltd. - GA-A75M-S2V - Processor : X64 - 2800 Mhz - AMD Athlon(tm) II X4 641 Quad-Core Processor Bios : Award Software International, Inc. - 06/15/2011 - V.F1 CoreTemp : -1° C - Max : ° C Boot: Normal boot ----------> Quick Memory RAM = Total (MB) : 4192 | Free (MB) : 2429 Pagefile = Total (MB) : 8381 | Free (MB) : 6186 Virtual = Total (MB) : 4194 | Free (MB) : 4056 ¤¤¤¤¤¤¤¤¤¤ | Drives E:\ -> [Fixed] | [Verbatim] | Total : 298.02 Go | Free : 60.63 Go -> FAT32 [USB] C:\ -> [Fixed] | [] | Total : 152.38 Go | Free : 47.29 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ | Windows updates Last detection : 2016-05-22 09:42:08 Downloaded last ones : 2016-05-22 09:40:28 Installed last ones : 2016-05-20 17:32:20 Next search : 2016-05-23 03:50:29 Microsoft : + ¤¤¤¤¤¤¤¤¤¤ | Browsers IE : 11.0.9600.18315 (© Microsoft Corporation. Tous droits réservés.) FF : 46.0.1.5966 (©Firefox and Mozilla Developers; available under the MPL 2 license.) Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer Plugin : 21.0.0.242 ¤¤¤¤¤¤¤¤¤¤ | Security AV : Avira Antivirus Disabled AS : Windows Defender Enabled AM : Malwarebytes' Anti-Malware ( 2.3.173.0) [Update : 18/09/2014 13:29:39] FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ | Running processes 288 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23418) = C:\Windows\System32\smss.exe 440 | [Owner : | Parent : 380() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe 508 | [Owner : | Parent : 440(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe 540 | [Owner : | Parent : 456() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe 568 | [Owner : | Parent : 440(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23418) = C:\Windows\System32\lsass.exe 576 | [Owner : | Parent : 440(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe 676 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 748 | [Owner : | Parent : 508(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 335.23.) - (8.17.13.3523) = C:\Windows\System32\nvvsvc.exe 772 | [Owner : | Parent : 508(services.exe) | ?????] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.3523) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 816 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 920 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 956 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1008 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 264 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1016 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe 1112 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1264 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe 1292 | [Owner : | Parent : 508(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.16.251) = C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1324 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1492 | [Owner : | Parent : 508(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.16.251) = C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1524 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1704 | [Owner : | Parent : 508(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Network Service.) - (1.0.2.5) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 1736 | [Owner : | Parent : 508(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (1.7.321.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe 1788 | [Owner : | Parent : 508(services.exe) | ?????] - (.pdfforge GmbH - PDF Architect Helper Service.) - (1.0.0.1) = C:\Program Files (x86)\PDF Architect\HelperService.exe 1812 | [Owner : | Parent : 508(services.exe) | ?????] - (.pdfforge GmbH - PDF Architect Conversion Service.) - (1.1.83.9982) = C:\Program Files (x86)\PDF Architect\ConversionService.exe 1856 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1896 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4311.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1964 | [Owner : | Parent : 508(services.exe) | ?????] - (.Avira Operations GmbH & Co. KG - Avira Service Host.) - (1.1.61.18979) = C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe 1976 | [Owner : | Parent : 1896(WLIDSVC.EXE) | ?????] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4311.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2244 | [Owner : | Parent : 1492(avguard.exe) | ?????] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) - (15.0.16.282) = C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 2760 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 2044 | [Owner : | Parent : 748(nvvsvc.exe) | ?????] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.3523) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 2172 | [Owner : | Parent : 748(nvvsvc.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 335.23.) - (8.17.13.3523) = C:\Windows\System32\nvvsvc.exe 2820 | [Owner : GD windows | Parent : 508(services.exe) | 12.59 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe 620 | [Owner : | Parent : 1736(nvstreamsvc.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (1.7.321.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe 2804 | [Owner : | Parent : 464(csrss.exe) | ?????] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23418) = C:\Windows\System32\conhost.exe 216 | [Owner : GD windows | Parent : 956(svchost.exe) | 31.39 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe 2944 | [Owner : GD windows | Parent : 2800() | 52.91 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.19135) = C:\Windows\explorer.exe 1504 | [Owner : GD windows | Parent : 2948() | 29.29 Mo] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) - (11.10.13.1) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 2680 | [Owner : GD windows | Parent : 316() | 0.66 Mo] - (.Microsoft Corporation - GWX.) - (6.3.9600.18322) = C:\Windows\System32\GWX\GWX.exe 2684 | [Owner : GD windows | Parent : 2944(explorer.exe) | 6.35 Mo] - (.BillP Studios - WinPatrol Change Detection.) - (30.5.2014.1) = C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe 2620 | [Owner : GD windows | Parent : 2944(explorer.exe) | 8.36 Mo] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) - (1.9.3.1) = C:\Users\GD windows\AppData\Local\Akamai\netsession_win.exe 1308 | [Owner : GD windows | Parent : 2620(netsession_win.exe) | 16.54 Mo] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) - (1.9.3.1) = C:\Users\GD windows\AppData\Local\Akamai\netsession_win.exe 2372 | [Owner : GD windows | Parent : 2044(nvxdsync.exe) | 12.4 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.3523) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 3292 | [Owner : | Parent : 2980() | 4.76 Mo] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) - (15.0.16.262) = C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3460 | [Owner : GD windows | Parent : 1964(Avira.ServiceHost.exe) | 31.88 Mo] - (.Avira Operations GmbH & Co. KG - Avira Launcher.) - (1.1.61.18979) = C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe 3600 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe 3920 | [Owner : GD windows | Parent : 2944(explorer.exe) | 351.81 Mo] - (.Mozilla Corporation - Firefox.) - (46.0.1.5966) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe 3468 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 3560 | [Owner : | Parent : 508(services.exe) | ?????] - (.Disc Soft Ltd - Disc Soft Bus Service.) - (10.2.0.114) = C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe 3584 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe 1304 | [Owner : GD windows | Parent : 3480() | 1.54 Mo] - (.Piriform Ltd - CCleaner.) - (5.12.0.5431) = C:\Program Files\CCleaner\CCleaner64.exe 3736 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 3884 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 5068 | [Owner : | Parent : 508(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 4320 | [Owner : | Parent : 3460(Avira.Systray.exe) | 31.54 Mo] - (.Avira Operations GmbH & Co. KG - Control Center.) - (15.0.16.262) = C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe 4596 | [Owner : | Parent : 3584(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe 3756 | [Owner : Système | Parent : 3584(SearchIndexer.exe) | 6.92 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe 2160 | [Owner : GD windows | Parent : 2944(explorer.exe) | 15.4 Mo] - (.SosVirus - QuickDiag.) - (4.4.2016.1) = C:\Users\GD windows\Downloads\quickdiag_2_04.04.2016.1.exe ¤¤¤¤¤¤¤¤¤¤ | MD5 [MD5.9D77CC4A36FEEA644D002CFB9B2D42C0] - [13/02/2016 12:54:56] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3155.5 Ko] - (6.1.7601.19135) : C:\Windows\Explorer.exe [MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 01:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.ACEDF96749861DB3DA92AE9B9D94FE72] - [15/05/2016 11:02:45] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.23418) : C:\Windows\System32\Kernel32.dll [MD5.54C0E3156872881F6AB017210278E27E] - [15/05/2016 11:02:43] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23418) : C:\Windows\System32\lsass.exe [MD5.622C96AFB07BB82C8650B47172137AC4] - [26/04/2016 12:34:47] - (.© Microsoft Corporation. - Distributed COM Services.) - [499.5 Ko] - (6.1.7601.19143) : C:\Windows\System32\rpcss.dll [MD5.DD81D91FF3B0763C392422865C9AC12E] - [14/07/2009 01:57:20] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [44.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.71C85477DF9347FE8E7BC55768473FCA] - [19/05/2015 17:13:28] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.06BF84D26A05D400F6B3FB3D3DE0B03A] - [27/12/2015 12:44:50] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [985 Ko] - (6.1.7601.19061) : C:\Windows\System32\user32.dll [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [20/10/2014 08:48:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe [MD5.9A4A1EEE802BF2F878EE8EAB407B21B7] - [13/11/2015 19:06:45] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [486 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.059F00DEF82BF41E433B7ED465847726] - [21/02/2014 14:38:29] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys [MD5.B8BD2BB284668C84865658C77574381A] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [100 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [14/07/2009 01:19:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 02:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.035C0A9A63DF3F3A52B90D8F6BF0F166] - [15/05/2016 11:02:46] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23418) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.F7309F42555F8AAB7144A51A1F2585B0] - [13/11/2015 19:06:33] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [928.44 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys [MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 05:23:51] - (.© Microsoft Corporation. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\netbt.sys [MD5.47B2D0B31BDC3EBE6090228E2BA3764D] - [26/04/2016 12:33:59] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1644.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys [MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 02:00:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.471815800AE33E6F1C32FB1B97C490CA] - [21/11/2010 05:24:33] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 02:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.04ADD18EE5CC9FBEDAEC1DD1CD0CB45E] - [15/06/2014 10:21:21] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1858.94 Ko] - (6.1.7601.18438) : C:\Windows\System32\Drivers\tcpip.sys [MD5.AA77EB517D2F07A947294F260E3ACA83] - [13/11/2015 19:06:45] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.5 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ¤¤¤¤¤¤¤¤¤¤ | Locked Applications ¤¤¤¤¤¤¤¤¤¤ | Explorer.exe component call (Microsoft Files Whitelisted) ¤¤¤¤¤¤¤¤¤¤ | Svchost.exe component call (Microsoft Files Whitelisted) ¤¤¤¤¤¤¤¤¤¤ | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ¤¤¤¤¤¤¤¤¤¤ | Startings up [HKU\S-1-5-18\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"=C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot "Akamai NetSession Interface"="C:\Users\GD windows\AppData\Local\Akamai\netsession_win.exe" "DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"=C:\Windows\System32\mctadmin.exe [14/07/2009 01:54:49] [HKU\S-1-5-20\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"=C:\Windows\System32\mctadmin.exe [14/07/2009 01:54:49] [HKU\S-1-5-19\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"=C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [25/04/2016 10:41:00] [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ¤¤¤¤¤¤¤¤¤¤ | Startings up registry ¦ Folder ¤¤¤¤¤¤¤¤¤¤ | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=251c9aa6-13f8-45e3-9c20-8117ee1 "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=12000 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u livessp "Authentication Packages"=msv1_0 "LsaPid"=568 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ¤¤¤¤¤¤¤¤¤¤ | .LNK C:\Users\GD windows\AppData\Local\Microsoft\Windows\GameExplorer\{9952B92E-D720-4E3D-BEE7-3C210D319191}\PlayTasks\1\Mode sans échec.lnk (-safemode) C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Logs and errors.lnk (cd) C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Replays.lnk (cd) C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Screenshots.lnk (cd) C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk ("C:\Program Files (x86)\GameforgeLive\Games\FRA_fra\S.K.I.L.L\DFUBG.exe" -start SKILL) C:\ProgramData\Microsoft\Windows\GameExplorer\{9952B92E-D720-4E3D-BEE7-3C210D319191}\PlayTasks\1\Mode sans échec.lnk (-safemode) C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk (/name Microsoft.DefaultPrograms) C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk (startmenu) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk (/showgadgets) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk (/open) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk (%SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk (-NoExit -ImportSystemModules) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Launcher.lnk (/showMiniGui) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\My Avira\Avira.lnk (/showMiniGui) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP270 series\MP Drivers - Programme de désinstallation.lnk (/U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\S.K.I.L.L. - Special Force 2.lnk ("C:\Program Files (x86)\GameforgeLive\Games\FRA_fra\S.K.I.L.L\DFUBG.exe" -start SKILL) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk (/name Microsoft.BackupAndRestore) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk (/show) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk (/disable) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk (/enable) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect\Uninstall or Modify PDF Architect.lnk (/i {064A929A-4DE8-40CF-A901-BD40C14E4D25}) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk (/k "C:\Program Files (x86)\PDFCreator\Images2PDF\Images2PDFC.exe") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Gearbox Software\Brothers In Arms\Désinstaller Brothers In Arms .lnk (Uninstall "BrothersInArms") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Gearbox Software\Brothers In Arms\S'enregistrer.lnk (-i 2186 -g Brothers In Arms -r 7 -c France -l French) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk (--reset-config --reset-plugins-cache vlc://quit) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk (-Iskins) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\Uninstall WinPatrol.lnk (/remove /q0) ¤¤¤¤¤¤¤¤¤¤ | AppCertDlls | AppInit_DLLs ¤¤¤¤¤¤¤¤¤¤ | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ¤¤¤¤¤¤¤¤¤¤ | Policies | Registry [HKU\S-1-5-18\Control Panel\Desktop] "DragFullWindows"=1 "FontSmoothing"=2 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "UserPreferencesMask"=0x9E3E038012000000 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=2 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "Wallpaper"=C:\Users\GD windows\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp [10/01/2016 22:03:28] "Pattern Upgrade"=TRUE [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{645FF040-5081-101B-9F08-00AA002F954E}"=0 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{645FF040-5081-101B-9F08-00AA002F954E}"=0 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "Browse For Folder Width"=347 "Browse For Folder Height"=288 "link"=0x1E000000 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 "TaskbarSizeMove"=1 "DisablePreviewDesktop"=0 "TaskbarSmallIcons"=1 "TaskbarGlomLevel"=0 "Start_TrackProgs"=0 "Start_PowerButtonAction"=2 "Start_TrackDocs"=0 ""=0 [HKU\S-1-5-20\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 [HKU\S-1-5-19\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "SoftwareSASGeneration"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=134 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=0 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "SoftwareSASGeneration"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=74 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ¤¤¤¤¤¤¤¤¤¤ | Winlogon [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin [HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\System32\Userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=0 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=7 "AutoAdminLogon"=1 "DefaultUserName"=GD windows "DefaultDomainName"=GDWINDOWS-PC [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultDomainName"= "DefaultUserName"= "Userinit"=C:\Windows\System32\Userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=0 ¤¤¤¤¤¤¤¤¤¤ | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ¤¤¤¤¤¤¤¤¤¤ | AppcompatFlags [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\Intel Desktop Board\LAN_allWin7_7.031_PV_RTL\setup.exe"=1 "C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33 "C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1 "SIGN.MEDIA=F9AD52 start.exe"=1 "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=32 "SIGN.MEDIA=6C31588D ArcT_Setup.exe"=1 "SIGN.MEDIA=655B242D Setup.exe"=1 "SIGN.MEDIA=1216560E autorun.exe"=1 "SIGN.MEDIA=2CF6AD00 zdsimulator_4.9.6_setup_en.exe"=1 "SIGN.MEDIA=DBF7641C setup.exe"=1 "SIGN.MEDIA=3E7C5D0C autorun.exe"=1 "SIGN.MEDIA=CDBB84CB setup.exe"=1 "SIGN.MEDIA=3C11DEAA setup.exe"=1 "SIGN.MEDIA=7FFC122B Setup.exe"=1 "SIGN.MEDIA=B0FFF0 AutoRun.exe"=1 "SIGN.MEDIA=6FF273C7 Setup.exe"=1 "SIGN.MEDIA=D98D0A8 Autorun.exe"=1 "SIGN.MEDIA=DD8A9836 Setup.exe"=1 "SIGN.MEDIA=FCBF314B setup.exe"=1 "SIGN.MEDIA=AC31A323 install_stoked_big_air_1.00.exe"=1 "SIGN.MEDIA=4EAB6 Autorun.exe"=1 "SIGN.MEDIA=20AFD6FC setup.exe"=1 "SIGN.MEDIA=DEF2CA38 setup.exe"=1 "SIGN.MEDIA=AF753BA6 Setup.exe"=1 "SIGN.MEDIA=4E4AC3E2 setup.exe"=1 "SIGN.MEDIA=D72D6A3A setup.exe"=1 "C:\Users\GD windows\Downloads\wlsetup-webFR.exe"=1 "C:\Users\GD windows\Downloads\wt_launcher_1.0.1.542.exe"=1 "C:\Users\GD windows\Downloads\ava_us_downloader.exe"=1 "C:\Users\GD windows\Downloads\DTLiteInstaller.exe"=1 "SIGN.MEDIA=CEE99198 setup.exe"=1 "SIGN.MEDIA=1A35039 setup.exe"=1 "SIGN.MEDIA=15A5C892 setup.exe"=1 "SIGN.MEDIA=DA60F4FC setup.exe"=1 "SIGN.MEDIA=47502BC1 setup.exe"=1 "SIGN.MEDIA=AA83C6B4 setup.exe"=1 "SIGN.MEDIA=1D5D2CB4 setup.exe"=1 "SIGN.MEDIA=F179722D setup.exe"=1 "SIGN.MEDIA=E617F4 setup.exe"=1 "SIGN.MEDIA=11DD50 setup.exe"=1 "C:\Users\GD windows\Downloads\SKILL_GameforgeLiveSetup.exe"=1 "C:\Windows\IsUn040c.exe"=1 "SIGN.MEDIA=138E7720 Setup.exe"=1 "C:\Users\GD windows\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe"=1 "SIGN.MEDIA=338A414 Setup.exe"=1 "SIGN.MEDIA=15F082 setup.exe"=1 "C:\Users\GD windows\Downloads\Firefox Setup Stub 46.0.1.exe"=1 "C:\Users\GD windows\Downloads\vlc-2.2.3-win32.exe"=1 "C:\Users\GD windows\Downloads\ccsetup512.exe"=1 ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\F] : F:\CoJBiBLauncher.exe (AutoRun) [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\G] : G:\CoJBiBLauncher.exe (AutoRun) [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{9d970d45-9981-11e3-b069-806e6f6e6963}] : D:\setup.exe (AutoRun) [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{e3c57747-b701-11e5-b476-50e5495c87fb}] : G:\CoJBiBLauncher.exe (AutoRun) [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{e3c5774e-b701-11e5-b476-50e5495c87fb}] : G:\setup.exe (AutoRun) ¤¤¤¤¤¤¤¤¤¤ | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ¤¤¤¤¤¤¤¤¤¤ | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920218544262440 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0x396994CD8E2DCF01 [HKLM\Software\WOW6432Node\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ¤¤¤¤¤¤¤¤¤¤ | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ¤¤¤¤¤¤¤¤¤¤ | Winsock (Whitelist) ¤¤¤¤¤¤¤¤¤¤ | Hosts 127.0.0.1 localhost ::1 localhost ¤¤¤¤¤¤¤¤¤¤ | @ [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main] "Start Page"=http://www.google.com/ [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnableNegotiate"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "IE5_UA_Backup_Flag"=5.0 "ZonesSecurityUpgrade"=0xB6A118893F04CA01 "ProxyEnable"=0 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\SysWOW64\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "XMLHTTP"=1 "NoUpdateCheck"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://www.google.com/ "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB5000000B3000000D40400000B030000 "Start Page Redirect Cache"=http://fr.msn.com/?ocid=iehp "Start Page Redirect Cache_TIMESTAMP"=0xF5785AFDF42ECF01 "Start Page Redirect Cache AcceptLangs"=fr "IE8RunOnceLastShown"=1 "IE8RunOnceLastShown_TIMESTAMP"=0x3C1AF411F52ECF01 "IE8TourShown"=1 "IE8TourShownTime"=0x6B8DAD14F52ECF01 "NotifyDownloadComplete"=yes "DisableScriptDebuggerIE"=yes "OperationalData"=5 "Isolation"=PMIL "ImageStoreRandomFolder"=bmdkjrv "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x532E0847223ACF01 "IE10TourShown"=1 "IE10TourShownTime"=0x03D70A1A4036CF01 "Search Bar"=http://www.google.com/ "Use Search Asst"=yes "Isolation64Bit"=0 "DoNotTrack"=1 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x7A452414FE3ACF01 "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "SearchAssistant"=http://www.bing.com/search?q={searchTerms} [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Internet Explorer\SearchURL] "Default"=http://www.bing.com/search?q={searchTerms} [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0xC26D59EBCC2FCF01 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ProxyOverride"= [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Start Page"=http://www.google.com/ [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Start Page"=http://www.google.com/ [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "EnableNegotiate"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Search Bar"=http://www.google.com/ [HKLM\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"=http://www.google.com/ie "Search Bar"=http://www.google.com/ "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 "Local Page"=C:\Windows\SysWOW64\blank.htm "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Tabs"=res://ieframe.dll/tabswelcome.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Search Bar"=http://www.google.com/ [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Search] "SearchAssistant"=http://www.google.com/ie "Search Bar"=http://www.google.com/ "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 "Local Page"=C:\Windows\SysWOW64\blank.htm "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchURL] "Default"=http://www.bing.com/search?q={searchTerms} [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Tabs"=res://ieframe.dll/tabswelcome.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Detection of offsets ¤¤¤¤¤¤¤¤¤¤ | Notify ¤¤¤¤¤¤¤¤¤¤ | SSODL | SEH | URLSH | STS ¤¤¤¤¤¤¤¤¤¤ | Toolbar [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"= [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100001001400000001000000000700005E01000006000000010100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000031A4A325BB30C847AD6AE1063801134F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=20 [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"= "KnownProvidersUpgradeTime"=0xDCC13E1D4036CF01 "Version"=3 "UpgradeTime"=0x559C121E4036CF01 "ShowSearchSuggestionsInAddressGlobal"=1 [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"= [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"= [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"= ¤¤¤¤¤¤¤¤¤¤ | Extensions ¤¤¤¤¤¤¤¤¤¤ | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : ¤¤¤¤¤¤¤¤¤¤ | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Programme d’aide de l’Assistant de connexion au compte Microsoft) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [17/07/2012 14:51:50] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Programme d’aide de l’Assistant de connexion au compte Microsoft) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [17/07/2012 14:51:50] ¤¤¤¤¤¤¤¤¤¤ | Chrome ¤¤¤¤¤¤¤¤¤¤ | Opera ¤¤¤¤¤¤¤¤¤¤ | Firefox [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "FFPDFArchitectConverter@pdfarchitect.com"=C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0] - (Unity Player 4.3.5f1) : C:\Users\GD windows\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\MozillaPlugins\ubisoft.com/uplaypc] - () : C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 21.0.0.242 Plugin) : C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 21.0.0.242 Plugin) : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [GD windows | x5ve8oyw.default-1432227880377] : user_pref("browser.startup.homepage_override.buildID", "20160502172042"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("browser.startup.homepage_override.mstone", "46.0.1"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.adblockplus.currentVersion", "2.7.3"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.adblockplus.notificationdata", "{\"shown\":[],\"lastCheck\":1463909444298,\"softExpiration\":1463996328418,\"hardExpiration\":1464082248143,\"data\":{\"notifications\":[],\"version\":\"201605220930\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":41}"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.blocklist.pingCountTotal", 41); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.blocklist.pingCountVersion", 4); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.bootstrappedAddons", "{\"e10srollout@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@getpocket.com\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"loop@mozilla.org\":{\"version\":\"1.2.6\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\loop@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.7.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\GD windows\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x5ve8oyw.default-1432227880377\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false}}"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.databaseSchema", 17); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.e10sBlockedByAddons", true); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.getAddons.cache.lastUpdate", 1463765658); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.getAddons.databaseSchema", 5); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.hotfix.lastVersion", "20160128.01"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.lastAppVersion", "46.0.1"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.lastPlatformVersion", "46.0.1"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.pendingOperations", false); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.shownSelectionUI", true); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.ui.dictionary.hidden", true); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.ui.experiment.hidden", true); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.ui.lastCategory", "addons://list/extension"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.ui.locale.hidden", true); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("extensions.xpiState", "{\"app-profile\":{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\GD windows\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x5ve8oyw.default-1432227880377\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.7.3\",\"st\":1463566270303}},\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1462255340479},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1462255340528},\"loop@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\loop@mozilla.org.xpi\",\"e\":true,\"v\":\"1.2.6\",\"st\":1462255340684}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"46.0.1\",\"st\":1462255340478}},\"winreg-app-global\":{\"FFPDFArchitectConverter@pdfarchitect.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\PDF Architect\\\\FFPDFArchitectExt\",\"e\":false,\"v\":\"1.0\",\"st\":1393848610497,\"mt\":1365440622000}}}"); [GD windows | x5ve8oyw.default-1432227880377] : user_pref("network.proxy.type", 4); ¤¤¤¤¤¤¤¤¤¤ | Active Connections TCP 127.0.0.1:49197 GDwindows-PC:49198 ESTABLISHED 3920 TCP 127.0.0.1:49198 GDwindows-PC:49197 ESTABLISHED 3920 TCP 192.168.1.135:49190 217.212.238.118:https ESTABLISHED 1308 TCP 192.168.1.135:49194 209.107.220.165:3478 ESTABLISHED 1308 TCP 192.168.1.135:49815 server-52-85-23-192.mrs50.r.cloudfront.net:https ESTABLISHED 3920 TCP 192.168.1.135:49817 server-54-192-216-189.mrs50.r.cloudfront.net:https ESTABLISHED 3920 TCP 192.168.1.135:49819 server-52-85-23-42.mrs50.r.cloudfront.net:https ESTABLISHED 3920 TCP 192.168.1.135:49836 server-52-85-23-39.mrs50.r.cloudfront.net:https ESTABLISHED 3920 TCP 192.168.1.135:49837 server-52-85-23-39.mrs50.r.cloudfront.net:https ESTABLISHED 3920 TCP 192.168.1.135:49838 server-52-85-23-39.mrs50.r.cloudfront.net:https ESTABLISHED 3920 TCP 192.168.1.135:49839 server-52-85-23-39.mrs50.r.cloudfront.net:https ESTABLISHED 3920 TCP 192.168.1.135:49840 server-52-85-23-39.mrs50.r.cloudfront.net:https ESTABLISHED 3920 TCP 192.168.1.135:49841 server-52-85-23-39.mrs50.r.cloudfront.net:https ESTABLISHED 3920 TCP 192.168.1.135:49955 ns3016129.ip-149-202-79.eu:https FIN_WAIT_2 3920 TCP 192.168.1.135:49956 ns3016129.ip-149-202-79.eu:https FIN_WAIT_2 3920 TCP 192.168.1.135:49958 ns3016129.ip-149-202-79.eu:https FIN_WAIT_2 3920 TCP 192.168.1.135:49959 ns3016129.ip-149-202-79.eu:https FIN_WAIT_2 3920 TCP 192.168.1.135:49960 ns3016129.ip-149-202-79.eu:https FIN_WAIT_2 3920 TCP 192.168.1.135:49965 ns3016129.ip-149-202-79.eu:https FIN_WAIT_2 3920 TCP 192.168.1.135:49989 62-210-152-70.rev.poneytelecom.eu:http FIN_WAIT_2 3920 TCP 192.168.1.135:49990 62-210-152-70.rev.poneytelecom.eu:http FIN_WAIT_2 3920 TCP 192.168.1.135:49999 108.161.188.218:http FIN_WAIT_2 3920 TCP 192.168.1.135:50001 62-210-152-70.rev.poneytelecom.eu:http FIN_WAIT_2 3920 TCP 192.168.1.135:50002 62-210-152-70.rev.poneytelecom.eu:http ESTABLISHED 3920 TCP 192.168.1.135:50003 62-210-152-70.rev.poneytelecom.eu:http FIN_WAIT_2 3920 TCP 192.168.1.135:50004 108.161.188.218:http FIN_WAIT_2 3920 TCP 192.168.1.135:50006 108.161.188.218:http FIN_WAIT_2 3920 TCP 192.168.1.135:50009 108.161.188.218:http FIN_WAIT_2 3920 TCP [2a01:cb1d:82b6:4000:c966:6d15:c062:a974]:50022 [2606:2800:234:124e:17ca:871:eb2:2067]:http ESTABLISHED 3920 TCP [2a01:cb1d:82b6:4000:c966:6d15:c062:a974]:50023 par10s22-in-x0e.1e100.net:https ESTABLISHED 3920 ¤¤¤¤¤¤¤¤¤¤ | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6CADD0A5-AF94-4C6A-9558-B0A9314258A8}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{6CADD0A5-AF94-4C6A-9558-B0A9314258A8}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6CADD0A5-AF94-4C6A-9558-B0A9314258A8}] "DhcpNameServer"=192.168.1.1 ¤¤¤¤¤¤¤¤¤¤ | Applications [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ¤¤¤¤¤¤¤¤¤¤ | Svchost - Netsvcs (Whitelisted) Term - : ¤¤¤¤¤¤¤¤¤¤ | Software [HKU\S-1-5-18\Software\AppDataLow] [HKU\S-1-5-18\Software\Avira] [HKU\S-1-5-18\Software\Microsoft] [HKU\S-1-5-18\Software\NVIDIA Corporation] [HKU\S-1-5-18\Software\PDFCreator] [HKU\S-1-5-18\Software\Piriform] [HKU\S-1-5-18\Software\Policies] [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-18\Software\Microsoft\Windows\DWM] [HKU\S-1-5-18\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000_Classes\Software\Microsoft] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000_Classes\Software\Piriform] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000_Classes\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Aeria Games] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Akamai] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\AppDataLow] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Avira] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\BillP Studios] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\BugSplat] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Clients] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Crystal Dynamics] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Cyanide] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Disc Soft] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Electronic Arts] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\ELIGCHK] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\EMU] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Eutechnyx] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\EXE Games] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\FLT] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Gaijin] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Gameforge4d] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Infernum] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\IPACS] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\IZSoftware] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Leadertech] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Logitech] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\M6] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Macromedia] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Malwarebytes' Anti-Malware] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Mojang] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Mozilla] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\MozillaPlugins] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\NVIDIA Corporation] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\PDF Architect] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\PDFCreator] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Piriform] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Policies] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Reality Pump] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Related Designs] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\SecuROM] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\sysinternals] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\tfdfu] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\The Document Foundation] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Trolltech] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\TuneUp] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Ubisoft] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\UIEG] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Unity] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Valve] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Vstep] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Wargaming.net] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\WinRAR SFX] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Wow6432Node] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Zyrax Software] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\SOFTWARE\AppDataLow\Software\Unity] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-20\Software\AppDataLow] [HKU\S-1-5-20\Software\Microsoft] [HKU\S-1-5-20\Software\Piriform] [HKU\S-1-5-20\Software\Policies] [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-20\Software\Microsoft\Windows\DWM] [HKU\S-1-5-20\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-20\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-19\Software\AppDataLow] [HKU\S-1-5-19\Software\Microsoft] [HKU\S-1-5-19\Software\Piriform] [HKU\S-1-5-19\Software\Policies] [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-19\Software\Microsoft\Windows\DWM] [HKU\S-1-5-19\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-19\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AGEIA Technologies] [HKLM\Software\ATI Technologies] [HKLM\Software\BillP Studios] [HKLM\Software\Canon] [HKLM\Software\CBSTEST] [HKLM\Software\Clients] [HKLM\Software\Disc Soft] [HKLM\Software\EA Games] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RTLSetup] [HKLM\Software\Sonic] [HKLM\Software\sysinternals] [HKLM\Software\TuneUp] [HKLM\Software\Wow6432Node] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\anset] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\Avira] [HKLM\Software\WOW6432Node\Bethesda Softworks] [HKLM\Software\WOW6432Node\BillP Studios] [HKLM\Software\WOW6432Node\C07ft5Y] [HKLM\Software\WOW6432Node\Canon] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\Codemasters] [HKLM\Software\WOW6432Node\Disc Soft] [HKLM\Software\WOW6432Node\dll-files.com] [HKLM\Software\WOW6432Node\EA Games] [HKLM\Software\WOW6432Node\Gameforge] [HKLM\Software\WOW6432Node\Gameforge4d] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\LibreOffice] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mojang] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\PDFCreator] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Riot Games] [HKLM\Software\WOW6432Node\Shortcut_Module] [HKLM\Software\WOW6432Node\SOSVirus] [HKLM\Software\WOW6432Node\Taronja] [HKLM\Software\WOW6432Node\Techland] [HKLM\Software\WOW6432Node\The Document Foundation] [HKLM\Software\WOW6432Node\TuneUp] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\X-AVCSD] [HKLM\Software\WOW6432Node\Zemi Interactive] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ¤¤¤¤¤¤¤¤¤¤ | Drives E: ¤¤¤¤¤¤¤¤¤¤ | C: [14/07/2009 05:18:56] - |SHD| - [129] - C:\$Recycle.Bin [13/02/2016 16:22:26] - |HD| - [6537456676] - C:\$WINDOWS.~BT [02/01/2016 11:54:18] - |D| - [3709163663] - C:\AeriaGames [21/05/2015 11:43:50] - |RASHD| - [3] - C:\Autorun.inf [19/02/2014 18:18:57] - |SHD| - [14614380] - C:\Boot [MD5.259525CFB422E6AC8E87BC9777B1DF73] - [19/02/2014 18:18:57] - (.-.) - [383786] - (0.0.0.0) - C:\bootmgr [MD5.F8252FFA542C191EFB989A836C3BFEAB] - [19/02/2014 18:18:59] - (.-.) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK [14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings [09/05/2015 11:03:54] - |SHD| - [12] - C:\found.000 [16/04/2016 10:15:44] - |SHD| - [8197] - C:\found.001 [22/02/2014 14:54:44] - |D| - [17411177087] - C:\Games [MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/02/2014 18:19:39] - (.-.) - [3219136512] - (0.0.0.0) - C:\hiberfil.sys [MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/02/2014 18:19:40] - (.-.) - [4292182016] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 05:20:08] - |D| - [0] - C:\PerfLogs [14/07/2009 05:20:08] - |RD| - [6085636506] - C:\Program Files [14/07/2009 05:20:08] - |RD| - [17884120792] - C:\Program Files (x86) [14/07/2009 05:20:08] - |HD| - [1401437659] - C:\ProgramData [22/05/2016 11:50:16] - |D| - [262056] - C:\QuickDiag [MD5.0C5EEE15CEB5CE861FAA02A72FCE9B6B] - [22/05/2016 11:50:19] - (.-.) - [109997] - (0.0.0.0) - C:\QuickDiag.txt [19/02/2014 19:28:29] - |SHD| - [174130820] - C:\Recovery [11/02/2016 15:19:58] - |D| - [5633380939] - C:\Riot Games [19/02/2014 18:19:38] - |SHD| - [0] - C:\System Volume Information [14/07/2009 05:20:08] - |RD| - [4214670394] - C:\Users [11/09/2015 11:50:21] - |D| - [13264429352] - C:\WarThunder [14/07/2009 05:20:08] - |D| - [32374498414] - C:\Windows ¤¤¤¤¤¤¤¤¤¤ | C:\Windows [14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins [14/07/2009 05:20:08] - |D| - [139805203] - C:\Windows\AppCompat [14/07/2009 05:20:08] - |D| - [10973398] - C:\Windows\AppPatch [14/07/2009 05:20:08] - |RSD| - [1458425920] - C:\Windows\assembly [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [21/11/2010 05:24:22] - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 05:20:09] - |D| - [29062678] - C:\Windows\Boot [MD5.43A8B1DA4A69E165A02A96B9088EF225] - [14/07/2009 07:38:36] - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 05:20:09] - |D| - [3233280] - C:\Windows\Branding [14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors [14/07/2009 06:45:54] - |D| - [3849] - C:\Windows\debug [14/07/2009 07:32:38] - |D| - [3044378] - C:\Windows\diagnostics [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files [12/04/2011 11:27:58] - |D| - [118084593] - C:\Windows\ehome [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\en-US [24/02/2014 10:05:41] - |D| - [69417952] - C:\Windows\ERUNT [MD5.9D77CC4A36FEEA644D002CFB9B2D42C0] - [13/02/2016 12:54:56] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3231232] - (6.1.7601.19135) - C:\Windows\explorer.exe [14/07/2009 05:20:09] - |RSD| - [400820659] - C:\Windows\Fonts [31/07/2015 20:10:57] - |D| - [117440] - C:\Windows\fr [12/04/2011 11:16:36] - |D| - [142848] - C:\Windows\fr-FR [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 05:20:09] - |D| - [21741460] - C:\Windows\Globalization [14/07/2009 05:20:09] - |D| - [85712068] - C:\Windows\Help [MD5.CD47548A52B02D254BF6D7F7A5F2BFD3] - [14/07/2009 02:29:53] - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 02:29:03] - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe [MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [12/04/2011 11:28:50] - (.-.) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml [14/07/2009 05:20:09] - |D| - [143547244] - C:\Windows\IME [14/07/2009 05:20:10] - |D| - [130926258] - C:\Windows\inf [21/02/2014 13:19:34] - |SHD| - [893405926] - C:\Windows\Installer [MD5.29EE0B9590F6DD4B38B46069F58A1521] - [23/01/2016 21:28:04] - (.Copyright© 1990-1997 InstallShield Software Corporation Phone : (847) 240-9111 - InstallShield® unInstaller.) - [316416] - (5.0.212.0) - C:\Windows\IsUn040c.exe [14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 05:20:10] - |D| - [5401518] - C:\Windows\LiveKernelReports [14/07/2009 05:20:10] - |D| - [517376648] - C:\Windows\Logs [14/07/2009 05:20:10] - |RSD| - [13358214] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 05:20:10] - |D| - [1236387273] - C:\Windows\Microsoft.NET [01/03/2014 13:09:05] - |D| - [4376] - C:\Windows\Migration [24/01/2016 10:26:19] - |D| - [0] - C:\Windows\Minidump [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [16/08/2015 11:20:29] - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages [19/02/2014 18:19:11] - |D| - [1378708] - C:\Windows\Panther [31/07/2015 20:09:48] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 07:32:38] - |D| - [62153669] - C:\Windows\Performance [MD5.8A6DBEE8367EEE9996BA88EED777490B] - [21/05/2016 16:46:10] - (.-.) - [848] - (0.0.0.0) - C:\Windows\PFRO.log [14/07/2009 05:20:10] - |D| - [1132015] - C:\Windows\PLA [14/07/2009 05:20:10] - |D| - [2953342] - C:\Windows\PolicyDefinitions [20/05/2015 19:37:09] - |D| - [43497386] - C:\Windows\Prefetch [MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\Registration [02/12/2014 20:00:53] - |D| - [5386588] - C:\Windows\rescache [14/07/2009 05:20:10] - |D| - [1674534] - C:\Windows\Resources [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache [14/07/2009 05:20:10] - |D| - [58021] - C:\Windows\schemas [14/07/2009 05:20:10] - |D| - [1056768] - C:\Windows\security [14/07/2009 06:45:47] - |D| - [68445797] - C:\Windows\ServiceProfiles [14/07/2009 05:20:10] - |D| - [129647350] - C:\Windows\servicing [14/07/2009 06:45:50] - |D| - [42] - C:\Windows\Setup [MD5.4F3BB5CA906CDFED4CBEE14065A561F2] - [21/05/2016 16:46:23] - (.-.) - [336] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/05/2016 16:46:23] - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [12/04/2011 11:27:58] - |D| - [4544] - C:\Windows\ShellNew [19/02/2014 18:22:39] - |D| - [2197536232] - C:\Windows\SoftwareDistribution [14/07/2009 05:20:10] - |D| - [70579144] - C:\Windows\Speech [MD5.127AA81343A7C6F665C22CB1293B0A90] - [23/02/2014 11:15:05] - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\Windows\splwow64.exe [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 05:20:10] - |D| - [4266573763] - C:\Windows\System32 [14/07/2009 05:20:14] - |D| - [1347176828] - C:\Windows\SysWOW64 [14/07/2009 05:20:14] - |D| - [15] - C:\Windows\TAPI [14/07/2009 05:20:14] - |D| - [33504] - C:\Windows\Tasks [14/07/2009 05:20:14] - |D| - [6096] - C:\Windows\Temp [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 07:32:38] - |D| - [13530739] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [21/11/2010 05:25:10] - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss [14/07/2009 05:20:14] - |D| - [40681427] - C:\Windows\Web [MD5.ADBB9FD7DE75761392D57D02C0E2148D] - [14/07/2009 04:34:57] - (.-.) - [411] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.272E945218ADE379E769B4A656FC282E] - [20/05/2015 15:48:07] - (.-.) - [1318133] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 05:20:14] - |D| - [18830080013] - C:\Windows\winsxs [MD5.907AE50A03DEEC4CFFDC70EA3D5AD4D8] - [31/03/2014 21:34:22] - (.© 2012 Microsoft Corporation. Tous droits réservés. - Écran de veille de la Galerie de photos.) - [322248] - (16.4.3528.331) - C:\Windows\WLXPGSS.SCR [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe ¤¤¤¤¤¤¤¤¤¤ | Systemroot\System ¤¤¤¤¤¤¤¤¤¤ | Systemroot\Installer [28/10/2014 12:49:47] - C:\Windows\Installer\16959d.msi : (LibreOffice 4.3 - The Document Foundation) [10/01/2014 21:38:52] - C:\Windows\Installer\1eb456.msi : (Install/UnInstall PhysX Driver + Engines: 2.7.1/3/4/5/6; 2.8.0/1/3 - NVIDIA Corporation) [16/08/2015 11:22:20] - C:\Windows\Installer\25fb73.msi : (Minecraft - Mojang) [14/07/2012 17:33:26] - C:\Windows\Installer\2a7812.msi : (Install/UnInstall PhysX Driver + Engines: 2.3.1/2/3; 2.4.0/1/4; 2.5.0/1/3/4; 2.6.0/1/2/3/4; 2.7.0/1/2/3/4/5/6; 2.8.0/1/3 - NVIDIA Corporation) [25/04/2016 10:48:56] - C:\Windows\Installer\8aa59.msi : (Avira Launcher - Avira Operations GmbH & Co. KG) [08/06/2009 17:55:22] - C:\Windows\Installer\9fd47.msi : (Call of Juarez - Bound in Blood - Techland) [03/03/2014 14:09:12] - C:\Windows\Installer\c8a923.msi : (PDF Architect Installer - pdfforge GmbH) [20/10/2010 15:01:46] - C:\Windows\Installer\d7280.msi : (ProductName from default.wxl - Electronic Arts) [11/02/2016 15:16:46] - C:\Windows\Installer\ef3e0.msi : (League of Legends - Riot Games) ¤¤¤¤¤¤¤¤¤¤ | %System%\*.in* [14/07/2009 06:57:09] - [73] - C:\Windows\System32\desktop.ini [09/05/2015 11:49:07] - [16303] - C:\Windows\System32\ieuinit.inf [14/07/2009 07:13:15] - [1668256] - C:\Windows\System32\PerfStringBackup.INI [10/06/2009 23:01:25] - [60124] - C:\Windows\System32\tcpmon.ini [09/05/2015 11:49:08] - [16303] - C:\Windows\Syswow64\ieuinit.inf [14/07/2009 06:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf [01/03/2014 13:10:42] - [1642388] - C:\Windows\Syswow64\PerfStringBackup.INI ¤¤¤¤¤¤¤¤¤¤ | [GD windows] [19/02/2014 19:28:36] - |HD| - [1873046291] - C:\Users\GD windows\AppData [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\Application Data [19/02/2014 19:28:44] - |RD| - [68791] - C:\Users\GD windows\Contacts [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\Cookies [19/02/2014 19:28:36] - |RD| - [434083511] - C:\Users\GD windows\Desktop [19/02/2014 19:28:36] - |RD| - [36919609] - C:\Users\GD windows\Documents [19/02/2014 19:28:36] - |RD| - [341156807] - C:\Users\GD windows\Downloads [19/02/2014 19:28:36] - |RD| - [3814] - C:\Users\GD windows\Favorites [26/03/2014 13:29:08] - |HD| - [0] - C:\Users\GD windows\InstallAnywhere [19/02/2014 19:28:36] - |RD| - [2414] - C:\Users\GD windows\Links [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\Local Settings [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\Menu Démarrer [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\Mes documents [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\Modèles [19/02/2014 19:28:36] - |RD| - [504] - C:\Users\GD windows\Music [19/02/2014 19:28:35] - |ASH| - [4456448] - C:\Users\GD windows\NTUSER.DAT [19/02/2014 19:28:36] - |ASH| - [262144] - C:\Users\GD windows\ntuser.dat.LOG1 [19/02/2014 19:28:36] - |ASH| - [262144] - C:\Users\GD windows\ntuser.dat.LOG2 [19/02/2014 19:28:36] - |ASH| - [65536] - C:\Users\GD windows\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [19/02/2014 19:28:36] - |ASH| - [524288] - C:\Users\GD windows\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [19/02/2014 19:28:36] - |ASH| - [524288] - C:\Users\GD windows\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [01/06/2015 18:13:48] - |ASH| - [65536] - C:\Users\GD windows\NTUSER.DAT{1efe7ef7-0879-11e5-9d4e-50e5495c87fb}.TM.blf [01/06/2015 18:13:48] - |ASH| - [524288] - C:\Users\GD windows\NTUSER.DAT{1efe7ef7-0879-11e5-9d4e-50e5495c87fb}.TMContainer00000000000000000001.regtrans-ms [01/06/2015 18:13:48] - |ASH| - [524288] - C:\Users\GD windows\NTUSER.DAT{1efe7ef7-0879-11e5-9d4e-50e5495c87fb}.TMContainer00000000000000000002.regtrans-ms [26/04/2015 07:53:47] - |ASH| - [65536] - C:\Users\GD windows\NTUSER.DAT{75b5a7db-ebd8-11e4-be8a-50e5495c87fb}.TM.blf [26/04/2015 07:53:49] - |ASH| - [524288] - C:\Users\GD windows\NTUSER.DAT{75b5a7db-ebd8-11e4-be8a-50e5495c87fb}.TMContainer00000000000000000001.regtrans-ms [26/04/2015 07:53:49] - |ASH| - [524288] - C:\Users\GD windows\NTUSER.DAT{75b5a7db-ebd8-11e4-be8a-50e5495c87fb}.TMContainer00000000000000000002.regtrans-ms [09/05/2015 07:32:51] - |ASH| - [65536] - C:\Users\GD windows\NTUSER.DAT{c42bb2be-f60c-11e4-b8ac-50e5495c87fb}.TM.blf [09/05/2015 07:32:51] - |ASH| - [524288] - C:\Users\GD windows\NTUSER.DAT{c42bb2be-f60c-11e4-b8ac-50e5495c87fb}.TMContainer00000000000000000001.regtrans-ms [09/05/2015 07:32:51] - |ASH| - [524288] - C:\Users\GD windows\NTUSER.DAT{c42bb2be-f60c-11e4-b8ac-50e5495c87fb}.TMContainer00000000000000000002.regtrans-ms [19/02/2014 19:28:36] - |SH| - [20] - C:\Users\GD windows\ntuser.ini [19/02/2014 19:28:35] - |RD| - [781965] - C:\Users\GD windows\Pictures [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\Recent [19/02/2014 19:28:35] - |RD| - [282] - C:\Users\GD windows\Saved Games [19/02/2014 19:28:57] - |RD| - [1020] - C:\Users\GD windows\Searches [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\SendTo [19/02/2014 19:28:35] - |RD| - [54315849] - C:\Users\GD windows\Videos [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\Voisinage d'impression [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\Voisinage réseau [18/03/2014 14:24:34] - |D| - [0] - C:\Users\GD windows\AppData\Local\Adobe [02/01/2016 11:54:24] - |D| - [34926963] - C:\Users\GD windows\AppData\Local\Akamai [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\AppData\Local\Application Data [23/01/2016 22:12:07] - |D| - [152177] - C:\Users\GD windows\AppData\Local\ArmA 2 OA [03/05/2012 13:12:20] - |A| - [532] - C:\Users\GD windows\AppData\Local\datos.txt [19/02/2014 19:31:38] - |D| - [795493] - C:\Users\GD windows\AppData\Local\Diagnostics [10/01/2016 00:31:39] - |D| - [1952] - C:\Users\GD windows\AppData\Local\Disc_Soft_Ltd [03/03/2014 14:22:56] - |D| - [0] - C:\Users\GD windows\AppData\Local\ElevatedDiagnostics [22/10/2014 13:55:05] - |D| - [97336] - C:\Users\GD windows\AppData\Local\EMU [03/03/2014 10:58:14] - |D| - [3] - C:\Users\GD windows\AppData\Local\G2Launcher [14/01/2016 13:44:23] - |D| - [17196] - C:\Users\GD windows\AppData\Local\Gameforge4d [21/02/2014 14:22:17] - |A| - [73640] - C:\Users\GD windows\AppData\Local\GDIPFONTCACHEV1.DAT [14/06/2015 11:39:45] - |D| - [71] - C:\Users\GD windows\AppData\Local\GWX [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\AppData\Local\Historique [19/02/2014 19:31:51] - |AH| - [1816412] - C:\Users\GD windows\AppData\Local\IconCache.db [03/03/2014 11:14:31] - |D| - [43056] - C:\Users\GD windows\AppData\Local\Iron Sky [28/10/2014 13:03:56] - |D| - [953] - C:\Users\GD windows\AppData\Local\Jiri_Cincura_-_x2develop [05/02/2014 22:08:44] - |A| - [193744] - C:\Users\GD windows\AppData\Local\lateral1.bmp [12/11/2010 11:10:58] - |A| - [193744] - C:\Users\GD windows\AppData\Local\lateral2.bmp [05/02/2014 22:10:06] - |A| - [195108] - C:\Users\GD windows\AppData\Local\lateral3.bmp [21/02/2014 14:21:52] - |D| - [0] - C:\Users\GD windows\AppData\Local\Macromedia [19/02/2014 19:28:36] - |D| - [136430956] - C:\Users\GD windows\AppData\Local\Microsoft [21/02/2014 13:08:54] - |D| - [55041770] - C:\Users\GD windows\AppData\Local\Mozilla [13/03/2014 18:39:20] - |D| - [865978516] - C:\Users\GD windows\AppData\Local\NVIDIA [14/03/2014 10:31:47] - |D| - [51108] - C:\Users\GD windows\AppData\Local\NVIDIA Corporation [21/02/2014 21:39:20] - |D| - [0] - C:\Users\GD windows\AppData\Local\Programs [25/03/2014 18:57:33] - |D| - [1278973] - C:\Users\GD windows\AppData\Local\PunkBuster [05/02/2014 23:50:08] - |A| - [43976] - C:\Users\GD windows\AppData\Local\save_en.bmp [05/02/2014 23:49:04] - |A| - [43976] - C:\Users\GD windows\AppData\Local\save_es.bmp [19/02/2014 19:28:36] - |D| - [188066] - C:\Users\GD windows\AppData\Local\Temp [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\AppData\Local\Temporary Internet Files [22/02/2014 10:18:09] - |D| - [1245] - C:\Users\GD windows\AppData\Local\Ubisoft Game Launcher [02/03/2014 18:28:37] - |D| - [0] - C:\Users\GD windows\AppData\Local\Unity [19/02/2014 19:28:42] - |D| - [5436154] - C:\Users\GD windows\AppData\Local\VirtualStore [31/07/2015 18:04:10] - |D| - [32768] - C:\Users\GD windows\AppData\Local\Windows Live [19/02/2014 19:28:56] - |ASH| - [174] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [19/02/2014 19:28:36] - |SHD| - [0] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [21/03/2014 12:28:22] - |RD| - [4961] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [25/05/2014 07:39:02] - |RD| - [174] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/04/2016 09:47:17] - |D| - [0] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Codemasters [21/03/2014 12:28:22] - |ASH| - [174] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [07/09/2015 09:48:11] - |D| - [246] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [25/05/2014 07:39:02] - |RD| - [174] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [11/09/2015 11:50:22] - |D| - [4193] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder [25/05/2014 07:39:02] - |ASH| - [174] - C:\Users\GD windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ¤¤¤¤¤¤¤¤¤¤ | [Public] [14/07/2009 05:20:08] - |RHD| - [11162] - C:\Users\Public\Desktop [14/07/2009 06:54:24] - |ASH| - [174] - C:\Users\Public\desktop.ini [14/07/2009 05:20:08] - |RD| - [278] - C:\Users\Public\Documents [14/07/2009 05:20:08] - |RD| - [174] - C:\Users\Public\Downloads [14/07/2009 05:20:08] - |RHD| - [0] - C:\Users\Public\Favorites [14/07/2009 05:20:08] - |RHD| - [3992] - C:\Users\Public\Libraries [14/07/2009 05:20:08] - |RD| - [17412278] - C:\Users\Public\Music [14/07/2009 05:20:08] - |RD| - [8457108] - C:\Users\Public\Pictures [12/04/2011 11:27:52] - |RD| - [9699579] - C:\Users\Public\Recorded TV [14/07/2009 05:20:08] - |RD| - [26246732] - C:\Users\Public\Videos ¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData [14/07/2009 07:08:56] - |SHD| - [16210224118] - C:\ProgramData\Application Data [24/10/2014 12:11:45] - |D| - [3678208] - C:\ProgramData\Applications [08/03/2015 11:52:28] - |D| - [5306976] - C:\ProgramData\AVAST Software [21/02/2014 14:22:06] - |D| - [887974912] - C:\ProgramData\Avira [19/02/2014 19:28:29] - |SHD| - [11162] - C:\ProgramData\Bureau [03/03/2014 14:23:04] - |HD| - [21473380] - C:\ProgramData\CanonBJ [21/02/2014 21:40:06] - |HD| - [96] - C:\ProgramData\Common Files [02/03/2014 19:58:47] - |D| - [3168] - C:\ProgramData\DAEMON Tools Lite [14/07/2009 07:08:56] - |SHD| - [11162] - C:\ProgramData\Desktop [14/07/2009 07:08:56] - |SHD| - [278] - C:\ProgramData\Documents [21/03/2014 13:34:59] - |D| - [0] - C:\ProgramData\EA Core [21/03/2014 13:34:59] - |D| - [9857] - C:\ProgramData\Electronic Arts [19/02/2014 19:28:29] - |SHD| - [0] - C:\ProgramData\Favoris [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Favorites [03/03/2014 10:58:14] - |D| - [377] - C:\ProgramData\G2Launcher [03/03/2014 11:14:31] - |D| - [240] - C:\ProgramData\Iron Sky [24/02/2014 10:12:17] - |D| - [66772515] - C:\ProgramData\Malwarebytes [06/04/2014 15:59:23] - |D| - [0] - C:\ProgramData\McAfee [19/02/2014 19:28:29] - |SHD| - [206848] - C:\ProgramData\Menu Démarrer [14/07/2009 05:20:08] - |SD| - [553803269] - C:\ProgramData\Microsoft [19/02/2014 19:28:29] - |SHD| - [0] - C:\ProgramData\Modèles [21/02/2014 13:08:44] - |D| - [498] - C:\ProgramData\Mozilla [21/02/2014 14:45:57] - |D| - [275] - C:\ProgramData\NVIDIA [21/02/2014 14:44:35] - |D| - [4092652] - C:\ProgramData\NVIDIA Corporation [26/10/2014 20:23:02] - |D| - [2778] - C:\ProgramData\Orbit [24/08/2014 08:13:06] - |D| - [12877768] - C:\ProgramData\Package Cache [10/01/2016 22:47:29] - |D| - [0] - C:\ProgramData\RELOADED [11/02/2016 15:21:30] - |D| - [39] - C:\ProgramData\Riot Games [14/07/2009 07:08:56] - |SHD| - [206848] - C:\ProgramData\Start Menu [06/03/2014 13:09:12] - |D| - [492530] - C:\ProgramData\Steam [14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Templates [21/02/2014 21:40:10] - |D| - [128321] - C:\ProgramData\TuneUp Software [12/09/2015 07:14:42] - |D| - [4] - C:\ProgramData\WarThunder [21/02/2014 21:40:06] - |SHD| - [28983296] - C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} ¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData\Microsoft\Windows\Start Menu [14/07/2009 07:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk [14/07/2009 06:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [19/02/2014 19:28:29] - |SHD| - [203858] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [14/07/2009 05:20:08] - |RD| - [203858] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [14/07/2009 06:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk ¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [09/01/2016 22:25:04] - |D| - [2706] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company [14/07/2009 05:20:08] - |RD| - [43590] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [14/07/2009 07:32:38] - |RD| - [18363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [21/02/2014 14:22:24] - |D| - [5790] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [03/03/2014 14:23:08] - |D| - [1495] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP270 series [16/04/2016 09:47:18] - |D| - [11941] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters [09/01/2016 22:04:58] - |D| - [903] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [14/07/2009 06:54:23] - |ASH| - [1402] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [14/01/2016 13:44:09] - |D| - [4221] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live [14/07/2009 07:32:38] - |RD| - [6338] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [21/02/2014 21:39:44] - |D| - [4050] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc [11/02/2016 15:19:58] - |D| - [1808] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends [28/10/2014 12:52:59] - |SD| - [9652] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3 [14/07/2009 05:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [18/09/2014 13:29:45] - |D| - [3691] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [24/02/2014 10:12:17] - |D| - [4721] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [19/02/2014 18:23:04] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [07/03/2014 18:24:54] - |D| - [1245] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [16/08/2015 11:23:58] - |D| - [979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft [31/07/2015 20:10:48] - |A| - [1305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [21/02/2014 13:08:45] - |A| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [13/03/2014 18:38:08] - |D| - [11091] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [03/03/2014 14:10:10] - |D| - [3665] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [03/03/2014 14:09:51] - |D| - [11672] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [31/07/2015 20:10:40] - |A| - [1374] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [14/07/2009 06:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [14/07/2009 05:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [12/04/2011 11:27:52] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [28/10/2014 13:07:29] - |D| - [4144] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner [23/01/2016 22:38:02] - |D| - [15275] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [18/05/2016 12:04:32] - |D| - [6774] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [14/07/2009 06:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [19/02/2014 18:22:55] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [14/07/2009 06:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [14/07/2009 06:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [24/10/2014 12:12:43] - |D| - [2020] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone [21/02/2014 14:24:15] - |D| - [8580] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol [14/07/2009 06:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk ¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [14/07/2009 06:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86) [09/01/2016 22:19:38] - |D| - [3712286659] - C:\Program Files (x86)\1C Company [21/02/2014 14:22:06] - |D| - [721704633] - C:\Program Files (x86)\Avira [21/02/2014 14:24:13] - |D| - [2455126] - C:\Program Files (x86)\BillP Studios [14/07/2009 05:20:08] - |D| - [244207756] - C:\Program Files (x86)\Common Files [11/09/2015 11:31:17] - |D| - [0] - C:\Program Files (x86)\DAEMON Tools Lite [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [14/01/2016 13:44:06] - |D| - [4971016291] - C:\Program Files (x86)\GameforgeLive [21/02/2014 13:05:24] - |HD| - [604210262] - C:\Program Files (x86)\InstallShield Installation Information [21/02/2014 13:05:07] - |D| - [10349236] - C:\Program Files (x86)\Intel Desktop Board [14/07/2009 05:20:08] - |D| - [10533617] - C:\Program Files (x86)\Internet Explorer [21/02/2014 21:39:41] - |D| - [16803277] - C:\Program Files (x86)\IZArc [28/10/2014 12:51:23] - |D| - [447857349] - C:\Program Files (x86)\LibreOffice 4 [18/09/2014 13:29:17] - |D| - [60160341] - C:\Program Files (x86)\Malwarebytes Anti-Malware [24/02/2014 10:12:16] - |D| - [13909103] - C:\Program Files (x86)\Malwarebytes' Anti-Malware [07/03/2014 18:24:28] - |D| - [11785929] - C:\Program Files (x86)\Microsoft Games for Windows - LIVE [31/07/2015 20:10:29] - |D| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [23/02/2014 11:13:37] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [16/08/2015 11:23:58] - |D| - [153991343] - C:\Program Files (x86)\Minecraft [21/05/2015 10:25:02] - |D| - [96866568] - C:\Program Files (x86)\Mozilla Firefox [21/02/2014 13:08:44] - |D| - [237316] - C:\Program Files (x86)\Mozilla Maintenance Service [14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild [21/02/2014 14:44:27] - |D| - [251234997] - C:\Program Files (x86)\NVIDIA Corporation [03/03/2014 14:10:09] - |D| - [97187903] - C:\Program Files (x86)\PDF Architect [03/03/2014 14:09:47] - |D| - [24991307] - C:\Program Files (x86)\PDFCreator [21/02/2014 13:05:25] - |D| - [2427271] - C:\Program Files (x86)\Realtek [14/07/2009 07:32:38] - |D| - [39175425] - C:\Program Files (x86)\Reference Assemblies [28/10/2014 13:07:29] - |D| - [5607227] - C:\Program Files (x86)\TagScanner [21/02/2014 19:08:32] - |D| - [6123809875] - C:\Program Files (x86)\Ubisoft [07/03/2014 15:14:40] - |D| - [131454139] - C:\Program Files (x86)\VideoLAN [14/07/2009 07:32:38] - |D| - [524800] - C:\Program Files (x86)\Windows Defender [31/07/2015 20:09:28] - |D| - [85195019] - C:\Program Files (x86)\Windows Live [14/07/2009 05:20:08] - |D| - [6181376] - C:\Program Files (x86)\Windows Mail [14/07/2009 07:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player [14/07/2009 05:20:08] - |D| - [12197556] - C:\Program Files (x86)\Windows NT [24/10/2014 12:12:34] - |D| - [7902222] - C:\Program Files (x86)\Windows Phone [14/07/2009 07:32:38] - |D| - [4417800] - C:\Program Files (x86)\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [6345357] - C:\Program Files (x86)\Windows Sidebar [20/05/2015 16:16:07] - |D| - [0] - C:\Program Files (x86)\ZHPDiag ¤¤¤¤¤¤¤¤¤¤ | C:\Program Files [20/05/2016 20:20:06] - |D| - [18324760] - C:\Program Files\CCleaner [16/04/2016 09:32:49] - |D| - [1278880164] - C:\Program Files\Codemasters [14/07/2009 05:20:08] - |D| - [72070495] - C:\Program Files\Common Files [09/01/2016 22:04:54] - |D| - [35276823] - C:\Program Files\DAEMON Tools Lite [14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini [14/07/2009 07:32:38] - |D| - [90256916] - C:\Program Files\DVD Maker [19/02/2014 19:28:29] - |SHD| - [72070495] - C:\Program Files\Fichiers communs [14/07/2009 05:20:08] - |D| - [30570892] - C:\Program Files\Internet Explorer [07/03/2014 17:39:49] - |D| - [26767439] - C:\Program Files\Java [14/07/2009 07:32:38] - |D| - [149237810] - C:\Program Files\Microsoft Games [14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files\MSBuild [21/02/2014 14:44:27] - |D| - [1119479453] - C:\Program Files\NVIDIA Corporation [14/07/2009 07:32:38] - |D| - [36834473] - C:\Program Files\Reference Assemblies [14/07/2009 07:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information [11/04/2014 13:38:19] - |D| - [3174842918] - C:\Program Files\Velvet Assassin [14/07/2009 07:32:38] - |D| - [4039680] - C:\Program Files\Windows Defender [12/04/2011 11:28:12] - |D| - [9240696] - C:\Program Files\Windows Journal [14/07/2009 05:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail [14/07/2009 07:32:38] - |D| - [7687085] - C:\Program Files\Windows Media Player [14/07/2009 05:20:08] - |D| - [12627636] - C:\Program Files\Windows NT [14/07/2009 07:32:38] - |D| - [5516056] - C:\Program Files\Windows Photo Viewer [14/07/2009 07:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices [14/07/2009 07:32:38] - |D| - [7044767] - C:\Program Files\Windows Sidebar ¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86)\Common Files [14/07/2009 05:20:08] - |D| - [21661234] - C:\Program Files (x86)\Common Files\microsoft shared [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [14/07/2009 05:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines [14/07/2009 05:20:08] - |D| - [10241523] - C:\Program Files (x86)\Common Files\System [31/07/2015 18:03:58] - |D| - [121302066] - C:\Program Files (x86)\Common Files\Windows Live [05/04/2014 20:01:18] - |D| - [49896448] - C:\Program Files (x86)\Common Files\Wise Installation Wizard ¤¤¤¤¤¤¤¤¤¤ | C:\Program Files\Common files [14/07/2009 05:20:08] - |D| - [59268830] - C:\Program Files\Common files\Microsoft Shared [14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files\Common files\Services [14/07/2009 05:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines [14/07/2009 05:20:08] - |D| - [12190195] - C:\Program Files\Common files\System ¤¤¤¤¤¤¤¤¤¤ | Tasks [MD5.9172810D8C3CAB8CF9CB8DA9EF10E59C] - [18/03/2014 14:25:59] - |A| - [1002] - C:\Windows\Tasks\Adobe Flash Player Updater.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 07:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.C7FC87683D0FE4766498F59C9EB2F5A7] - [14/07/2009 07:08:49] - |A| - [32496] - C:\Windows\Tasks\SCHEDLGU.TXT [MD5.305E33B2C237771801A99E50C75FD4AD] - [18/03/2014 14:26:02] - |A| - [3940] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.24B88AE82AB94348F22DC50F032FCBEA] - [20/05/2016 20:20:36] - |A| - [2808] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:13] - |D| - [327038] - C:\Windows\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [14/07/2009 07:09:57] - |D| - [0] - C:\Windows\System32\Tasks\WPD [MD5.00000000000000000000000000000000] - [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ¤¤¤¤¤¤¤¤¤¤ | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{30BF6F1E-52A6-4F0C-9704-27FD93139487}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe|Name=Ubisoft Game Launcher| "{604285E2-5D56-421A-8CE7-C7419473BF9F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe|Name=Ubisoft Game Launcher| "{97774205-2747-4C4D-BBAE-AD4F9C24A2E8}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002| "{1EDB29B3-9E5A-4700-A3D2-091EB73161E3}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|App=C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe|Name=NVIDIA Network Service TCP Exception (HTTP)|Desc=TCP exceptions for NVIDIA Network Service| "{150CB69E-9EB6-4AD8-8260-EF4E3962B6D4}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=443|App=C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe|Name=NVIDIA Network Service TCP Exception (HTTPS)|Desc=TCP exceptions for NVIDIA Network Service| "{6D72BF28-D29E-467E-B44E-8981B0E5362C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47987|LPort=47988|LPort=47989|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe|Name=SHIELD Streaming Service TCP Exception|Desc=TCP exceptions for SHIELD Streaming service| "{199308D1-F28B-4E94-A681-5F6087D7A877}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe|Name=SHIELD Streaming Service UDP Exception|Desc=UDP exceptions for SHIELD Streaming service| "{10CC9BF6-3353-42B0-935D-45A1390394AF}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47991|LPort=47995|LPort=47996|LPort=47998|LPort=35043|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming Application TCP Exception|Desc=TCP exceptions for SHIELD Streaming| "{4D6B9929-EE0B-4297-87EB-7663B37FBBAA}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=48000|LPort=47999|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming Application UDP Exception|Desc=UDP exceptions for SHIELD Streaming| "{A2A5E889-C927-47C2-9C26-040886865DEF}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Velvet Assassin\Launcher.exe|Name=Velvet_Assassin-1| "{F8627942-6E95-4BF7-B4EC-AAA637B1A82F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Velvet Assassin\Launcher.exe|Name=Velvet_Assassin-1| "{62B5D816-612E-4DE7-A990-12BD0F2ADC73}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Velvet Assassin\replay.exe|Name=Velvet_Assassin-2| "{26325B20-C6FB-4E43-A648-5FC9FE3C60E2}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Velvet Assassin\replay.exe|Name=Velvet_Assassin-2| "{98287A34-3387-4716-AEFD-0CF608C7167B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{3812E062-3299-46F9-A6B0-5A91B8883FFE}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{ECB2E78E-87B1-4B87-942D-A6194868D744}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE| "{3FD22EFD-B0E6-4590-B8DE-EA97102094E6}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)| "{E0776944-FCF0-432F-890D-67F703211F25}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)| "TCP Query User{990F0E8D-BE0A-411C-9AE3-2EE83F12DA15}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary| "UDP Query User{D09235B6-C46D-435C-8668-A3DAD6C3F1E3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary| "{4FFB5B9F-971E-40D3-8373-F1635DBEB67D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\WarThunder\launcher.exe|Name=War Thunder launcher| "{76DBCEB4-9B3B-4555-983A-EC62F76C8C4E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\WarThunder\launcher.exe|Name=War Thunder launcher| "{9F094BDF-9CE4-4DD2-8240-DDCE1A0D753D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\WarThunder\bpreport.exe|Name=War Thunder Crash Reporter| "{661E6C7D-79D8-4E41-AF0B-89B64E5BEE3D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\WarThunder\bpreport.exe|Name=War Thunder Crash Reporter| "TCP Query User{4BED04E8-47F4-4E98-B425-510081F49269}C:\warthunder\aces.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\warthunder\aces.exe|Name=aces|Desc=aces|Defer=User| "UDP Query User{FF46BC3B-96E8-4DBD-93D5-EFFB7F3F7418}C:\warthunder\aces.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\warthunder\aces.exe|Name=aces|Desc=aces|Defer=User| "TCP Query User{93034922-9F4A-47E2-BF97-06B9A874B3C0}C:\warthunder\launcher.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\warthunder\launcher.exe|Name=War Thunder Launcher|Desc=War Thunder Launcher| "UDP Query User{63BF036F-7C8B-4007-9F9D-8C5E5DECE29C}C:\warthunder\launcher.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\warthunder\launcher.exe|Name=War Thunder Launcher|Desc=War Thunder Launcher| "{1B07BAB8-5DE2-4FA8-81DF-B2D573FED7FC}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name='Firefox' (C:\Program Files (x86)\Mozilla Firefox)| "{DE6F346A-1B2C-4443-926D-11781A26EE6D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name='Firefox' (C:\Program Files (x86)\Mozilla Firefox)| "TCP Query User{8FF30058-F1DA-4CCA-AE32-49C3546FD818}C:\users\gd windows\appdata\local\akamai\netsession_win.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\gd windows\appdata\local\akamai\netsession_win.exe|Name=netsession_win.exe|Desc=netsession_win.exe|Defer=User| "UDP Query User{7F74B2F9-1F24-4974-B527-F01902D5506C}C:\users\gd windows\appdata\local\akamai\netsession_win.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\gd windows\appdata\local\akamai\netsession_win.exe|Name=netsession_win.exe|Desc=netsession_win.exe|Defer=User| "TCP Query User{4AE961D0-865C-43D6-A01E-A832D44E64D6}C:\users\gd windows\appdata\local\akamai\netsession_win.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\gd windows\appdata\local\akamai\netsession_win.exe|Name=netsession_win.exe|Desc=netsession_win.exe| "UDP Query User{A6FED743-FD9F-432F-9999-F1E467920FBA}C:\users\gd windows\appdata\local\akamai\netsession_win.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\gd windows\appdata\local\akamai\netsession_win.exe|Name=netsession_win.exe|Desc=netsession_win.exe| "{9A10CD9E-A611-4016-8558-312E0A5F3691}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe|Name=Call of Juarez - Bound in Blood| "{1A122F80-9D32-44FE-B148-94CEB7C15035}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe|Name=Call of Juarez - Bound in Blood| "{A1D7B31A-357E-4696-B508-6515A4034F77}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=6881-6889|App=C:\Program Files (x86)\GameforgeLive\gfl_client.exe|Name=Gameforge Live (P2P Inbound)|EmbedCtxt=Gameforge Live|Edge=TRUE|Defer=App| "{2279E73E-9717-4E35-A637-36B86B0B6200}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\GameforgeLive\Games\FRA_fra\S.K.I.L.L\Binaries\Win32\sf2.exe|Name=Special Force 2| "{6C938AEC-CF87-466E-A42D-9BDD6C2E7F25}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\GameforgeLive\Games\FRA_fra\S.K.I.L.L\Binaries\Win32\sf2.exe|Name=Special Force 2| "TCP Query User{27F24871-25FF-458F-9561-783078FA3DDC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "UDP Query User{10EF87DE-4757-48AA-87DD-68813A805FF9}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| "TCP Query User{C8C6E79B-25B2-4864-ADAB-4348F0930653}C:\program files\codemasters\operation flashpoint\flashpointresistance.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\codemasters\operation flashpoint\flashpointresistance.exe|Name=Operation Flashpoint|Desc=Operation Flashpoint| "UDP Query User{D8C8FF07-86E6-426C-8FA5-1481EBD42AB4}C:\program files\codemasters\operation flashpoint\flashpointresistance.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\codemasters\operation flashpoint\flashpointresistance.exe|Name=Operation Flashpoint|Desc=Operation Flashpoint| "TCP Query User{02D4A27B-68F8-4815-9F64-E41464C244EC}C:\warthunder\aces.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\warthunder\aces.exe|Name=aces|Desc=aces| "UDP Query User{5C95ED7E-4795-4A2B-B0F9-3E6D39914CE0}C:\warthunder\aces.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\warthunder\aces.exe|Name=aces|Desc=aces| "{DB102537-B787-45FE-9488-3AF3B6957065}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=1542|Name=Realtek WPS TCP Prot| "{20F63640-C2BD-4FFA-B1CB-655AE0482D11}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1542|Name=Realtek WPS UDP Prot| "{B49CF247-BBCD-4D60-BA9E-EB6F2A75C477}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=53|Name=Realtek AP UDP Prot| "TCP Query User{A80137C5-6CBA-412B-A1EC-D72343F79773}C:\Users\GD windows\Downloads\quickdiag_2_04.04.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\GD windows\Downloads\quickdiag_2_04.04.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User| "UDP Query User{8086F52E-78FA-489A-B2C4-2168ADE624EB}C:\Users\GD windows\Downloads\quickdiag_2_04.04.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\GD windows\Downloads\quickdiag_2_04.04.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User| ¤¤¤¤¤¤¤¤¤¤ | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}] : (dtsoftbus01) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ | Loaded modules (Microsoft Files whitelisted) [22/02/2014 10:16:32] - (1.1.2.5) - (Advanced Micro Devices - Storage Filter Driver) - C:\Windows\system32\drivers\amdxata.sys [21/02/2014 14:22:07] - (14.0.0.311) - (Avira Operations GmbH & Co. KG - Avira Manager Driver) - C:\Windows\system32\DRIVERS\avkmgr.sys [21/02/2014 14:22:07] - (15.0.16.237) - (Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement) - C:\Windows\system32\DRIVERS\avipbb.sys [13/03/2014 18:33:43] - (9.18.13.3523) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 335.23) - C:\Windows\system32\DRIVERS\nvlddmkm.sys [21/02/2014 13:05:28] - (7.31.1025.2010) - (Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver ) - C:\Windows\system32\DRIVERS\Rt64win7.sys [09/01/2016 22:05:00] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver) - C:\Windows\system32\DRIVERS\dtlitescsibus.sys [13/03/2014 18:33:46] - (1.2.20.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\Windows\system32\drivers\nvvad64v.sys [09/01/2016 22:06:00] - (3.3.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual USB Bus Driver) - C:\Windows\system32\DRIVERS\dtliteusbbus.sys [13/03/2014 18:33:44] - (1.3.30.1) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys [19/06/2010 00:36:04] - (1.0.1.0) - (Siliten - Flex Define Keyboard Driver) - C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [21/02/2014 14:22:07] - (15.0.16.222) - (Avira Operations GmbH & Co. KG - Avira Minifilter Driver) - C:\Windows\system32\DRIVERS\avgntflt.sys [21/02/2014 14:22:07] - (15.0.16.230) - (Avira Operations GmbH & Co. KG - Avira WFP Network Driver) - C:\Windows\system32\DRIVERS\avnetflt.sys ¤¤¤¤¤¤¤¤¤¤ | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R0 - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys R0 - amdxata () -> system32\drivers\amdxata.sys R0 - atapi (Canal IDE) -> system32\drivers\atapi.sys R0 - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys R0 - CNG () -> System32\Drivers\cng.sys R0 - Disk (Pilote de disque) -> system32\drivers\disk.sys R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys S0 - Fs_Rec () -> (?) R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys R0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys R0 - KSecDD () -> System32\Drivers\ksecdd.sys R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys R0 - msahci () -> system32\drivers\msahci.sys R0 - msisadrv () -> system32\drivers\msisadrv.sys R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys R0 - pci (Pilote de bus PCI) -> system32\drivers\pci.sys R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys R0 - spldr (Security Processor Loader Driver) -> (?) R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys R0 - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys R0 - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys R0 - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys R1 - avipbb (avipbb) -> system32\DRIVERS\avipbb.sys R1 - avkmgr (avkmgr) -> system32\DRIVERS\avkmgr.sys R1 - Beep (Beep) -> (?) R1 - blbdrive () -> system32\DRIVERS\blbdrive.sys R1 - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys R1 - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys R1 - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys R1 - Msfs () -> (?) R1 - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> system32\DRIVERS\mssmbios.sys R1 - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys R1 - Npfs () -> (?) R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys R1 - Null () -> (?) R1 - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys R1 - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys R1 - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys R1 - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys R1 - Serial (Pilote de port série) -> system32\DRIVERS\serial.sys R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys R1 - TermDD (Pilote de périphérique terminal) -> system32\DRIVERS\termdd.sys R1 - VgaSave () -> \SystemRoot\System32\drivers\vga.sys R1 - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys R1 - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys R1 - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys R2 - AntiVirSchedulerService (Avira Planificateur) -> "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" R2 - AntiVirService (Avira Protection temps réel) -> "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" S2 - AntiVirWebService (Avira Protection Web) -> "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" R2 - AudioEndpointBuilder (@%SystemRoot%\system32\audiosrv.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - AudioSrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - avgntflt (avgntflt) -> system32\DRIVERS\avgntflt.sys R2 - Avira.ServiceHost (Avira Service Host) -> "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" R2 - avnetflt (avnetflt) -> system32\DRIVERS\avnetflt.sys R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs S2 - clr_optimization_v4.0.30319_32 (Microsoft .NET Framework NGEN v4.0.30319_X86) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe S2 - clr_optimization_v4.0.30319_64 (Microsoft .NET Framework NGEN v4.0.30319_X64) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DcomLaunch (@oleres.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - DiagTrack (@%SystemRoot%\system32\UtcResources.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork R2 - eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys R2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys S2 - MMCSS (@%systemroot%\system32\mmcss.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService R2 - NvNetworkService (NVIDIA Network Service) -> "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" R2 - NvStreamSvc (NVIDIA Streamer Service) -> "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" R2 - nvsvc (NVIDIA Display Driver Service) -> "C:\Windows\system32\nvvsvc.exe" R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - PDF Architect Helper Service (PDF Architect Helper Service) -> "C:\Program Files (x86)\PDF Architect\HelperService.exe" R2 - PDF Architect Service (PDF Architect Service) -> "C:\Program Files (x86)\PDF Architect\ConversionService.exe" R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS R2 - RpcSs (@oleres.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss R2 - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe R2 - Stereo Service (NVIDIA Stereoscopic 3D Driver Service) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - UxSms (@%SystemRoot%\system32\dwm.exe,-2000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - WinDefend (@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103) -> %SystemRoot%\System32\svchost.exe -k secsvcs R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - Wlansvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - wlidsvc (Windows Live ID Sign-in Assistant) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" R2 - WMPNetworkSvc (@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101) -> "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding R2 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs ¤¤¤¤¤¤¤¤¤¤ | System files (Microsoft Files whitelisted) [MD5.2F6B34B83843F0C5118B63AC634F5BF4] - [10/06/2009 22:36:24] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [479.58 Ko] - (1.6.6.4) - C:\Windows\System32\Drivers\adp94xx.sys [MD5.597F78224EE9224EA1A13D6350CED962] - [13/07/2009 23:59:32] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [331.58 Ko] - (1.6.6.1) - C:\Windows\System32\Drivers\adpahci.sys [MD5.E109549C90F62FB570B9540C4B148E54] - [13/07/2009 23:59:33] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) - [178.58 Ko] - (7.2.0.0) - C:\Windows\System32\Drivers\adpu320.sys [MD5.5812713A477A3AD7363C7438CA2EE038] - [14/07/2009 01:19:47] - (.Copyright (C) Acer Laboratories Inc. 2000 - ALi mini IDE Driver.) - [15.08 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\aliide.sys [MD5.1FF8B4431C353CE385C875F194924C0C] - [14/07/2009 01:19:49] - (.Copyright (C) AMD 2003 - Pilote IDE AMD.) - [15.08 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\amdide.sys [MD5.D4121AE6D0C0E7E13AA221AA57EF2D49] - [22/02/2014 10:16:32] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [105.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdsata.sys [MD5.F67F933E79241ED32FF46A4F29B5120B] - [10/06/2009 22:37:35] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [189.58 Ko] - (3.6.1540.127) - C:\Windows\System32\Drivers\amdsbs.sys [MD5.540DAF1CEA6094886D72126FD7C33048] - [22/02/2014 10:16:32] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [26.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdxata.sys [MD5.C484F8CEB1717C540242531DB7845C4E] - [13/07/2009 23:59:33] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [85.58 Ko] - (5.2.0.10384) - C:\Windows\System32\Drivers\arc.sys [MD5.019AF6924AEFE7839F61C830227FE79C] - [13/07/2009 23:59:33] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [95.56 Ko] - (5.2.0.16119) - C:\Windows\System32\Drivers\arcsas.sys [MD5.0ACC06FCF46F64ED4F11E57EE461C1F4] - [05/10/2009 17:34:00] - (.Copyright (C) 2001-2009 Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) - [1506.5 Ko] - (8.0.0.238) - C:\Windows\System32\Drivers\athrx.sys [MD5.742D578C28F6F58B8B576F91A1D8EB4E] - [21/02/2014 14:22:07] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira Minifilter Driver.) - [151.19 Ko] - (15.0.16.222) - C:\Windows\System32\Drivers\avgntflt.sys [MD5.FBC2483AD62FBC8BD76A4254C50874BA] - [21/02/2014 14:22:07] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira Driver for Security Enhancement.) - [130.05 Ko] - (15.0.16.237) - C:\Windows\System32\Drivers\avipbb.sys [MD5.390184FAD8FCC1B6DA25AEBAE928C3B6] - [21/02/2014 14:22:07] - (.Copyright © 2000 - 2013 Avira Operations GmbH & Co. KG and its Licensors - Avira Manager Driver.) - [27.93 Ko] - (14.0.0.311) - C:\Windows\System32\Drivers\avkmgr.sys [MD5.7FDC860B34BDFFDFCE98622F81F24FA9] - [21/02/2014 14:22:07] - (.Copyright © 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira WFP Network Driver.) - [68.25 Ko] - (15.0.16.230) - C:\Windows\System32\Drivers\avnetflt.sys [MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - [10/06/2009 22:34:23] - (.Copyright 2000-2008, Broadcom Corporation. - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) - [264.5 Ko] - (10.100.4.0) - C:\Windows\System32\Drivers\b57nd60a.sys [MD5.F09EEE9EDC320B5E1501F749FDE686C8] - [14/07/2009 03:19:59] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [18 Ko] - (1.10.0.2) - C:\Windows\System32\Drivers\BrFiltLo.sys [MD5.B114D3098E9BDB8BEA8B053685831BE6] - [14/07/2009 03:20:21] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [8.5 Ko] - (1.4.0.1) - C:\Windows\System32\Drivers\BrFiltUp.sys [MD5.43BEA8D483BF1870F018E2D02E06A5BD] - [14/07/2009 03:19:06] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Pilote Brother Série I/F (WDM).) - [280 Ko] - (1.0.1.6) - C:\Windows\System32\Drivers\BrSerId.sys [MD5.A6ECA2151B08A09CACECA35C07F05B42] - [14/07/2009 03:20:11] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [46 Ko] - (1.0.0.20) - C:\Windows\System32\Drivers\BrSerWdm.sys [MD5.B79968002C277E869CF38BD22CD61524] - [14/07/2009 03:20:26] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [14.63 Ko] - (1.0.0.12) - C:\Windows\System32\Drivers\BrUsbMdm.sys [MD5.A87528880231C54E75EA7A44943B38BF] - [14/07/2009 03:20:15] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [14.38 Ko] - (1.0.1.3) - C:\Windows\System32\Drivers\BrUsbSer.sys [MD5.3E5B191307609F7514148C6832BB0842] - [10/06/2009 22:34:28] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [457.5 Ko] - (4.8.2.0) - C:\Windows\System32\Drivers\bxvbda.sys [MD5.E19D3F095812725D88F9001985B94EDD] - [14/07/2009 01:19:48] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [17.08 Ko] - (2.0.7.0) - C:\Windows\System32\Drivers\cmdide.sys [MD5.679FF716052109392D870F6A6C4A3535] - [09/01/2016 22:05:00] - (.Copyright (C) 2000-2015 - DAEMON Tools Lite Virtual SCSI Bus Driver.) - [29.55 Ko] - (5.28.0.0) - C:\Windows\System32\Drivers\dtlitescsibus.sys [MD5.DCAF642BF2091D9ED68AF3AE84306992] - [09/01/2016 22:06:00] - (.Copyright (C) 2000-2015 - DAEMON Tools Lite Virtual USB Bus Driver.) - [45.3 Ko] - (3.3.0.0) - C:\Windows\System32\Drivers\dtliteusbbus.sys [MD5.0E5DA5369A0FCAEA12456DD852545184] - [10/06/2009 22:36:49] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [518.06 Ko] - (7.2.10.211) - C:\Windows\System32\Drivers\elxstor.sys [MD5.DC5D737F51BE844D8C82C695EB17372F] - [10/06/2009 22:34:33] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3209 Ko] - (4.8.13.0) - C:\Windows\System32\Drivers\evbda.sys [MD5.F2523EF6460FC42405B12248338AB2F0] - [14/07/2009 00:53:43] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [30.5 Ko] - (1.31.27127.0) - C:\Windows\System32\Drivers\hcw85cir.sys [MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - [21/11/2010 05:23:47] - (.Copyright (c) 2004-2010 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [76.88 Ko] - (6.12.6.64) - C:\Windows\System32\Drivers\HpSAMD.sys [MD5.AAAF44DB3BD0B9D1FB6969B23ECC8366] - [22/02/2014 10:16:32] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [400.88 Ko] - (8.6.2.1014) - C:\Windows\System32\Drivers\iaStorV.sys [MD5.5C18831C61933628F5BB0EA2675B9D21] - [13/07/2009 23:59:33] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [43.08 Ko] - (5.4.22.0) - C:\Windows\System32\Drivers\iirsp.sys [MD5.CAA8BC6737DFA3BF1A50175CFB226788] - [19/06/2010 00:36:04] - (.Copyright (C) 2000 - 2010 - Flex Define Keyboard Driver.) - [17.5 Ko] - (1.0.1.0) - C:\Windows\System32\Drivers\InputFilter_FlexDef2b.sys [MD5.1A93E54EB0ECE102495A51266DCDB6A6] - [13/07/2009 23:59:34] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [112.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_fc.sys [MD5.1047184A9FDC8BDBFF857175875EE810] - [13/07/2009 23:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [104.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_sas.sys [MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - [13/07/2009 23:59:34] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [64.06 Ko] - (2.0.2.71) - C:\Windows\System32\Drivers\lsi_sas2.sys [MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - [13/07/2009 23:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [113.06 Ko] - (1.28.3.67) - C:\Windows\System32\Drivers\lsi_scsi.sys [MD5.78BFF5425E044086E74E78650A359FBB] - [24/02/2014 10:12:16] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [26.38 Ko] - (0.1.16.0) - C:\Windows\System32\Drivers\mbam.sys [MD5.1239597BAB7EED2BB16D035AF87E65D9] - [18/09/2014 13:29:30] - (.© Malwarebytes. - Malwarebytes Chameleon Protection Driver.) - [137.38 Ko] - (1.1.22.0) - C:\Windows\System32\Drivers\mbamchameleon.sys [MD5.78488AF2AB2111D67B3C4044707A519B] - [18/09/2014 13:30:28] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [187.71 Ko] - (0.3.0.4) - C:\Windows\System32\Drivers\MBAMSwissArmy.sys [MD5.A55805F747C6EDB6A9080D7C633BD0F4] - [10/06/2009 22:37:14] - (.Copyright © LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64.) - [34.56 Ko] - (4.5.1.64) - C:\Windows\System32\Drivers\megasas.sys [MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - [13/07/2009 23:59:33] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [278.06 Ko] - (13.5.409.2009) - C:\Windows\System32\Drivers\MegaSR.sys [MD5.452ACB7A9914398D9E18CCCFFCF92208] - [18/09/2014 13:29:30] - (.© Malwarebytes Corporation. - Malwarebytes Web Access Control.) - [63.38 Ko] - (1.0.6.0) - C:\Windows\System32\Drivers\mwac.sys [MD5.77889813BE4D166CDAB78DDBA990DA92] - [13/07/2009 23:59:33] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [50.06 Ko] - (7.10.0.0) - C:\Windows\System32\Drivers\nfrd960.sys [MD5.E366A5681C50785D4ED04FCFD65C3415] - [13/03/2014 18:33:44] - (.(C) NVIDIA Corporation. - NVIDIA HDMI Audio Driver.) - [192.78 Ko] - (1.3.30.1) - C:\Windows\System32\Drivers\nvhda64v.sys [MD5.757ACE4D4C9FF0571F86AA5D586B45E8] - [13/03/2014 18:33:43] - (.(C) 2014 NVIDIA Corporation. - NVIDIA Windows Kernel Mode Driver, Version 335.23.) - [12410.28 Ko] - (9.18.13.3523) - C:\Windows\System32\Drivers\nvlddmkm.sys [MD5.0A92CB65770442ED0DC44834632F66AD] - [22/02/2014 10:16:32] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [144.88 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvraid.sys [MD5.DAB0E87525C10052BF65F06152F37E4A] - [22/02/2014 10:16:32] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvstor.sys [MD5.939C0FAE9CC0CDD69E6508BDE4C11FE5] - [13/03/2014 18:33:46] - (.(C) NVIDIA Corporation. - NVIDIA Virtual Audio Driver.) - [38.28 Ko] - (1.2.20.0) - C:\Windows\System32\Drivers\nvvad64v.sys [MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - [10/06/2009 22:37:36] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1489.08 Ko] - (9.1.8.6) - C:\Windows\System32\Drivers\ql2300.sys [MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - [13/07/2009 23:59:34] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [125.58 Ko] - (2.1.3.20) - C:\Windows\System32\Drivers\ql40xx.sys [MD5.2777226EE8BF50B059D7A7C90177E99C] - [21/02/2014 13:05:28] - (.Copyright (C) 2010 Realtek Semiconductor Corporation. All Right Reserved. - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver .) - [397.1 Ko] - (7.31.1025.2010) - C:\Windows\System32\Drivers\Rt64win7.sys [MD5.FA088015155C4C6DAB5D1D9E68EB9D6B] - [17/05/2016 19:21:59] - (.Copyright (C) 2006 Realtek Semiconductor Corporation - Realtek RTL81892CE NDIS Driverr.) - [1115.6 Ko] - (1005.15.223.2011) - C:\Windows\System32\Drivers\rtl8192ce.sys [MD5.3EA8A16169C26AFBEB544E0E48421186] - [14/07/2009 04:36:07] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [22.5 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys [MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - [10/06/2009 22:37:40] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [42.56 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys [MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - [13/07/2009 23:59:33] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [78.58 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys [MD5.EF806D212D34B0E173BAEB3564D53E37] - [19/09/2009 05:30:14] - (.Copyright (c) 1997-2009 MCCI - SAMSUNG USB Mobile Device.) - [124.5 Ko] - (5.0.0.0) - C:\Windows\System32\Drivers\ss_bbus.sys [MD5.946684DEF391FA17A830091EA84E74FE] - [19/09/2009 05:30:14] - (.Copyright (c) 1997-2009 MCCI Corporation - Windows 2000/XP support functions.) - [15 Ko] - (5.0.0.0) - C:\Windows\System32\Drivers\ss_bcm.sys [MD5.946684DEF391FA17A830091EA84E74FE] - [19/09/2009 05:30:14] - (.Copyright (c) 1997-2009 MCCI Corporation - Windows 2000/XP support functions.) - [15 Ko] - (5.0.0.0) - C:\Windows\System32\Drivers\ss_bcmnt.sys [MD5.08B1B34ABEBEB6AC2DEA06900C56411E] - [19/09/2009 05:30:14] - (.Copyright (c) 1997-2009 MCCI Corporation - SAMSUNG USB Mobile Modem Filter.) - [18.5 Ko] - (5.0.0.0) - C:\Windows\System32\Drivers\ss_bmdfl.sys [MD5.71A9DA6BEAA4CB54DFB827FB78600A5D] - [19/09/2009 05:30:14] - (.Copyright (c) 1997-2009 MCCI Corporation - SAMSUNG USB Mobile Modem.) - [157.5 Ko] - (5.0.0.0) - C:\Windows\System32\Drivers\ss_bmdm.sys [MD5.677CDC98F8363ACCAAE783FDE1599C2A] - [19/09/2009 05:30:14] - (.Copyright (c) 1997-2009 MCCI Corporation - SAMSUNG USB Mobile Logging Device Driver.) - [125 Ko] - (5.0.0.0) - C:\Windows\System32\Drivers\ss_bserd.sys [MD5.CC98D196AFAD3580E454DDED14BDAC7A] - [19/09/2009 05:30:14] - (.Copyright (c) 1997-2009 MCCI Corporation - SAMSUNG USB Mobile Device (Windows 2000/XP support functions).) - [15.5 Ko] - (5.0.0.0) - C:\Windows\System32\Drivers\ss_bwh.sys [MD5.CC98D196AFAD3580E454DDED14BDAC7A] - [19/09/2009 05:30:14] - (.Copyright (c) 1997-2009 MCCI Corporation - SAMSUNG USB Mobile Device (Windows 2000/XP support functions).) - [15.5 Ko] - (5.0.0.0) - C:\Windows\System32\Drivers\ss_bwhnt.sys [MD5.F3817967ED533D08327DC73BC4D5542A] - [13/07/2009 23:59:33] - (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) - [24.08 Ko] - (5.0.1.1) - C:\Windows\System32\Drivers\stexstor.sys [MD5.E5689D93FFE4E5D66C0178761240DD54] - [14/07/2009 01:19:50] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [17.08 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys [MD5.5E2016EA6EBACA03C04FEAC5F330D997] - [10/06/2009 22:37:58] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [158.08 Ko] - (6.0.6000.6210) - C:\Windows\System32\Drivers\vsmraid.sys [MD5.890CADA2AB7ACF53A5F9CCE7515522A2] - [23/01/2016 22:39:34] - (.Copyright (c) 1998-2002 Macrovision Corp. - Macrovision SECURITY Driver.) - [12.17 Ko] - (3.17.0.0) - C:\Windows\Syswow64\Drivers\SECDRV.SYS ¤¤¤¤¤¤¤¤¤¤ | Uninstall [HKU\S-1-5-21-1614556109-2639682541-2892100055-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Akamai] : (Akamai NetSession Interface.-.Akamai Technologies, Inc) -> "C:\Users\GD windows\AppData\Local\Akamai\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Lite] : (DAEMON Tools Lite.-.Disc Soft Ltd) -> C:\Program Files\DAEMON Tools Lite\uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series] : (Canon MP270 series MP Drivers.-.) -> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{84481A87-2316-4923-8FAB-3BA8CA29323D}] : (WinPatrol.-.BillP Studios) -> C:\PROGRA~3\INSTAL~1\{84481~1\Setup.exe /remove /q0 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA Pilote 3D Vision 335.23.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{3D72F3AC-C5DD-48E4-B94D-59A01926D849}\NVI2.DLL",UninstallPackage Display.3DVision [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 335.23.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 335.23.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{3D72F3AC-C5DD-48E4-B94D-59A01926D849}\NVI2.DLL",UninstallPackage Display.Driver [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 1.8.2.1.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{3D72F3AC-C5DD-48E4-B94D-59A01926D849}\NVI2.DLL",UninstallPackage Display.GFExperience [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB] : (NVIDIA Pilote du contrôleur 3D Vision 335.21.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{3D72F3AC-C5DD-48E4-B94D-59A01926D849}\NVI2.DLL",UninstallPackage Display.NVIRUSB [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 11.10.13.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer] : (NVIDIA LED Visualizer 1.0.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC] : (GeForce Experience NvStream Client Components.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA Pilote audio HD : 1.3.30.1.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{3D72F3AC-C5DD-48E4-B94D-59A01926D849}\NVI2.DLL",UninstallPackage HDAudio.Driver [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service] : (NVIDIA Network Service.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 11.10.13.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.20.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{3D72F3AC-C5DD-48E4-B94D-59A01926D849}\NVI2.DLL",UninstallPackage VirtualAudio.Driver [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 21 NPAPI.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Avira Antivirus] : (Avira Antivirus.-.Avira Operations GmbH & Co. KG) -> C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\BrothersInArms] : (Brothers In Arms.-.Ubisoft) -> C:\Program Files (x86)\Ubisoft\Gearbox Software\BrothersInArms\System\Setup.exe uninstall "BrothersInArms" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Death to Spies - Moment of Truth_is1] : (Death to Spies - Moment of Truth.-.) -> "C:\Program Files (x86)\1C Company\Death to Spies - Moment of Truth\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}] : (Call of Juarez - Bound in Blood.-.Ubisoft) -> C:\Program Files (x86)\InstallShield Installation Information\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\setup.exe -runfromtemp -l0x040c [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\League of Legends 3.0.1] : (League of Legends.-.Riot Games) -> msiexec.exe /x {3E75652D-99B1-417E-B163-BEF33CAD3F16} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] : (Malwarebytes Anti-Malware version 2.2.1.1043.-.Malwarebytes) -> "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 46.0.1 (x86 fr)] : (Mozilla Firefox 46.0.1 (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Special Force 2 Beta_is1] : (S.K.I.L.L. - Special Force 2.-.) -> "C:\Program Files (x86)\GameforgeLive\Games\FRA_fra\S.K.I.L.L\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}] : (Minecraft.-.Mojang) -> MsiExec.exe /X{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E75652D-99B1-417E-B163-BEF33CAD3F16}] : (League of Legends.-.Riot Games) -> MsiExec.exe /X{3E75652D-99B1-417E-B163-BEF33CAD3F16} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40C98ADC-A44D-401E-BDDD-5094E4CF7D09}] : (Avira Launcher.-.Avira Operations GmbH & Co. KG) -> MsiExec.exe /X{40C98ADC-A44D-401E-BDDD-5094E4CF7D09} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}] : (.-.) -> MsiExec /X{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}] : (NVIDIA PhysX.-.NVIDIA Corporation) -> MsiExec.exe /X{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] : (Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}] : (LibreOffice 4.3.2.2.-.The Document Foundation) -> MsiExec.exe /I{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1] : (Gameforge Live 2.0.10.-.Gameforge) -> "C:\Program Files (x86)\GameforgeLive\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{bfb60b68-92b8-481b-b416-7e05b4ea01c9}] : (Avira Launcher.-.Avira Operations GmbH & Co. KG) -> "C:\ProgramData\Package Cache\{bfb60b68-92b8-481b-b416-7e05b4ea01c9}\Avira.OE.Setup.Bundle.exe" /uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FEFAF112-4DA8-479C-89E2-7DE25091711A}] : (Call of Juarez - Bound in Blood.-.Ubisoft) -> ¤¤¤¤¤¤¤¤¤¤ | Installer [HKCR\Installer\Products\211FAFEF8AD4C974982ED72E051917A1] : Call of Juarez - Bound in Blood -> C:\Windows\Installer\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27] : Minecraft -> C:\Windows\Installer\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}\minecraft.ico [HKCR\Installer\Products\69A46712847638B4987EA70536FB51C6] : Movie Maker [HKCR\Installer\Products\74D764464EFFCBF4BAAB0ABD28A971BE] : NVIDIA PhysX [HKCR\Installer\Products\7AB7040836775934BA8925331F3BE456] : NVIDIA PhysX -> C:\Windows\Installer\{80407BA7-7763-4395-AB98-5233F1B34E65}\icon.ico [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10 [HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110 [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT [HKCR\Installer\Products\B4EB76DD26E75124FA3A1F328A003A98] : Movie Maker [HKCR\Installer\Products\B9FB157332F56794AA26B14F7D19CDEF] : Photo Common [HKCR\Installer\Products\C99F31C9A1E66214EA19AE2AADED806D] : LibreOffice 4.3.2.2 -> C:\Windows\Installer\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}\soffice.ico [HKCR\Installer\Products\CDA89C04D44AE104DBDD05494EFCD790] : Avira Launcher [HKCR\Installer\Products\D25657E31B99E7141B36EB3FC3DAF361] : League of Legends -> C:\Windows\Installer\{3E75652D-99B1-417E-B163-BEF33CAD3F16}\lol.launcher_1.exe [HKCR\Installer\Products\E66BAA708174D2242981A4BFC329A217] : Photo Gallery [HKCR\Installer\Products\EE45E936AC59EAC47997B63AD2E5FA84] : Windows Phone app for desktop -> C:\Windows\Installer\{639E54EE-95CA-4CAE-9779-6BA32D5EAF48}\WindowsPhoneConnectorIcon [HKCR\Installer\Products\F187AF9E08E3993428A5DAE3112CC877] : MSVCRT110_amd64 [HKCR\Installer\Products\FF43B934E47F70845B2EB4575815ADB6] : Galerie de photos ¤¤¤¤¤¤¤¤¤¤ | ADS ¤¤¤¤¤¤¤¤¤¤ | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 83-Linux 950G Yes No 2,048 945,139,200 1 1 05-FAT16x 4.1G No No 945,143,294 8,380,418 ¤¤¤¤¤¤¤¤¤¤ | MBR Windows Version: Windows 7 Home Premium Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: Award Software International, Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: GA-A75M-S2V Logical Drives Mask: 0x0000001c Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ¤¤¤¤¤¤¤¤¤¤( EOF)¤¤¤¤¤¤¤¤¤¤ - 2827 | 12:05:55