--------------- QuickDiag | g3n-h@ckm@n | 2_02.08.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 11/08/2016 00:25:23 Updated 02/08/2016 | 16.05 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [maxime (Administrator)] - [MAXIME-PC] (S-1-5-21-4220562382-2957486902-2068712973-1001) System: Microsoft Windows 7 Édition Familiale Premium - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Édition Familiale Premium |C:\Windows|\Device\Harddisk0\Partition2 Boot : Normal boot PC: K93SV - ASUSTeK Computer Inc. - IdNumber: * - UUID: A1AA08E8-5C9B-E111-A412-10BF48D9B599 Processor : X64 - 1995 Mhz - Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz BIOS Date: 11/22/11 16:50:00 Ver: 04.06.04 - eng - American Megatrends Inc. - S/N: * - K93SV 209 - _ASUS_ - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1043105C&REV_1001\4&118C41F&0&0001 Kinoni Audio Source - Status: Error - Manufacturer: Kinoni - PNPDeviceID: ROOT\MEDIA\0000 ---------- | Video Intel(R) HD Graphics Family - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumdx32,igd10umd32,igd10umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0116&SUBSYS_105C1043&REV_09\3&11583659&2&10 - AdapterCompatibility: Intel Corporation - RAM: 1898432512 NVIDIA GeForce GT 540M - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_0DF4&SUBSYS_105C1043&REV_A1\4&24208504&0&0008 - AdapterCompatibility: NVIDIA - RAM: 1073741824 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics Family - DriverVersion: 8.15.10.2345 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:0 % CPU #2 value:0 % CPU #3 value:31 % CPU #4 value:0 % CPU #5 value:0 % CPU #6 value:0 % CPU #7 value:0 % CPU #8 value:0 % Total Overall CPU Usage value:4 % ---------- | Network Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Atheros AR9285 Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:4 bytes/sec, / RECEIVE Maximum:0 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Atheros AR9285 Wireless Network Adapter - Ethernet 802.3 - Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\001517FFFF24141200 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Apple Mobile Device Ethernet - - - Status: - PnPID : RAS Async Adapter - Réseau étendu (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_105C1043&REV_06\3E000000684CE00000 ---------- | Memory RAM = Total (MB) : 4101 | Free (MB) : 1885 Pagefile = Total (MB) : 8200 | Free (MB) : 5243 Virtual = Total (MB) : 4194 | Free (MB) : 4031 Physical Memory 1 : Capacity: 4294967296 - ChannelA-DIMM1 - Posit.: 1 - Manufacturer: Hynix/Hyundai - PartNumber: HMT351S6BFR8C-H9 - S/N: 1044E89D ---------- | SID Users Administrateur : [S-1-5-21-4220562382-2957486902-2068712973-500] HomeGroupUser$ : [S-1-5-21-4220562382-2957486902-2068712973-1003] Invité : [S-1-5-21-4220562382-2957486902-2068712973-501] maxime : [S-1-5-21-4220562382-2957486902-2068712973-1001] UpdatusUser : [S-1-5-21-4220562382-2957486902-2068712973-1000] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Utilisateurs : [S-1-5-32-545] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-4220562382-2957486902-2068712973-1002] ---------- | Drives G:\ -> [CDROM] | [Iomega_CD] | Total : 0.08 Go | Free : 0 Go -> CDFS [USB] E:\ -> [CDROM] | [FM2014] | Total : 1.26 Go | Free : 0 Go -> UDF [ATAPI] D:\ -> [Fixed] | [Data] | Total : 515.81 Go | Free : 515.65 Go -> NTFS [ATA] C:\ -> [Fixed] | [OS] | Total : 390.7 Go | Free : 164.2 Go -> NTFS [ATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:98,361 bytes/sec Max Read:0 bytes/sec, Max Write:98,361 bytes/sec Physical Drive #\ [MAXIME-PC\Disque, physique(1)\Écritures, disque,, octets/s] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:98,361 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKST31000528AS____________________________CC46____\4&99640E4&0&0.0.0 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - External hard disk media - 0 Part. - PnPID : USBSTOR\DISK&VEN_OEM&PROD_EXT_HARD_DISK&REV_0000\0200000000016662&0 ---------- | Windows updates Last detection : 2016-08-10 20:50:31 Downloaded last ones : 2016-08-10 20:54:09 Installed last ones : 2016-08-10 08:46:33 Next search : 2016-08-11 15:41:31 Windows Is Activated ---------- | Browsers IE : 10.0.9200.16843 (© Microsoft Corporation. Tous droits réservés.) FF : 47.0.0.5999 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 51.0.2704.84 (Copyright 2015 Google Inc.) Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" ---------- | FlashPlayer FlashPlayer ActiveX : 22.0.0.210 FlashPlayer Plugin : 22.0.0.209 ---------- | Security AM : Malwarebytes' Anti-Malware ( 2.3.173.0) [Update : 13/05/2014 19:44:15] FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 496 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23418) = C:\Windows\System32\smss.exe [10/05/2016 21:25:23] CPU Usage:0 % 764 | [Owner : | Parent : 660() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 01:52:37] CPU Usage:0 % 820 | [Owner : | Parent : 764(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [16/05/2015 23:54:56] CPU Usage:0 % 844 | [Owner : | Parent : 764(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23452) = C:\Windows\System32\lsass.exe [14/06/2016 21:55:13] CPU Usage:0 % 852 | [Owner : | Parent : 764(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [18/02/2011 21:49:25] CPU Usage:0 % 956 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 148 | [Owner : | Parent : 820(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 268.39.) - (8.17.12.6839) = C:\Windows\System32\nvvsvc.exe [28/04/2011 16:19:18] CPU Usage:0 % 348 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 444 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 612 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 600 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 812 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1036 | [Owner : | Parent : 772(GoogleUpdate.exe) | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [17/10/2014 06:12:42] CPU Usage:0 % 1208 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1308 | [Owner : | Parent : 820(services.exe) | ?????] - (.ASUSTeK Computer Inc. - ASUS FastBoot.) - (1.0.9.0) = C:\Windows\System32\FBAgent.exe [10/06/2011 01:38:36] CPU Usage:0 % 1344 | [Owner : | Parent : 820(services.exe) | ?????] - (.ASUS - ASLDR Service.) - (1.0.51.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [16/06/2009 02:30:42] CPU Usage:0 % 1396 | [Owner : | Parent : 820(services.exe) | ?????] - (.ASUS - GFNEXSrv.) - (1.0.10.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [15/12/2009 19:39:38] CPU Usage:0 % 1424 | [Owner : | Parent : 820(services.exe) | ?????] - (.AVAST Software - avast! Service.) - (11.2.2738.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [14/06/2016 20:26:08] CPU Usage:0 % 1596 | [Owner : | Parent : 148(nvvsvc.exe) | ?????] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (7.17.12.6839) = C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe [28/04/2011 16:18:46] CPU Usage:0 % 1608 | [Owner : | Parent : 148(nvvsvc.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 268.39.) - (8.17.12.6839) = C:\Windows\System32\nvvsvc.exe [28/04/2011 16:19:18] CPU Usage:0 % 1732 | [Owner : | Parent : 812(svchost.exe) | ?????] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [18/02/2011 21:49:31] CPU Usage:0 % 1756 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe [28/03/2014 20:28:23] CPU Usage:0 % 1812 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1976 | [Owner : | Parent : 820(services.exe) | ?????] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.16.6751) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [14/12/2015 00:48:02] CPU Usage:0 % 2032 | [Owner : | Parent : 820(services.exe) | ?????] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.84) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [02/03/2016 15:31:28] CPU Usage:0 % 1116 | [Owner : | Parent : 820(services.exe) | ?????] - (.ASUS - Wireless Console 3 service.) - (1.0.0.2) = C:\Program Files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe [11/03/2014 12:04:16] CPU Usage:0 % 1432 | [Owner : | Parent : 820(services.exe) | ?????] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe [12/08/2015 17:03:42] CPU Usage:0 % 640 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 2152 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 2184 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - MsCamSvc.exe.) - (3.60.253.0) = C:\Program Files\Microsoft LifeCam\MSCamS64.exe [13/12/2010 15:37:16] CPU Usage:0 % 2288 | [Owner : | Parent : 820(services.exe) | ?????] - (.Sony Corporation - Device Information Provider.) - (6.3.0.8201) = C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [20/08/2012 15:17:32] CPU Usage:0 % 2356 | [Owner : | Parent : 820(services.exe) | ?????] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [13/05/2016 15:13:26] CPU Usage:0 % 2688 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [08/10/2014 18:18:56] CPU Usage:0 % 2748 | [Owner : | Parent : 820(services.exe) | ?????] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.12.6839) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [28/04/2011 15:04:06] CPU Usage:0 % 2776 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 2860 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4225.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [21/09/2010 23:49:00] CPU Usage:0 % 2932 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [24/03/2014 21:21:36] CPU Usage:0 % 2964 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [08/10/2014 18:18:50] CPU Usage:0 % 3096 | [Owner : | Parent : 2860(WLIDSVC.EXE) | ?????] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4225.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [21/09/2010 23:49:00] CPU Usage:0 % 3264 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service .) - (14.0.7147.5000) = C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [18/03/2015 19:51:28] CPU Usage:0 % 3888 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 3996 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe [18/02/2011 21:49:44] CPU Usage:0 % 3524 | [Owner : | Parent : 820(services.exe) | ?????] - (.Avast Software - AvastVirtualBox Interface.) - (5.0.132.688) = C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [14/06/2016 20:25:11] CPU Usage:0 % 4556 | [Owner : maxime | Parent : 820(services.exe) | 8.05 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [24/03/2014 21:09:16] CPU Usage:0 % 4600 | [Owner : maxime | Parent : 612(svchost.exe) | 43.22 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 01:37:38] CPU Usage:0 % 4628 | [Owner : maxime | Parent : 4580() | 36.08 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23418) = C:\Windows\explorer.exe [14/06/2016 21:54:17] CPU Usage:0 % 4812 | [Owner : | Parent : 1116(ASNB4LDRSvc.exe) | ?????] - (.ASUSTeK Computer Inc. - A program that manage wireless devices in system.) - (3.0.45.0) = C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [06/03/2014 17:43:30] CPU Usage:0 % 4832 | [Owner : maxime | Parent : 1308(FBAgent.exe) | 1.79 Mo] - (.ASUS - AsScrPro.) - (1.0.0.9) = C:\Windows\AsScrPro.exe [10/06/2011 01:40:15] CPU Usage:0 % 4928 | [Owner : maxime | Parent : 812(svchost.exe) | 3.96 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [18/02/2011 21:49:31] CPU Usage:0 % 5004 | [Owner : maxime | Parent : 4628(explorer.exe) | 3.31 Mo] - (.Intel Corporation - igfxTray Module.) - (8.15.10.2345) = C:\Windows\System32\igfxtray.exe [20/06/2011 16:02:04] CPU Usage:0 % 5028 | [Owner : maxime | Parent : 4628(explorer.exe) | 2.44 Mo] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2345) = C:\Windows\System32\hkcmd.exe [20/06/2011 16:01:38] CPU Usage:0 % 5060 | [Owner : maxime | Parent : 4628(explorer.exe) | 4.21 Mo] - (.Intel Corporation - persistence Module.) - (8.15.10.2345) = C:\Windows\System32\igfxpers.exe [20/06/2011 16:01:59] CPU Usage:0 % 5112 | [Owner : maxime | Parent : 4628(explorer.exe) | 4.21 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.68) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [10/06/2011 01:29:20] CPU Usage:0 % 772 | [Owner : | Parent : 1732(taskeng.exe) | ?????] - (.Google Inc. - Programme d'installation de Google.) - (1.3.28.13) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13/04/2011 04:33:23] CPU Usage:0 % 4284 | [Owner : maxime | Parent : 812(svchost.exe) | 3.27 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe [18/02/2011 21:49:31] CPU Usage:0 % 4260 | [Owner : maxime | Parent : 4628(explorer.exe) | 4.23 Mo] - (.Apple Inc. - iTunesHelper.) - (12.3.3.17) = C:\Program Files\iTunes\iTunesHelper.exe [19/03/2016 02:41:58] CPU Usage:0 % 2388 | [Owner : maxime | Parent : 4284(taskeng.exe) | 0.42 Mo] - (.ASUS - Power4Gear Hybrid.) - (1.1.1.11) = C:\Program Files\P4G\BatteryLife.exe [01/06/2011 00:10:30] CPU Usage:0 % 2480 | [Owner : maxime | Parent : 4928(taskeng.exe) | 0.53 Mo] - (.ASUS - ATKOSD2.) - (7.0.12.5) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [17/08/2010 23:55:42] CPU Usage:0 % 2584 | [Owner : maxime | Parent : 4284(taskeng.exe) | 0.33 Mo] - (.ASUS - ACMON .) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [02/08/2010 20:18:42] CPU Usage:0 % 2572 | [Owner : maxime | Parent : 4628(explorer.exe) | 27.02 Mo] - (.Valve Corporation - Steam Client Bootstrapper.) - (3.55.92.67) = C:\Program Files (x86)\Steam\Steam.exe [16/03/2011 11:47:16] CPU Usage:0 % 3980 | [Owner : | Parent : 772(GoogleUpdate.exe) | ?????] - (.Google Inc. - Google Crash Handler.) - (1.3.30.3) = C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe [11/05/2016 20:50:00] CPU Usage:0 % 4448 | [Owner : | Parent : 772(GoogleUpdate.exe) | ?????] - (.Google Inc. - Google Crash Handler.) - (1.3.30.3) = C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe [11/05/2016 20:50:00] CPU Usage:0 % 4864 | [Owner : maxime | Parent : 4628(explorer.exe) | 10.78 Mo] - (.PLX Technology - Gateway.) - (1.0.2.0) = C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe [04/02/2011 12:27:54] CPU Usage:0 % 5132 | [Owner : maxime | Parent : 956(svchost.exe) | 2.25 Mo] - (.ASUSTeK - ACEngSvr Module.) - (1.0.0.4) = C:\Windows\SysWOW64\ACEngSvr.exe [10/06/2011 01:38:27] CPU Usage:0 % 5392 | [Owner : maxime | Parent : 5024() | 11.94 Mo] - (.Intel Corporation - IAStorIcon.) - (10.1.2.1004) = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [10/06/2011 01:22:46] CPU Usage:0 % 5440 | [Owner : maxime | Parent : 5024() | 2.76 Mo] - (.Virage Logic Corporation / Sonic Focus - ASUS_MATray.exe.) - (1.0.0.2) = C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [10/07/2010 07:45:00] CPU Usage:0 % 5552 | [Owner : maxime | Parent : 1308(FBAgent.exe) | 2.86 Mo] - (.CyberLink - CyberLink MediaLibray Service.) - (2.1.1803.0) = C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [02/11/2009 23:21:26] CPU Usage:0 % 5560 | [Owner : maxime | Parent : 5024() | 2.38 Mo] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) - (2.0.28.0) = C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [17/11/2010 18:53:16] CPU Usage:0 % 5652 | [Owner : maxime | Parent : 5024() | 1.73 Mo] - (.ASUS - ATK Media.) - (2.0.9.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [07/10/2010 23:05:14] CPU Usage:0 % 5708 | [Owner : maxime | Parent : 5024() | 1.38 Mo] - (.ASUS - HControlUser.) - (1.0.50.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [19/06/2009 19:29:42] CPU Usage:0 % 5740 | [Owner : maxime | Parent : 5024() | 2.6 Mo] - (.ASUSTek Computer Inc. - USB Charger+.) - (2.0.0.0) = C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [10/06/2011 01:38:40] CPU Usage:0 % 5760 | [Owner : maxime | Parent : 5024() | 2.27 Mo] - (.CyberLink Corp. - PowerDVD RC Service.) - (10.0.1403.0) = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [03/02/2010 09:08:56] CPU Usage:0 % 5772 | [Owner : maxime | Parent : 5024() | 1.45 Mo] - (.cyberlink - brs.) - (3.2010.250.4712) = C:\Program Files (x86)\CyberLink\Shared files\brs.exe [10/06/2011 01:43:26] CPU Usage:0 % 5828 | [Owner : maxime | Parent : 5024() | 2.81 Mo] - (.Sony Corporation - Media Check Tool.) - (6.3.0.8201) = C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [20/08/2012 15:12:34] CPU Usage:0 % 5836 | [Owner : maxime | Parent : 5024() | 12.25 Mo] - (.AVAST Software - avast! Antivirus.) - (11.2.2738.17) = C:\Program Files\AVAST Software\Avast\avastui.exe [27/06/2016 21:30:37] CPU Usage:0 % 5860 | [Owner : maxime | Parent : 5024() | 8.98 Mo] - (. - RealDownloader.) - (18.1.4.142) = C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [13/05/2016 14:27:18] CPU Usage:0 % 5892 | [Owner : maxime | Parent : 5024() | 3.03 Mo] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\AppService.exe [01/07/2016 23:45:02] CPU Usage:0 % 6020 | [Owner : | Parent : 820(services.exe) | ?????] - (.Apple Inc. - iPodService Module (64-bit).) - (12.3.3.17) = C:\Program Files\iPod\bin\iPodService.exe [19/03/2016 02:42:00] CPU Usage:0 % 6052 | [Owner : maxime | Parent : 4628(explorer.exe) | 27.44 Mo] - (.Intel® Corporation - Intel® Turbo Boost Technology Monitor 2.0.) - (2.1.23.0) = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe [30/11/2010 00:01:00] CPU Usage:0 % 6104 | [Owner : maxime | Parent : 1308(FBAgent.exe) | 3.66 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.662) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10/06/2011 01:29:20] CPU Usage:0 % 5096 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 2488 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe [18/02/2011 21:49:55] CPU Usage:0 % 6316 | [Owner : | Parent : 820(services.exe) | ?????] - (.Google Inc. - Programme d'installation de Google.) - (1.3.28.13) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13/04/2011 04:33:23] CPU Usage:0 % 6780 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [18/02/2011 21:49:58] CPU Usage:0 % 7116 | [Owner : maxime | Parent : 956(svchost.exe) | 3.44 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe [14/07/2009 01:47:12] CPU Usage:0 % 2492 | [Owner : | Parent : 820(services.exe) | ?????] - (.Intel(R) Corporation - Turbo Boost Monitor Service.) - (2.1.23.0) = C:\Program Files\Intel\TurboBoost\TurboBoost.exe [30/11/2010 00:00:56] CPU Usage:0 % 5268 | [Owner : maxime | Parent : 2572(Steam.exe) | 13.39 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (3.55.92.67) = C:\Program Files (x86)\Steam\bin\steamwebhelper.exe [18/11/2014 13:23:36] CPU Usage:0 % 5640 | [Owner : | Parent : 820(services.exe) | ?????] - (.Valve Corporation - Steam Client Service.) - (3.55.92.67) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe [08/01/2015 20:54:16] CPU Usage:0 % 696 | [Owner : | Parent : 820(services.exe) | ?????] - (.Intel Corporation - IAStorDataSvc.) - (10.1.2.1004) = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [10/06/2011 01:22:46] CPU Usage:0 % 6640 | [Owner : | Parent : 820(services.exe) | ?????] - (.Intel Corporation - Local Manageability Service.) - (7.0.4.1197) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [10/06/2011 01:28:07] CPU Usage:0 % 6616 | [Owner : | Parent : 820(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - (1.0.21.0) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/06/2011 01:26:28] CPU Usage:0 % 3476 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:31:13] CPU Usage:0 % 1324 | [Owner : | Parent : 820(services.exe) | ?????] - (.Intel Corporation - User Notification Service.) - (7.0.4.1197) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [10/06/2011 01:28:07] CPU Usage:0 % 2612 | [Owner : maxime | Parent : 812(svchost.exe) | 7.51 Mo] - (.Microsoft Corporation - Windows Update.) - (7.6.7601.19161) = C:\Windows\System32\wuauclt.exe [08/03/2016 21:35:01] CPU Usage:0 % 1688 | [Owner : maxime | Parent : 956(svchost.exe) | 5.14 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) = C:\Windows\SysWOW64\dllhost.exe [14/07/2009 01:43:52] CPU Usage:0 % 4436 | [Owner : maxime | Parent : 820(services.exe) | 10.26 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [24/03/2014 21:09:16] CPU Usage:0 % 6688 | [Owner : maxime | Parent : 4628(explorer.exe) | 447.67 Mo] - (.Mozilla Corporation - Firefox.) - (47.0.0.5999) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [10/06/2016 11:43:37] CPU Usage:0 % 6796 | [Owner : maxime | Parent : 956(svchost.exe) | 6.36 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) = C:\Windows\System32\dllhost.exe [14/07/2009 01:59:17] CPU Usage:0 % 7240 | [Owner : | Parent : 444(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows .) - (6.1.7601.18741) = C:\Windows\System32\audiodg.exe [12/03/2015 19:12:42] CPU Usage:4 % 1320 | [Owner : maxime | Parent : 6688(firefox.exe) | 25.27 Mo] - (.SosVirus - QuickDiag.) - (2.8.2016.1) = C:\Users\maxime\Downloads\QuickDiag(1).exe [11/08/2016 00:25:11] CPU Usage:0 % 4480 | [Owner : | Parent : 820(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [18/02/2011 21:49:55] CPU Usage:0 % ---------- | MD5 [MD5.9DA3B83F80E205B6C601EEE1312FD0A0] - [14/06/2016 21:54:17] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3155.5 Ko] - (6.1.7601.23418) : C:\Windows\Explorer.exe [MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [18/02/2011 21:49:32] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 01:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.ACEDF96749861DB3DA92AE9B9D94FE72] - [10/05/2016 21:25:23] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.23418) : C:\Windows\System32\Kernel32.dll [MD5.C8A7F80DB5C193DD67747A1BA4B1782E] - [14/06/2016 21:55:13] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23452) : C:\Windows\System32\lsass.exe [MD5.622C96AFB07BB82C8650B47172137AC4] - [15/04/2016 01:14:13] - (.© Microsoft Corporation. - Distributed COM Services.) - [499.5 Ko] - (6.1.7601.19143) : C:\Windows\System32\rpcss.dll [MD5.DD81D91FF3B0763C392422865C9AC12E] - [14/07/2009 01:57:20] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [44.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.71C85477DF9347FE8E7BC55768473FCA] - [16/05/2015 23:54:56] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.06BF84D26A05D400F6B3FB3D3DE0B03A] - [12/12/2015 11:09:39] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [985 Ko] - (6.1.7601.19061) : C:\Windows\System32\user32.dll [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [18/02/2011 21:49:55] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [17/10/2014 06:12:42] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe [MD5.9A4A1EEE802BF2F878EE8EAB407B21B7] - [10/11/2015 21:58:08] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [486 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.059F00DEF82BF41E433B7ED465847726] - [24/03/2014 21:18:34] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys [MD5.B8BD2BB284668C84865658C77574381A] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.F036CE71586E93D94DAB220D7BDF4416] - [18/02/2011 21:49:57] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - [18/02/2011 21:49:46] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [100 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [18/02/2011 21:49:57] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [14/07/2009 01:19:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.D469B77687E12FE43E344806740B624D] - [10/06/2011 01:22:41] - (.Copyright(C) Intel Corporation 1994-2011 - Intel Rapid Storage Technology driver - x64.) - [429.02 Ko] - (10.1.2.1004) : C:\Windows\System32\Drivers\iastor.sys [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 02:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.10112D850C844606419C79EE24EE6016] - [14/06/2016 21:55:15] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23452) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.F7309F42555F8AAB7144A51A1F2585B0] - [10/11/2015 21:57:53] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [928.44 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys [MD5.E47D571FEC2C76E867935109AB2A770C] - [15/06/2016 21:14:22] - (.© Microsoft Corporation. - MBT Transport driver.) - [256 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys [MD5.47B2D0B31BDC3EBE6090228E2BA3764D] - [08/03/2016 21:34:54] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1644.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys [MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 02:00:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.471815800AE33E6F1C32FB1B97C490CA] - [18/02/2011 21:49:49] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 02:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.04ADD18EE5CC9FBEDAEC1DD1CD0CB45E] - [12/06/2014 06:57:53] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1858.94 Ko] - (6.1.7601.18438) : C:\Windows\System32\Drivers\tcpip.sys [MD5.AA77EB517D2F07A947294F260E3ACA83] - [10/11/2015 21:58:08] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.5 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [18/02/2011 21:49:55] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.AVAST Software.-.avast! Shell Extension.) - (11.2.2738.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.eCareme Technologies, Inc..-.AsusWSShellExt64.) - (1.1.0.27) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (.eCareme.-.ASUS WebStorage Windows Namespace Dll.) - (2.2.0.0) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\XPClient.dll (. .-.LogicNP.EZNamespaceExtensions.) - (4.0.0.0) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.EZNamespaceExtensions.dll (...-.eCaremeDLL.) - (1.0.0.0) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\eCaremeDLL.dll (.The Apache Software Foundation.-.log4net for .NET Framework 2.0.) - (1.2.10.0) -- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\log4net.dll (.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.212) -- C:\Windows\system32\RtkAPO64.dll (.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll ---------- | ZeroAccess Check [HKLM64\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM64\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM64\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM64\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM64\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\...\Run]) - User: maxime-PC\UpdatusUser ISUSPM - (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\...\Run]) - User: maxime-PC\UpdatusUser Intel(R) Turbo Boost Technology Monitor 2.0 - (C:\PROGRA~1\Intel\TURBOB~1\SIGNAL~1.EXE [Startup]) - User: maxime-PC\maxime Steam - ("C:\Program Files (x86)\Steam\Steam.exe" -silent [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\...\Run]) - User: maxime-PC\maxime IomegaEncryption - (C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\...\Run]) - User: maxime-PC\maxime AsusVibeLauncher - (C:\PROGRA~2\ASUS\AsusVibe\ASUSVI~2.EXE [Common Startup]) - User: Public FancyStart daemon - (C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [Common Startup]) - User: Public IgfxTray - (C:\Windows\system32\igfxtray.exe [HKLM\...\Run]) - User: Public HotKeysCmds - (C:\Windows\system32\hkcmd.exe [HKLM\...\Run]) - User: Public Persistence - (C:\Windows\system32\igfxpers.exe [HKLM\...\Run]) - User: Public RtHDVBg - (C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [HKLM\...\Run]) - User: Public IntelTBRunOnce - (wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [HKLM\...\Run]) - User: Public Setwallpaper - (c:\programdata\SetWallpaper.cmd [HKLM\...\Run]) - User: Public iTunesHelper - ("C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\...\Run]) - User: Public [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun "ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"=C:\Windows\System32\mctadmin.exe [14/07/2009 01:54:49] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\Steam.exe" -silent "IomegaEncryption"=C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe [04/02/2011 12:27:54] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM64\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [20/06/2011 16:02:04] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [20/06/2011 16:01:38] "Persistence"=C:\Windows\system32\igfxpers.exe [20/06/2011 16:01:59] "RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 "IntelTBRunOnce"=wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" "Setwallpaper"=c:\programdata\SetWallpaper.cmd "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKLM64\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" "ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S "IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [10/06/2011 01:22:46] "SonicMasterTray"=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [10/07/2010 07:45:00] "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [17/08/2010 23:55:42] "ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [07/10/2010 23:05:14] "HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [19/06/2009 19:29:42] "USBChargerPlusTray"=C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [10/06/2011 01:38:40] "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "BDRegion"=C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [10/06/2011 01:43:26] "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [20/08/2012 15:12:34] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "FonePaw iPhone Data RecoveryAppService"=C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe "LifeCam"="C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" "RealDownloader"=C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [13/05/2016 14:27:18] "SilentCleanService"=C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME} "AnyMP4 Free iPhone Data RecoveryAppService"=C:\Program Files (x86)\AnyMP4 Studio\AnyMP4 Free iPhone Data Recovery\AppService.exe [01/07/2016 23:45:02] [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder [HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] : C:\Windows\AsScrPro.exe [10/06/2011 01:40:15] [HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] : "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [HKLM64\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] : C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=9e99ad34-a936-4e1c-b9b9-6ada60d "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * sdnclean64.exe "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u livessp "Authentication Packages"=msv1_0 "LsaPid"=844 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK ---------- | AppCertDlls | AppInit_DLLs ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=0 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "Wallpaper"=C:\Users\maxime\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg [28/08/2012 17:41:11] "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "Reason Setting"=255 "link"=0x1E000000 "Browse For Folder Width"=1046 "Browse For Folder Height"=582 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 "ShowSuperHidden"=0 "TaskbarSizeMove"=1 ""=0 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0xFFFFFFFF [HKLM64\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "EnableSecureUIAPath"=1 "SoftwareSASGeneration"=1 [HKLM64\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=39 [HKLM64\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "EnableSecureUIAPath"=1 "SoftwareSASGeneration"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=493 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "ParseAutoexec"=1 [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=115 "AutoAdminLogon"=0 "DefaultUserName"=maxime [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultDomainName"= "Userinit"=userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 ---------- | Associations [HKLM64\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM64\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM64\Software\Classes\.com] ""=comfile [HKLM64\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM64\Software\Classes\.reg] ""=regfile [HKLM64\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM64\Software\Classes\.scr] ""=scrfile [HKLM64\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM64\Software\Classes\.bat] ""=batfile [HKLM64\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM64\Software\Classes\.cmd] ""=cmdfile [HKLM64\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM64\Software\Classes\.pif] ""=piffile [HKLM64\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM64\Software\Classes\.inf] ""=inffile [HKLM64\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM64\Software\Classes\.url] ""=InternetShortcut [HKLM64\Software\Classes\.lnk] ""=lnkfile [HKLM64\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM64\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM64\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM64\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM64\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM64\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM64\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM64\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM64\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files\Internet Explorer\iexplore.exe" [HKLM64\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM64\Software\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM64\Software\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files\Internet Explorer\iexplore.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\Shell\open\Command] ""="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SafeZoneStable\InstallInfo] "ReinstallCommand"="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" --makedefaultbrowser ---------- | AppcompatFlags [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\preload64\NuancePDF\Setup.exe"=1 "C:\preload64\Google\ASUT_Installer_win7_v8.exe"=1 "C:\preload64\Windowslive\BingBar\BingBarSetup.exe"=1 "C:\preload64\APRP\APRP_Setup.exe"=1 "C:\preload64\SyncablesSE\syncablesdesktop_SE.exe"=1 "C:\preload64\GameConsole\SingleInstaller.exe"=1 "C:\preload64\ASUSVibe2.0\ASUSVibe.exe"=1 "C:\eSupport\eDriver\Software\Audio\Realtek\[Compal]_ALC269_SM\Win7_32_Win7_64_6.0.1.6370\Setup.exe"=1 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdt.exe"=1 "SIGN.MEDIA=5122B21 IomegaEncryptionSetup.exe"=1 "C:\Users\maxime\AppData\Local\Temp\DC370145-BAB0-7891-94A9-B3D753CC22CC\Setup.exe"=1 "C:\Users\maxime\AppData\Local\Temp\ibtmp213d533\component_532.decrpt"=1 "C:\Program Files (x86)\VideoPerformer\uninstall.exe"=1 "C:\Users\maxime\Downloads\VideoPerformerSetup.exe"=1 "SIGN.MEDIA=3EEF519A setup.exe"=1 "SIGN.MEDIA=6F446C9E Installer.exe"=1 "SIGN.MEDIA=E69A3BA setup.exe"=1 "SIGN.MEDIA=516300 Install.exe"=1 "C:\Users\maxime\AppData\Local\Temp\IS2125~1\12442436_stp\wajam_download.exe"=1 "C:\Users\maxime\AppData\Local\Temp\MySearchDial.exe"=1 "C:\Users\maxime\AppData\Local\Temp\IS2125~1\12442342_stp\rcpsetup_adppi12_adppi12.exe"=1 "C:\Users\maxime\Downloads\antivirus-setup.exe"=1 "C:\Users\maxime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QHLTH1J\avast! Free Antivirus.exe"=1 "C:\Users\maxime\AppData\Local\Temp\tbinst.exe"=1 "C:\Users\maxime\AppData\Local\Temp\IS2125~1\12442436_stp\chrome_logic.exe"=1 "C:\Users\maxime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMUXWQ5F\spybot-2.2.exe"=1 "C:\Users\maxime\Downloads\mbam-setup-2.0.1.1004 (1).exe"=1 "C:\Users\maxime\Downloads\mbam-setup-2.0.1.1004 (7).exe"=1 "C:\Users\maxime\Downloads\mbam-setup-2.0.1.1004 (8).exe"=1 "C:\Users\maxime\Downloads\ccsetup412 (1).exe"=1 "C:\Users\maxime\Downloads\Firefox Setup 28.0.exe"=1 "C:\Users\maxime\Downloads\asus-lifeframe3.exe"=1 "C:\Users\maxime\Downloads\LifeFrame3_ASUS_Win7_64_VER317\Setup.exe"=1 "C:\Users\maxime\Downloads\zhpdiag20.exe"=1 "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe"=1 "C:\Users\maxime\Downloads\zhpdiag20(1).exe"=1 "C:\Users\maxime\Downloads\LifeFrame3_ASUS_Win7_64_VER319\Setup.exe"=1 "C:\Users\maxime\Downloads\SkypeSetup.exe"=1 "C:\Users\maxime\Downloads\install_flashplayer13x32_mssd_aaa_aih.exe"=1 "C:\Program Files (x86)\ZHPDiag\ZHPhep.exe"=1 "C:\Users\maxime\Downloads\LifeFrame3_Win7_8_VER3113\Setup.exe"=1 "C:\Users\maxime\Downloads\LifeFrame3_ASUS_Win7_64_VER317(1)\Setup.exe"=1 "C:\Users\maxime\Downloads\mbam-setup-2.0.1.1004(1).exe"=1 "C:\Users\maxime\Downloads\install_reader11_fr_mssd_aaa_aih.exe"=1 "C:\Users\maxime\Downloads\WinFlash_Win8_64_VER2420\Setup.exe"=1 "C:\Users\maxime\Downloads\LiveUpdate_Win7_64_VER328\Setup.exe"=1 "C:\Users\maxime\Downloads\WirelessConsole3_Win7_64_VER3045\vdredist_x86.exe"=1 "C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"=1 "C:\Users\maxime\Downloads\ATKPackage_Win7_64_VER100033\Setup.exe"=1 "C:\Users\maxime\Downloads\tweaking.com_windows_repair_aio_setup.exe"=1 "C:\Users\maxime\Downloads\LifeFrame3_Win7_8_VER3113(1)\Setup.exe"=1 "C:\Users\maxime\Downloads\mbam-setup-2.0.1.1004(3).exe"=1 "C:\Users\maxime\Downloads\mbam-setup-2.0.1.1004(4).exe"=1 "C:\Users\maxime\Downloads\revosetup.exe"=1 "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe"=1 "C:\Users\maxime\Downloads\mbam-setup-2.0.1.1004(6).exe"=1 "C:\Users\maxime\Downloads\googleupdatesetup.exe"=1 "SIGN.MEDIA=D0F00760 SETUP.EXE"=1 "C:\Users\maxime\Downloads\monAlbumPhoto_Setup_Redesign(1).exe"=1 "C:\Users\maxime\Downloads\gimp-2.8.16-setup.exe"=1 "C:\Users\maxime\Downloads\phonerescue-64-setup.exe"=1 "C:\Users\maxime\Downloads\ios-data-recovery.exe"=1 "C:\Users\maxime\Downloads\LifeCam3.60.exe"=1 "C:\Users\maxime\Downloads\MovaviVideoEditorSetupF_2.exe"=1 "C:\Users\maxime\AppData\Local\Temp\is-8GDMC.tmp\sam__9286_il272333.exe"=512 "C:\Users\maxime\Downloads\SUPERsetup.exe"=1 "C:\Program Files (x86)\RCP\unins000.exe"=1 "C:\Program Files (x86)\eRightSoft\SUPER\unins000.exe"=1 "C:\Users\maxime\Downloads\avc-free.exe"=1 "C:\Users\maxime\Downloads\RealTimes-RealPlayer_fr.exe"=1 "C:\Users\maxime\Downloads\phonerescue-setup.exe"=1 "C:\Users\maxime\Downloads\ems_free.exe"=1 "C:\Users\maxime\Downloads\free-iphone-data-recovery.exe"=1 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe"=32 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{79a81340-92ef-11e0-aa07-806e6f6e6963}] : E:\SETUP.EXE (AutoRun) ---------- | Windows [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM64\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM64\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920218544262440 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM64\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0xA43569043A61CF01 [HKLM\Software\WOW6432Node\Microsoft\Windows Defender] "DisableAntiSpyware"=0 "DisableRoutinelyTakingAction"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts 127.0.0.1 localhost ::1 localhost ---------- | @ [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://asus.msn.com "DisableScriptDebuggerIE"=yes "Default_Page_URL"=http://asus.msn.com "DisableFirstRunCustomize"=3 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=160 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0xA0450DF20A10CA01 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\SysWOW64\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 "XMLHTTP"=1 "NoUpdateCheck"=1 "DisableScriptDebuggerIE"=yes "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://google.fr/ "DisableFirstRunCustomize"=3 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7C0100003C0000005807000088030000 "IE9RunOnceLastShown"=1 "IE9RunOnceLastShown_TIMESTAMP"=0x598D8EC2469BCD01 "IconCache"=xo7d0w7 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD7010000AD000000F704000005030000 "IE9RunOncePerInstallCompleted"=1 "IE9RunOnceCompletionTime"=0xC54CC7978CACCD01 "Use Search Asst"=no "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "OperationalData"=1 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x46BF58991748CF01 "Search Bar"=http://www.msn.com/?pc=AV01 "Use FormSuggest"=no "DefSpellLang"=fr-FR [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=160 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0x36FC49241748CF01 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "GlobalUserOffline"=0 "EnableAutodial"=0 "NoNetAutodial"=0 "ProxyOverride"=*.local "ProxyEnable"=0 [HKLM64\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://www.google.com/ "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "TabProcGrowth"=Medium "Print_Background"=0 "AlwaysShowMenus"=0 "StatusBarWeb"=1 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Search Bar"=http://www.google.com/ "CustomizeSearch"=http://www.google.com/ "BrowserMngr Start Page"=http://www.google.com/ [HKLM64\Software\Microsoft\Internet Explorer\Search] "Search Bar"=http://www.google.com/ "Start Page"=http://www.google.com/ "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "BrowserMngr Start Page"=http://www.google.com/ "CustomizeSearch"=http://www.google.com/ "SearchAssistant"=http://www.google.com/ [HKLM64\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "OfflineInformation"=res://ieframe.dll/offcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM64\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM64\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM64\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://www.msn.com/?pc=AV01 "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "TabProcGrowth"=Medium "Print_Background"=0 "AlwaysShowMenus"=0 "StatusBarWeb"=1 "Enable Browser Extensions"=yes "Use Search Asst"=no "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Search Bar"=http://www.google.com/ "CustomizeSearch"=http://www.google.com/ "BrowserMngr Start Page"=http://www.google.com/ [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Search] "Search Bar"=http://www.google.com/ "Start Page"=http://www.google.com/ "Local Page"=C:\Windows\SysWOW64\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "BrowserMngr Start Page"=http://www.google.com/ "CustomizeSearch"=http://www.google.com/ "SearchAssistant"=http://www.google.com/ [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "OfflineInformation"=res://ieframe.dll/offcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Tabs"=res://ieframe.dll/tabswelcome.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | SSODL | SEH | URLSH | STS ---------- | Toolbar [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"= [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Height"=31 "ITBar7Layout64"=0x13000000000000000000000004000000100003000000000001000000000000005E01000006000000C1040000000000000700000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005A171ACC5BE4ED41A30CC9B1D7A0C02FB1C218236549D4119B18009027A5CD4F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=0xB1C218236549D4119B18009027A5CD4F "ITBar7Layout"=0x13000000000000000000000020000000100001001F00000001000000800600006D010000060000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1C218236549D4119B18009027A5CD4F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={632F07F3-19A1-4d16-A23F-E6CE9486BAB5} "Version"=3 "UpgradeTime"=0xE508B1543F48CF01 "ShowSearchSuggestionsInAddressGlobal"=1 "KnownProvidersUpgradeTime"=0xA09ADE533F48CF01 [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"=avast! Online Security "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00 [HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "Locked"=0 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00 [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={632F07F3-19A1-4d16-A23F-E6CE9486BAB5} "ShowSearchSuggestionsInAddressGlobal"=1 ---------- | Extensions [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}] : (@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003) - [] ---------- | SearchScopes [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}] - (Google) - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT : [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () - : [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}] - (Microsoft (Bing)) - http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 : [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}] - (Microsoft (Bing)) - http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}] - (Google) - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 : ---------- | Browser Helper Objects [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] -> (RealNetworks Download and Record Plugin for Internet Explorer) : C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [13/05/2016 14:41:26] [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [18/04/2016 22:41:21] [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Windows Live ID Sign-in Helper) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [21/09/2010 23:08:38] [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> (Google Toolbar Helper) : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [26/04/2014 15:18:45] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] -> (Aide pour le lien d'Adobe PDF Reader) : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] -> (RealNetworks Download and Record Plugin for Internet Explorer) : C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [13/05/2016 14:41:26] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [18/04/2016 22:41:21] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Windows Live ID Sign-in Helper) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [21/09/2010 23:08:38] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> (Google Toolbar Helper) : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [26/04/2014 15:18:45] ---------- | Chrome C:\Users\maxime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki] ---------- | Opera ---------- | Firefox [HKLM64\Software\mozilla\Firefox\Extensions] "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF "sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF "sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF [HKLM64\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 22.0.0.209 Plugin) : C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [HKLM64\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM64\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 22.0.0.209 Plugin) : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Apple.com/iTunes,version=] - (Module iTunes Detector) : [HKLM\Software\WOW6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] - () : C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] - (Google Earth in your browser) : C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\ZEON/PDF,version=2.0] - () : C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll C:\Users\maxime\AppData\Roaming\Mozilla\Firefox\Profiles\grhho2qz.default\Prefs.js user_pref("browser.newtab.url", "http://www.google.fr"); user_pref("browser.startup.homepage", "https://www.google.fr/"); user_pref("browser.startup.homepage_override.buildID", "20160604131506"); user_pref("browser.startup.homepage_override.mstone", "47.0"); user_pref("extensions.adblockplus.currentVersion", "2.7.3"); user_pref("extensions.adblockplus.notificationdata", "{\"shown\":[\"antiadblock\"],\"lastCheck\":1470867164108,\"softExpiration\":1470970784520,\"hardExpiration\":1471039965646,\"data\":{\"notifications\":[],\"version\":\"201608102212-2/0\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":195}"); user_pref("extensions.blocklist.pingCountTotal", 325); user_pref("extensions.blocklist.pingCountVersion", 23); user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.7.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\maxime\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\grhho2qz.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false},\"loop@mozilla.org\":{\"version\":\"1.3.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\loop@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"e10srollout@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@getpocket.com\":{\"version\":\"1.0.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true}}"); user_pref("extensions.databaseSchema", 17); user_pref("extensions.e10sBlockedByAddons", true); user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:47.0"); user_pref("extensions.getAddons.cache.lastUpdate", 1470751790); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20160128.01"); user_pref("extensions.lastAppVersion", "47.0"); user_pref("extensions.lastPlatformVersion", "47.0"); user_pref("extensions.pendingOperations", false); user_pref("extensions.shownSelectionUI", true); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.xpiState", "{\"app-profile\":{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\maxime\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\grhho2qz.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.7.3\",\"st\":1461871860008}},\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1465551823618},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.2\",\"st\":1465551823616},\"loop@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\loop@mozilla.org.xpi\",\"e\":true,\"v\":\"1.3.2\",\"st\":1465551823610}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"47.0\",\"st\":1465551823621}},\"winreg-app-global\":{\"wrc@avast.com\":{\"d\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\",\"e\":false,\"v\":\"10.3.3.44\",\"st\":1417885105333,\"mt\":1465928756014},\"sp@avast.com\":{\"d\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\SafePrice\\\\FF\",\"e\":false,\"v\":\"10.3.5.39\",\"st\":1461012126595,\"mt\":1465928753940}}}"); ---------- | Active Connections TCP 127.0.0.1:5354 maxime-PC:49155 ESTABLISHED 1432 TCP 127.0.0.1:5354 maxime-PC:49156 ESTABLISHED 1432 TCP 127.0.0.1:5354 maxime-PC:49602 ESTABLISHED 1432 TCP 127.0.0.1:5354 maxime-PC:49603 ESTABLISHED 1432 TCP 127.0.0.1:27015 maxime-PC:49589 ESTABLISHED 2032 TCP 127.0.0.1:27015 maxime-PC:49601 ESTABLISHED 2032 TCP 127.0.0.1:49155 maxime-PC:5354 ESTABLISHED 2032 TCP 127.0.0.1:49156 maxime-PC:5354 ESTABLISHED 2032 TCP 127.0.0.1:49551 maxime-PC:49552 ESTABLISHED 1424 TCP 127.0.0.1:49552 maxime-PC:49551 ESTABLISHED 1424 TCP 127.0.0.1:49554 maxime-PC:49555 ESTABLISHED 1424 TCP 127.0.0.1:49555 maxime-PC:49554 ESTABLISHED 1424 TCP 127.0.0.1:49589 maxime-PC:27015 ESTABLISHED 4260 TCP 127.0.0.1:49601 maxime-PC:27015 ESTABLISHED 5892 TCP 127.0.0.1:49602 maxime-PC:5354 ESTABLISHED 2032 TCP 127.0.0.1:49603 maxime-PC:5354 ESTABLISHED 2032 TCP 127.0.0.1:50221 maxime-PC:50222 ESTABLISHED 6688 TCP 127.0.0.1:50222 maxime-PC:50221 ESTABLISHED 6688 TCP 192.168.1.72:49177 lon24.ff.avast.com:http ESTABLISHED 1424 TCP 192.168.1.72:50863 ns3039448.ip-51-255-85.eu:https ESTABLISHED 6688 TCP 192.168.1.72:50864 par10s10-in-f14.1e100.net:https ESTABLISHED 6688 TCP 192.168.1.72:50865 par10s22-in-f10.1e100.net:https ESTABLISHED 6688 TCP 192.168.1.72:50881 ns3039448.ip-51-255-85.eu:https ESTABLISHED 6688 TCP 192.168.1.72:50882 wb-in-f93.1e100.net:https ESTABLISHED 6688 TCP 192.168.1.72:50883 wa-in-f95.1e100.net:https ESTABLISHED 6688 TCP 192.168.1.72:50885 arn02s05-in-f3.1e100.net:https ESTABLISHED 6688 TCP 192.168.1.72:50886 r-150-58-45-5.ff.avast.com:http CLOSE_WAIT 1424 TCP 192.168.1.72:50887 r-71-58-45-5.ff.avast.com:http TIME_WAIT 0 TCP 192.168.1.72:50888 2.18.245.41:http TIME_WAIT 0 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1874B979-A9F8-4EE7-A4BA-75F9E4B8D7AA}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C208A842-4376-4D49-97D3-41E3012FE11B}] "DhcpNameServer"=172.20.10.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{1874B979-A9F8-4EE7-A4BA-75F9E4B8D7AA}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C208A842-4376-4D49-97D3-41E3012FE11B}] "DhcpNameServer"=172.20.10.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1874B979-A9F8-4EE7-A4BA-75F9E4B8D7AA}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C208A842-4376-4D49-97D3-41E3012FE11B}] "DhcpNameServer"=172.20.10.1 ---------- | Applications [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\Classes\Applications\RealPlay.exe] : "C:\Program Files (x86)\Real\RealPlayer\realplay.exe" "%1" [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\Classes\Applications\VideoEditor.exe] : "C:\Program Files (x86)\Movavi Video Editor 11\VideoEditor.exe" "%1" [HKLM64\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM64\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM64\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM64\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM64\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM64\SOFTWARE\Classes\Applications\PDFReader.exe] : "C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe" "%1" [HKLM64\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM64\SOFTWARE\Classes\Applications\RealPlay.exe] : "C:\Program Files (x86)\Real\RealPlayer\realplay.exe" "%1" [HKLM64\SOFTWARE\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM64\SOFTWARE\Classes\Applications\WLXPhotoGallery.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM64\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM64\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM64\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\PDFReader.exe] : "C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\RealPlay.exe] : "C:\Program Files (x86)\Real\RealPlayer\realplay.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SZBrowser.exe] : "C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoGallery.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | Svchost - Netsvcs (Whitelisted) Term - : ---------- | Software [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\AC3Filter] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\AppDataLow] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Bullfrog Productions Ltd] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Cavedog Entertainment] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\GNU] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\INTEL] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Piriform] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Policies] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Adobe] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Anvsoft] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\AnyMP4 Studio] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\APN PIP] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\AppDataLow] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Apple Computer, Inc.] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Apple Inc.] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\ASUS] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\ATK0100] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\AVAST Software] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Battle.net] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Blizzard Entertainment] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Bullfrog Productions Ltd] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Cavedog Entertainment] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Clients] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Convar] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\CyberLink] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\ECAREME] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\FonePaw] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\GNU] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Google] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Haali] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\IM Providers] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Imobie] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Intel] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Lake] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Licenses] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\LogMontagePhoto] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Macromedia] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\MainConcept] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\MAP-DN] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Mindscape] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\monAlbumPhoto] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\MountAndBladeWarbandKeys] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\MOVAVI] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\mozilla] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\MozillaPlugins] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Netscape] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Piriform] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Policies] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\QtProject] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\RealNetworks] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Realtek] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Reg] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Skype] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Sony Corporation] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Sysinternals] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Trend Micro] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Trolltech] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Valve] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\VB and VBA Program Settings] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\VSRevoGroup] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Wow6432Node] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Zeon] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\ShellNoRoam] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-4220562382-2957486902-2068712973-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM64\Software\Apple Computer, Inc.] [HKLM64\Software\Apple Inc.] [HKLM64\Software\ASUS] [HKLM64\Software\ATI Technologies] [HKLM64\Software\ATK0100] [HKLM64\Software\BrowserChoice] [HKLM64\Software\Canon] [HKLM64\Software\Clients] [HKLM64\Software\CoreSecurity] [HKLM64\Software\Cyberlink] [HKLM64\Software\DTS] [HKLM64\Software\g3n-h@ckm@n] [HKLM64\Software\Google] [HKLM64\Software\Intel] [HKLM64\Software\Khronos] [HKLM64\Software\Macromedia] [HKLM64\Software\Microsoft] [HKLM64\Software\Mozilla] [HKLM64\Software\MozillaPlugins] [HKLM64\Software\NVIDIA Corporation] [HKLM64\Software\ODBC] [HKLM64\Software\Piriform] [HKLM64\Software\Policies] [HKLM64\Software\Realtek] [HKLM64\Software\Realtek Semiconductor Corp.] [HKLM64\Software\RegisteredApplications] [HKLM64\Software\RTLSetup] [HKLM64\Software\Sonic] [HKLM64\Software\SonicFocus] [HKLM64\Software\SRS Labs] [HKLM64\Software\sysinternals] [HKLM64\Software\Volatile] [HKLM64\Software\Waves Audio] [HKLM64\Software\Wow6432Node] [HKLM64\Software\Microsoft\Windows\CurrentVersion] [HKLM64\Software\Microsoft\Windows\DWM] [HKLM64\Software\Microsoft\Windows\HTML Help] [HKLM64\Software\Microsoft\Windows\ITStorage] [HKLM64\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM64\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM64\Software\Microsoft\Windows\Tablet PC] [HKLM64\Software\Microsoft\Windows\TabletPC] [HKLM64\Software\Microsoft\Windows\Windows Error Reporting] [HKLM64\Software\Microsoft\Windows\Windows Search] [HKLM64\Software\Microsoft\Windows NT\CurrentVersion] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\AviSynth] [HKLM\Software\WOW6432Node\C07ft5Y] [HKLM\Software\WOW6432Node\CDDB] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\EASEUS] [HKLM\Software\WOW6432Node\ECAREME] [HKLM\Software\WOW6432Node\Firaxis Games] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\HaaliMkx] [HKLM\Software\WOW6432Node\iMobie] [HKLM\Software\WOW6432Node\InstallShield] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Lake] [HKLM\Software\WOW6432Node\Licenses] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\MAP-DN] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mindscape] [HKLM\Software\WOW6432Node\MOVAVI] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\Oberon Media] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\RealNetworks] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Reg] [HKLM\Software\WOW6432Node\ScanSoft] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\Sony Corporation] [HKLM\Software\WOW6432Node\Sports Interactive Ltd] [HKLM\Software\WOW6432Node\Symantec] [HKLM\Software\WOW6432Node\syncables] [HKLM\Software\WOW6432Node\THQ] [HKLM\Software\WOW6432Node\TrendMicro] [HKLM\Software\WOW6432Node\Unreal] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\Xing Technology Corp.] [HKLM\Software\WOW6432Node\Zeon] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives G: [12/02/2011 01:16:00] - |R| - (. - .) - [85076769] - (0.0.0.0) - G:\IomegaEncryptionSetup.exe E: [21/06/2011 15:45:00] - |RA| - (.2007 (c) Valve Corporation. All rights reserved. - Steam Autorun Setup.) - [355920] - (1.0.0.1) - E:\Setup.exe [21/06/2011 15:45:00] - |RA| - (.Copyright (C) 2007 - Steam Client Service (MARTINO_Steam3_Main_2@martino).) - [411016] - (0.96.80.88) - E:\SteamService.exe [21/06/2011 15:45:00] - |RA| - (. - .) - [44] - (0.0.0.0) - E:\autorun.inf [09/09/2013 17:33:32] - |RA| - (. - .) - [1450] - (0.0.0.0) - E:\setup.ini D: [07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. All rights reserved. - UI Wrapper Resource DLL.) - [76304] - (9.0.21022.8) - D:\install.res.1028.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Alle Rechte vorbehalten. - Ressourcen-DLL für UI-Wrapper.) - [96272] - (9.0.21022.8) - D:\install.res.1031.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. All rights reserved. - UI Wrapper Resource DLL.) - [91152] - (9.0.21022.8) - D:\install.res.1033.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - UI Wrapper Resource DLL.) - [97296] - (9.0.21022.8) - D:\install.res.1036.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tutti i diritti riservati. - DLL di risorse del wrapper dell'interfaccia utente.) - [95248] - (9.0.21022.8) - D:\install.res.1040.dll [07/11/2007 08:03:18] - |A| - (.(C) Copyright Microsoft Corporation. All rights reserved. - UI Wrapper Resource DLL.) - [81424] - (9.0.21022.8) - D:\install.res.1041.dll [07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. All rights reserved. - UI 래퍼 리소스 DLL.) - [79888] - (9.0.21022.8) - D:\install.res.1042.dll [07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation。保留所有权利。 - 用户界面包装资源 DLL.) - [75792] - (9.0.21022.8) - D:\install.res.2052.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Reservados todos los derechos. - Archivo DLL de recursos del contenedor de la interfaz de usuario.) - [96272] - (9.0.21022.8) - D:\install.res.3082.dll [07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. All rights reserved. - External Installer.) - [562688] - (9.0.21022.8) - D:\install.exe [07/11/2007 08:00:40] - |A| - (. - .) - [1110] - (0.0.0.0) - D:\globdata.ini [07/11/2007 08:00:40] - |A| - (. - .) - [843] - (0.0.0.0) - D:\install.ini ---------- | C: [14/07/2009 05:18:56] - |SHD| - [516] - C:\$Recycle.Bin [15/11/2015 11:40:07] - |HD| - [62313409] - C:\$WINDOWS.~BT [09/05/2016 23:35:31] - |D| - [1005553] - C:\AdwCleaner [09/06/2011 11:02:37] - |HD| - [9136187] - C:\ASUS.DAT [13/04/2011 04:49:40] - |D| - [5296555] - C:\AsusVibeData [MD5.D3581E273B50ED7446792A87BD4BFD61] - [21/04/2013 11:03:39] - |A| - (. - .) - [667] - (0.0.0.0) - C:\BnetLog.txt [29/07/2009 08:03:34] - |SHD| - [14657980] - C:\Boot [MD5.259525CFB422E6AC8E87BC9777B1DF73] - [29/07/2009 08:03:34] - |RASH| - (. - .) - [383786] - (0.0.0.0) - C:\bootmgr [MD5.5B1E78D499317D1FB0CB361B84AF2455] - [29/07/2009 08:03:37] - |RASH| - (. - .) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK [17/11/2013 18:59:34] - |D| - [295424] - C:\CAVEDOG [MD5.E5ED36070F45379ECBFC992D4D28790E] - [28/09/2014 16:25:20] - |A| - (. - .) - [539] - (0.0.0.0) - C:\console.log [MD5.BB470BDBC5E0AB00AFC44180EB5AC6B9] - [26/04/2014 23:11:46] - |A| - (. - .) - [1878] - (0.0.0.0) - C:\DelFix.txt [MD5.1C9E814E5A6506334262ED108EBDCB57] - [10/06/2011 01:51:54] - |A| - (. - .) - [14561] - (0.0.0.0) - C:\devlist.txt [14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings [10/06/2011 02:15:20] - |D| - [2230594653] - C:\eSupport [MD5.01224851F19C9423A1D7E06F44DBFB6A] - [09/06/2011 10:51:54] - |A| - (. - .) - [9] - (0.0.0.0) - C:\Finish.log [02/08/2015 22:39:30] - |SHD| - [91691] - C:\found.000 [MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/06/2011 01:15:51] - |ASH| - (. - .) - [3149635584] - (0.0.0.0) - C:\hiberfil.sys [10/06/2011 01:21:10] - |D| - [693032] - C:\Intel [MD5.368B22264B51E00AA05E7FD0F8B22272] - [20/06/2011 16:07:18] - |AH| - (. - .) - [2228224] - (0.0.0.0) - C:\K93SV.BIN [MD5.D4AC3D60C1D0A0946E4B2B729AB822FD] - [20/06/2011 16:07:18] - |A| - (. - .) - [19] - (0.0.0.0) - C:\K93SV_WIN7.40 [11/02/2016 22:58:00] - |D| - [33] - C:\MontagePhoto [11/05/2014 15:22:55] - |RHD| - [51376] - C:\MSOCache [11/02/2016 22:58:06] - |D| - [0] - C:\Msp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [16/04/2013 14:54:40] - |ASH| - (. - .) - [4199518208] - (0.0.0.0) - C:\pagefile.sys [MD5.7F3477E605AAA17EA75F2D33A6352202] - [10/06/2011 02:15:26] - |A| - (. - .) - [7] - (0.0.0.0) - C:\Pass.txt [21/08/2012 00:39:00] - |HD| - [17053] - C:\Passmark [14/07/2009 05:20:08] - |D| - [0] - C:\PerfLogs [14/07/2009 05:20:08] - |D| - [2662576645] - C:\Program Files [14/07/2009 05:20:08] - |D| - [13795735962] - C:\Program Files (x86) [14/07/2009 05:20:08] - |HD| - [4748530296] - C:\ProgramData [11/08/2016 00:19:11] - |D| - [262056] - C:\QuickDiag [MD5.6DD27A18E4412FA8A7EC22ED4C3830FE] - [11/08/2016 00:19:44] - |A| - (. - .) - [146057] - (0.0.0.0) - C:\QuickDiag.txt [29/07/2009 07:10:16] - |SHD| - [171561145] - C:\Recovery [MD5.5C0FAD4531816F6657305F674580FCA3] - [20/06/2011 16:07:18] - |A| - (. - .) - [7] - (0.0.0.0) - C:\RECOVERY.DAT [01/05/2014 06:59:06] - |D| - [537974314] - C:\RegBackup [MD5.25D668CDAB3586CECBD0D22578E62F1B] - [10/06/2011 01:29:19] - |A| - (. - .) - [2436] - (0.0.0.0) - C:\RHDSetup.log [MD5.661947502CEAD49F6CA25CB1D440C31C] - [10/06/2011 01:22:40] - |A| - (. - .) - [168] - (0.0.0.0) - C:\setup.log [10/06/2011 01:15:50] - |SHD| - [0] - C:\System Volume Information [14/07/2009 05:20:08] - |RD| - [189890907455] - C:\Users [10/06/2011 02:14:28] - |D| - [7005631] - C:\WIMAPPLY [14/07/2009 05:20:08] - |D| - [64040390342] - C:\Windows ---------- | C:\Windows [MD5.065919847CF1C1C0A1C5F63C488EB54B] - [13/04/2011 04:48:48] - |A| - (. - .) - [33] - (0.0.0.0) - C:\Windows\0 [29/07/2009 07:20:19] - |D| - [180205] - C:\Windows\ABLKSR [14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins [14/07/2009 05:20:08] - |D| - [27664114] - C:\Windows\AppCompat [14/07/2009 05:20:08] - |D| - [10973952] - C:\Windows\AppPatch [13/04/2011 04:44:23] - |D| - [106352] - C:\Windows\ar [MD5.E33514D01A4DB3CB3339353652A05D8C] - [10/06/2011 01:42:02] - |A| - (. - .) - [63348] - (0.0.0.0) - C:\Windows\AsChkDev.txt [MD5.7B31673407F111D75D7FE8CFB73F4D75] - [20/06/2011 16:07:45] - |A| - (. - .) - [19] - (0.0.0.0) - C:\Windows\AsDCDVer.txt [MD5.5E7C894AE1292941F7C7E7E9B1DC79DE] - [13/04/2011 03:29:54] - |A| - (. - .) - [31] - (0.0.0.0) - C:\Windows\AsHDIVer.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/06/2011 02:15:26] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\AsRunBar.txt [MD5.37DEB76A2CF005841C4E45DE2B94D84F] - [10/06/2011 01:40:15] - |A| - (.Copyright (C) 2009 - AsScrPro.) - [3058304] - (1.0.0.9) - C:\Windows\AsScrPro.exe [14/07/2009 05:20:08] - |RSD| - [1529564096] - C:\Windows\assembly [MD5.9054D195403A0D99995C4CFA4D72D5B7] - [10/06/2011 02:15:26] - |A| - (. - .) - [30] - (0.0.0.0) - C:\Windows\AsToolCDVer.txt [29/07/2009 07:20:19] - |D| - [1050429] - C:\Windows\ASUS [MD5.8D26DAE92B9995B082AE5B6BC2FB70DB] - [14/06/2016 20:26:11] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [52184] - (11.2.2738.0) - C:\Windows\avastSS.scr [MD5.317CD1CE327B6520BF4EE007BCD39E61] - [18/02/2011 21:49:45] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 05:20:09] - |D| - [29163158] - C:\Windows\Boot [MD5.9D90A40F68FE73AA083ACE68719334A2] - [14/07/2009 07:38:36] - |AS| - (. - .) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 05:20:09] - |D| - [3233280] - C:\Windows\Branding [17/11/2013 19:11:52] - |D| - [33712583] - C:\Windows\Cache [MD5.1F2AE301907C4F462B747B7F0BC2794A] - [13/04/2011 04:53:04] - |A| - (. - .) - [10] - (0.0.0.0) - C:\Windows\csup.txt [14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors [13/04/2011 04:44:10] - |D| - [107888] - C:\Windows\de [19/02/2011 06:24:05] - |D| - [0] - C:\Windows\de-DE [14/07/2009 06:45:54] - |D| - [11402] - C:\Windows\debug [14/07/2009 07:32:38] - |D| - [3044378] - C:\Windows\diagnostics [14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files [14/07/2009 09:45:02] - |D| - [118084593] - C:\Windows\ehome [13/04/2011 04:43:22] - |D| - [107888] - C:\Windows\el [13/04/2011 04:46:21] - |D| - [106864] - C:\Windows\en [13/04/2011 04:43:29] - |D| - [107376] - C:\Windows\es [19/02/2011 06:18:50] - |D| - [0] - C:\Windows\es-ES [MD5.F4BF93D9006E1C360D831200FC4E96AD] - [08/05/2016 20:56:40] - |A| - (.ELAN Microelectronics Corp. Copyright(C) 2003-2010 - ETD Ware Uninstall Application.) - [252712] - (8.0.0.0) - C:\Windows\ETDUninst.dll [MD5.9DA3B83F80E205B6C601EEE1312FD0A0] - [14/06/2016 21:54:17] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3231232] - (6.1.7601.23418) - C:\Windows\explorer.exe [MD5.E1FD9DE48AF5D7652AA31BBE914F54B8] - [26/02/2009 08:50:32] - |A| - (. - .) - [176] - (0.0.0.0) - C:\Windows\explorer.exe.config [14/07/2009 05:20:09] - |RSD| - [358496851] - C:\Windows\Fonts [13/04/2011 04:43:36] - |D| - [107376] - C:\Windows\fr [19/02/2011 06:29:22] - |D| - [142848] - C:\Windows\fr-FR [MD5.6CF11FB10BDC946C240FE2E08BB68FB1] - [29/07/2009 07:20:26] - |A| - (. - .) - [27034730] - (0.0.0.0) - C:\Windows\FullScreen.wmv [MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 05:20:09] - |D| - [47156287] - C:\Windows\Globalization [13/04/2011 04:43:43] - |D| - [106352] - C:\Windows\he [14/07/2009 05:20:09] - |D| - [57264035] - C:\Windows\Help [MD5.CD47548A52B02D254BF6D7F7A5F2BFD3] - [14/07/2009 02:29:53] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 02:29:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe [MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [14/07/2009 09:47:54] - |A| - (. - .) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml [MD5.E23F0FF2EFBB398D7E6DC04383D1E256] - [10/06/2016 21:09:44] - |A| - (. - .) - [184539] - (0.0.0.0) - C:\Windows\IE11_main.log [14/07/2009 05:20:09] - |D| - [143547244] - C:\Windows\IME [14/07/2009 05:20:10] - |D| - [137446046] - C:\Windows\inf [13/04/2011 04:03:16] - |SHD| - [2501341975] - C:\Windows\Installer [MD5.E40C1867D16DD880E7A6C8156D06D27E] - [17/11/2013 19:02:10] - |A| - (.Copyright© 1990-1998 InstallShield Software Corporation Phone : (847) 240-9111 - InstallShield® unInstaller.) - [308224] - (5.51.138.0) - C:\Windows\IsUn040c.exe [MD5.7BBDDBD005C9D69B82ED1DDDD1A6C944] - [17/04/2013 18:31:34] - |A| - (.Copyright© 1990-1998 InstallShield Software Corporation Phone : (847) 240-9111 - InstallShield® unInstaller.) - [305152] - (5.10.151.0) - C:\Windows\IsUninst.exe [13/04/2011 04:43:49] - |D| - [106864] - C:\Windows\it [19/02/2011 06:34:52] - |D| - [0] - C:\Windows\it-IT [14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 05:20:10] - |D| - [1226627] - C:\Windows\LiveKernelReports [29/07/2009 07:20:19] - |D| - [9610787] - C:\Windows\Log [14/07/2009 05:20:10] - |D| - [85290314] - C:\Windows\Logs [14/07/2009 05:20:10] - |RSD| - [13327133] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - |A| - (. - .) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 05:20:10] - |D| - [880252511] - C:\Windows\Microsoft.NET [25/03/2014 21:08:36] - |D| - [5524] - C:\Windows\Migration [13/09/2012 19:24:19] - |D| - [0] - C:\Windows\Minidump [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (. - .) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [MD5.86F1895AE8C5E8B17D99ECE768A70732] - [19/12/2012 12:48:54] - |A| - (.© Microsoft Corporation. All rights reserved. - Microsoft® C Runtime Library.) - [348160] - (7.10.3052.4) - C:\Windows\msvcr71.dll [MD5.01C72CFCAAED3A7564E5B893B7712D28] - [19/12/2012 12:48:50] - |A| - (.Copyright (C) Microsoft Corp. 1981-1998 - Microsoft (R) C Runtime Library.) - [434252] - (6.0.8797.0) - C:\Windows\MSVCRTD.DLL [13/04/2011 04:43:57] - |D| - [107376] - C:\Windows\nl [19/02/2011 06:40:21] - |D| - [0] - C:\Windows\nl-NL [MD5.B32189BDFF6E577A92BAA61AD49264E6] - [12/08/2015 08:38:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe [14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages [29/07/2009 08:03:49] - |D| - [869487] - C:\Windows\Panther [13/04/2011 04:36:45] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 07:32:38] - |D| - [62130426] - C:\Windows\Performance [MD5.B380C04FF3CD090F960DEF712A6AE9DC] - [10/06/2016 20:37:48] - |A| - (. - .) - [3394] - (0.0.0.0) - C:\Windows\PFRO.log [14/07/2009 05:20:10] - |D| - [1132015] - C:\Windows\PLA [14/07/2009 05:20:10] - |D| - [8346154] - C:\Windows\PolicyDefinitions [09/05/2014 08:42:37] - |D| - [43289356] - C:\Windows\Prefetch [MD5.A283E768FA12EF33087F07B01F82D6DD] - [01/05/2014 07:04:13] - |A| - (.Copyright © 2001-2009 Mark Russinovich - PsExec Service.) - [181064] - (1.96.0.0) - C:\Windows\PSEXESVC.EXE [19/02/2011 06:45:29] - |D| - [107888] - C:\Windows\pt-PT [MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\registration [14/07/2009 05:20:10] - |D| - [5856259] - C:\Windows\rescache [14/07/2009 05:20:10] - |D| - [1674534] - C:\Windows\Resources [MD5.12D992C04EE8278FDEBFEFB8B261DAAA] - [10/06/2011 01:29:19] - |A| - (.Copyright (C) 2011 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1284712] - (1.0.2.7) - C:\Windows\RtlExUpd.dll [13/04/2011 04:44:17] - |D| - [106864] - C:\Windows\ru [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache [14/07/2009 05:20:10] - |D| - [58021] - C:\Windows\schemas [14/07/2009 05:20:10] - |D| - [1056768] - C:\Windows\security [14/07/2009 06:45:47] - |D| - [81616049] - C:\Windows\ServiceProfiles [14/07/2009 05:20:10] - |D| - [156454399] - C:\Windows\servicing [14/07/2009 06:45:50] - |D| - [15187] - C:\Windows\Setup [MD5.4707A7A0E16E9F70CAADE0CDCD178184] - [10/06/2016 20:37:51] - |A| - (. - .) - [5024] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/06/2016 20:37:52] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [14/07/2009 09:45:02] - |D| - [4544] - C:\Windows\ShellNew [03/05/2014 08:28:38] - |D| - [4074491921] - C:\Windows\SoftwareDistribution [14/07/2009 05:20:10] - |D| - [70579144] - C:\Windows\Speech [MD5.127AA81343A7C6F665C22CB1293B0A90] - [28/03/2014 20:28:22] - |A| - (.© Microsoft Corporation. All rights reserved. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\Windows\splwow64.exe [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - |A| - (. - .) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (. - .) - [219] - (0.0.0.0) - C:\Windows\system.ini [14/07/2009 05:20:10] - |D| - [33970057161] - C:\Windows\System32 [14/07/2009 05:20:14] - |D| - [1464035396] - C:\Windows\SysWOW64 [14/07/2009 05:20:14] - |D| - [15] - C:\Windows\TAPI [14/07/2009 05:20:14] - |D| - [68410] - C:\Windows\Tasks [14/07/2009 05:20:14] - |D| - [11115026] - C:\Windows\Temp [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (. - Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 07:32:38] - |D| - [6144] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [18/02/2011 21:49:55] - |A| - (. - Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.CA2A8AF1DBAD0F31F9B33A2827DFBC16] - [01/05/2014 07:01:31] - |A| - (. - .) - [207] - (0.0.0.0) - C:\Windows\tweaking.com-regbackup-MAXIME-PC-Microsoft-Windows 7-Édition-Familiale-Premium-(64-bit).dat [MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (. - Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (. - Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss [14/07/2009 05:20:14] - |D| - [40681427] - C:\Windows\Web [MD5.5C9B5B6205DC676F0BF104E06EADF549] - [14/07/2009 04:34:57] - |A| - (. - .) - [541] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - |RAH| - (. - .) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.56A00587474F022AFEA6FE8BE6D4D9A4] - [10/06/2011 01:19:37] - |A| - (. - .) - [1832142] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [MD5.76E814B32F89CDE1D6ACD79E5B39AFA2] - [24/03/2014 22:35:45] - |A| - (. - .) - [11809] - (0.0.0.0) - C:\Windows\wininit.ini [14/07/2009 05:20:14] - |D| - [18010388645] - C:\Windows\winsxs [MD5.74908820C298AD4768EFA5E27AC4FC20] - [10/11/2010 11:28:46] - |A| - (.© 2010 Microsoft Corporation. Tous droits réservés. - Écran de veille photos Windows Live.) - [301936] - (15.4.3508.1109) - C:\Windows\WLXPGSS.SCR [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - |A| - (. - .) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - |A| - (.© Microsoft Corporation. All rights reserved. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe [MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [13/04/2011 04:42:56] - |A| - (. - .) - [20] - (0.0.0.0) - C:\Windows\Xú— [19/02/2011 06:51:02] - |D| - [104816] - C:\Windows\zh-TW ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted)